Esegui Vi allego il file della scansione
Vi ringrazio anticipatamente
Saluti
Gianni
-
- Annuncio Pubblicitario
virus bagle problema script x avenger
20 messaggi
• Pagina 1 di 1
virus bagle problema script x avenger
da Gianni78 » mar feb 19, 2008 10:36 am
Vi allego il file della scansione
Vi ringrazio anticipatamente
Saluti
Gianni
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da crazy.cat » mar feb 19, 2008 11:02 am
112 ore, ma non facevi prima a formattare tutto?
Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330
Scarica Avenger http://www.MegaLab.it/forum/viewtopic.p ... 172#325172
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.
Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
Disattiva il ripristino della configurazione su tutti i dischi poi riavvia il pc
http://www.MegaLab.it/2330
Scarica Avenger http://www.MegaLab.it/forum/viewtopic.p ... 172#325172
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il pallino su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nel box bianco che si è aperto:
- Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\trusted.exe
C:\WINDOWS\system32\drivers\pci32.sys
C:\windows\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\mdelk.exe
C:\copy.exe
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temp\wz983d\Password Keeper 1.0.exe
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_1[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[2].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_31[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[2].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_2[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_1[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_2[1].jpg
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[1].jpg
C:\host.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\temp1.exe
C:\WINDOWS\system32\temp2.exe
C:\WINDOWS\xcopy.exe
D:\copy.exe
D:\host.exe
folders to delete:
c:\WINDOWS\system32\drivers\down
registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà e prova a reinstallare subito l'antivirus e cancella la cartella c:\avenger.
Dovrai, quasi sicuramente, riscaricare i file d'installazione dei programmi di sicurezza perché danneggiati dal virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
Problema script
da Gianni78 » mar feb 19, 2008 1:03 pm
Ciao, grazie per avermi risposto, ho fatto tutto come mi hai indicato, però dopo che si è riavviato mi è comparsa la scritta impossibile trovare il file C:\WINDOWS\svchost.exe. Dopo aver premuto OK la scritta impossibile caricare o eseguire il file C:\WINDOWS\svchost.exe. Poi mi è uscita la schermata di DOS e dopo un po' il messaggio Windows Disco non presente - Exception Processing Message c0000013 Parameters 75b1bf9c 4 75b1bf9c 75b1bf9c Sotto vi è scritto annulla - riprova - continua. Non sò che fare.
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da crazy.cat » mar feb 19, 2008 1:09 pm
Se gli dai continua o annulla il pc parte?
riesci a partire almeno in modalità provvisoria?
riesci a partire almeno in modalità provvisoria?
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da Gianni78 » mar feb 19, 2008 1:22 pm
Il pc si è avviato ed è comparso il seguente script:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xxeqmega
*******************
Script file located at: \??\C:\WINDOWS\system32\wbmxkbrn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\copy.exe deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temp\wz983d\Password Keeper 1.0.exe deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[1].jpg deleted successfully.
File C:\host.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\WINDOWS\svchost.exe deleted successfully.
File C:\WINDOWS\system32\temp1.exe deleted successfully.
File C:\WINDOWS\system32\temp2.exe deleted successfully.
File C:\WINDOWS\xcopy.exe deleted successfully.
File D:\copy.exe deleted successfully.
File D:\host.exe deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\xxeqmega
*******************
Script file located at: \??\C:\WINDOWS\system32\wbmxkbrn.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\drivers\srosa.sys deleted successfully.
File C:\WINDOWS\system32\wintems.exe deleted successfully.
File C:\WINDOWS\system32\trusted.exe not found!
Deletion of file C:\WINDOWS\system32\trusted.exe failed!
Could not process line:
C:\WINDOWS\system32\trusted.exe
Status: 0xc0000034
File C:\WINDOWS\system32\drivers\pci32.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\pci32.sys failed!
Could not process line:
C:\WINDOWS\system32\drivers\pci32.sys
Status: 0xc0000034
File C:\windows\system32\drivers\hldrrr.exe deleted successfully.
File C:\WINDOWS\system32\mdelk.exe deleted successfully.
File C:\copy.exe deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temp\wz983d\Password Keeper 1.0.exe deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[2].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[2].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_1[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_2[1].jpg deleted successfully.
File C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[1].jpg deleted successfully.
File C:\host.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\WINDOWS\svchost.exe deleted successfully.
File C:\WINDOWS\system32\temp1.exe deleted successfully.
File C:\WINDOWS\system32\temp2.exe deleted successfully.
File C:\WINDOWS\xcopy.exe deleted successfully.
File D:\copy.exe deleted successfully.
File D:\host.exe deleted successfully.
Folder c:\WINDOWS\system32\drivers\down deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Services\srosa deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da crazy.cat » mar feb 19, 2008 1:25 pm
Hai reinstallato l'antivirus?
Puoi fare una scansione con hijackthis e farci vedere il log?
http://www.MegaLab.it/2286
Puoi fare una scansione con hijackthis e farci vedere il log?
http://www.MegaLab.it/2286
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da Gianni78 » mar feb 19, 2008 1:47 pm
Ora ho installato l'antivirus Antivir PE, è partito con l'update ma non riesce ad eseguirlo. Ora provo a scaricare quello che mi hai indicato tu.
Penso ci sia ancora qualcosa che non và.
Penso ci sia ancora qualcosa che non và.
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da Gianni78 » mar feb 19, 2008 2:44 pm
Ho eseguito la scnsione con hijackthis, il log è il seguente:
Logfile of HijackThis v1.99.1
Scan saved at 14.42.31, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MSTMON_N.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\PowerStarter\PowerBar.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\PC PLOTTER\Desktop\HijackThis.exe
C:\Programmi\Java\jre1.6.0_02\bin\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dei_build
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp\~DPD1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: XBTP01621 Class - {9EDB89EF-E4BC-4c70-B102-8F7A4365EE33} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022108 serial=DR12WES-3007622-EUW lang=IT
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Storm2Set] C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Programmi\CyberLink\PowerStarter\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://212.162.68.228/rainet02/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/pl ... OPCORE.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C65425-9286-4A11-A06D-FD563A718873}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Ci risentiamo più tardi.
Logfile of HijackThis v1.99.1
Scan saved at 14.42.31, on 19/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\netdde.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\MSTMON_N.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\CyberLink\PowerStarter\PowerBar.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\HP\Digital Imaging\bin\hpqimzone.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\slrundll.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\PC PLOTTER\Desktop\HijackThis.exe
C:\Programmi\Java\jre1.6.0_02\bin\jucheck.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = dei_build
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programmi\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_48.dll (file missing)
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp\~DPD1.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: XBTP01621 Class - {9EDB89EF-E4BC-4c70-B102-8F7A4365EE33} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll (file missing)
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Programmi\iMesh applications\iMesh MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=022108 serial=DR12WES-3007622-EUW lang=IT
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\wianmpa.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Storm2Set] C:\WINDOWS\system32\rundll32.exe "C:\PROGRA~1\StormII\StormSet.dll",CheckEnv
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [KONICA MINOLTA PagePro 1300WStatusDisplay] C:\WINDOWS\system32\MSTMON_N.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Programmi\CyberLink\PowerStarter\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Programmi\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Startup: Ritaglio schermata e avvio di OneNote 2007.lnk = C:\Programmi\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {029FDBA6-3547-11D7-AA4C-0050BF051A00} (Rawflow ICD Client) - http://212.162.68.228/rainet02/Rawflow.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/share ... insctl.cab
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} (SopCore Control) - http://www.coolstreaming.us/consolle/pl ... OPCORE.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/share ... cgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2C65425-9286-4A11-A06D-FD563A718873}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
Ci risentiamo più tardi.
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da ste_95 » mar feb 19, 2008 3:05 pm
Seleziona queste voci e premi fix checked:
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp\~DPD1.dll
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il flag su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp\~DPD1.dll
O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
Scarica Avenger
Estrailo in una cartella a tua scelta
Esegui il file avenger.exe con la figura di una spada
Metti il flag su input script manually
Quindi scegli la lente e cliccaci
Ora incolla queste righe nella box bianca che si è aperta:
- Codice: Seleziona tutto
Files to delete:
C:\WINDOWS\svchost.exe
Folders to delete:
C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp
Adesso devi cliccare su Done in basso nella box
Seleziona il semaforino in alto a destra
Rispondi di Si alle due richieste di Avenger
Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente
Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
da crazy.cat » mar feb 19, 2008 4:45 pm
Strano che siano richiamati due ctfmon.exe e ancora più strana la definizione in rosso del secondo.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
Giusto per sicurezza fai analizzare il file sul sito www.virustotal.com e vedi cosa ne esce.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
Giusto per sicurezza fai analizzare il file sul sito www.virustotal.com e vedi cosa ne esce.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da Gianni78 » mar feb 19, 2008 5:58 pm
Ecco il contenuto del nuovo blocco note dopo aver nuovamente utlilizzato avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vcpgsdcw
*******************
Script file located at: \??\C:\Documents and Settings\eglhijlo.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\svchost.exe deleted successfully.
Folder C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp deleted successfully.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vcpgsdcw
*******************
Script file located at: \??\C:\Documents and Settings\eglhijlo.txt
Script file not found! Error
Could not open script file! Status: 0xc0000034 Abort!
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vcpgsdcw
*******************
Script file located at: \??\C:\Documents and Settings\eglhijlo.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\svchost.exe deleted successfully.
Folder C:\DOCUME~1\PCPLOT~1\IMPOST~1\Temp deleted successfully.
Completed script processing.
*******************
Finished! Terminate.//////////////////////////////////////////
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vcpgsdcw
*******************
Script file located at: \??\C:\Documents and Settings\eglhijlo.txt
Script file not found! Error
Could not open script file! Status: 0xc0000034 Abort!
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da Gianni78 » mar feb 19, 2008 8:03 pm
Il computer và già meglio e vi ringrazio ora ho eseguito una scansione con Antivir con il seguente risultato.
Resto in attesa di un Vs risposta in merito.
Saluti
AntiVir PersonalEdition Classic
Report file date: martedì 19 febbraio 2008 18:10
Scanning for 1117323 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: PC PLOTTER
Computer name: PUBBLISYSTEM
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:06:31
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:06:31
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 17:06:31
ANTIVIR3.VDF : 7.0.2.162 292864 Bytes 19/02/2008 17:06:31
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 19/02/2008 17:06:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/02/2008 17:06:32
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: martedì 19 febbraio 2008 18:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'slrundll.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'PowerBar.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'MSTMON_N.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOME.exe' - '1' Module(s) have been scanned
Scan process 'gnotify.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'netdde.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'L:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'K:\'
[NOTE] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\' <XP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_1[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[1].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[4].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[5].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[3].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[4].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[5].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_1[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[3].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[4].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[5].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[1].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_31[1].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\WINDOWS\xcopy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
Begin scan in 'D:\'
D:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
D:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was deleted!
Begin scan in 'L:\' <DATA>
L:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
L:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Periferica non pronta.
Begin scan in 'G:\'
Search path G:\ could not be opened!
Periferica non pronta.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Periferica non pronta.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Periferica non pronta.
Begin scan in 'K:\'
Search path K:\ could not be opened!
Periferica non pronta.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Periferica non pronta.
End of the scan: martedì 19 febbraio 2008 19:41
Used time: 1:31:28 min
The scan has been done completely.
10420 Scanning directories
432185 Files were scanned
27 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
27 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
432158 Files not concerned
10907 Archives were scanned
2 Warnings
4 Notes
Resto in attesa di un Vs risposta in merito.
Saluti
AntiVir PersonalEdition Classic
Report file date: martedì 19 febbraio 2008 18:10
Scanning for 1117323 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: PC PLOTTER
Computer name: PUBBLISYSTEM
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 17:06:31
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 17:06:31
ANTIVIR2.VDF : 7.0.2.113 1673728 Bytes 08/02/2008 17:06:31
ANTIVIR3.VDF : 7.0.2.162 292864 Bytes 19/02/2008 17:06:31
AVEWIN32.DLL : 7.6.0.67 3293696 Bytes 19/02/2008 17:06:32
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 19/02/2008 17:06:32
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\programmi\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: martedì 19 febbraio 2008 18:10
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'slrundll.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned
Scan process 'PowerBar.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'DAP.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb12.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'MSTMON_N.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'TomTomHOME.exe' - '1' Module(s) have been scanned
Scan process 'gnotify.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'tcpsvcs.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'mscorsvw.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'netdde.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
63 processes with 63 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'L:\'
[NOTE] No virus was found!
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[NOTE] In the drive 'I:\' no data medium is inserted!
Boot sector 'K:\'
[NOTE] In the drive 'K:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '69' files ).
Starting the file scan:
Begin scan in 'C:\' <XP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_1[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[1].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_2[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\2XAT61KR\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[4].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_1[5].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[3].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[4].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\OJKLY56J\b64_31[5].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_1[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[2].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[3].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[4].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\QT8BMN6Z\b64_31[5].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[1].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[2].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_2[3].jpg
[DETECTION] Contains detection pattern of the worm WORM/Bagle.Gen
[INFO] The file was deleted!
C:\Documents and Settings\PC PLOTTER\Impostazioni locali\Temporary Internet Files\Content.IE5\WT6PY7OJ\b64_31[1].jpg
[DETECTION] Is the Trojan horse TR/Bagle.Gen.B
[INFO] The file was deleted!
C:\WINDOWS\xcopy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
Begin scan in 'D:\'
D:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
D:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was deleted!
Begin scan in 'L:\' <DATA>
L:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
L:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
[INFO] The file was deleted!
Begin scan in 'A:\'
Search path A:\ could not be opened!
Periferica non pronta.
Begin scan in 'G:\'
Search path G:\ could not be opened!
Periferica non pronta.
Begin scan in 'H:\'
Search path H:\ could not be opened!
Periferica non pronta.
Begin scan in 'I:\'
Search path I:\ could not be opened!
Periferica non pronta.
Begin scan in 'K:\'
Search path K:\ could not be opened!
Periferica non pronta.
Begin scan in 'E:\'
Search path E:\ could not be opened!
Periferica non pronta.
End of the scan: martedì 19 febbraio 2008 19:41
Used time: 1:31:28 min
The scan has been done completely.
10420 Scanning directories
432185 Files were scanned
27 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
27 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
432158 Files not concerned
10907 Archives were scanned
2 Warnings
4 Notes
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da ste_95 » mar feb 19, 2008 8:54 pm
C'erano anche dei rimasugli di bagle.
Esegui l'operazione.
PS. Nel caso in cui i file:
Si ripresentino, cortesemente comprimili e inoltrali a questo indirizzo. Grazie.
Strano che siano richiamati due ctfmon.exe e ancora più strana la definizione in rosso del secondo.
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Power2GoExpress] C:\WINDOWS\system32\ctfmon.exe
Giusto per sicurezza fai analizzare il file sul sito www.virustotal.com e vedi cosa ne esce.
Esegui l'operazione.
PS. Nel caso in cui i file:
- Codice: Seleziona tutto
D:\copy.exe
[DETECTION] Contains detection pattern of the Windows virus W32/Perlovga.A.1
[INFO] The file was deleted!
D:\host.exe
[DETECTION] Is the Trojan horse TR/Drop.Small.apl
Si ripresentino, cortesemente comprimili e inoltrali a questo indirizzo. Grazie.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
da Gianni78 » mer feb 20, 2008 11:41 am
Ciao, ho fatto la scansione di quel file con virtualvirus, ma non ha trovato alcun virus. Come detto il pc và meglio ma ogni tanto o non funziona internet o si blocca oppure si riavvia da solo. c'è sicuramente qualcosa ancora da sistemare.
Resto in attesa di Vs suggerimenti.
Saluti
Resto in attesa di Vs suggerimenti.
Saluti
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da ste_95 » mer feb 20, 2008 2:32 pm
Scarica GMER, poi segui i seguenti passaggi:
--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.
--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.
--- 1° passaggio ---
Avviamo gmer
clicchiamo su > > >
Clicchiamo su Autostart
mettiamo il segno di spunta a Show All
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.
--- 2° passaggio ---
Sempre nel programma appena scaricato (gmer),
clicchiamo su Rootkit
clicchiamo su Scan
al termine della scansione, clicchiamo su Copy
Apriamo il blocco note e premiamo CTRL+V (oppure clicchiamo su Modifica e poi su Incolla).
Salviamo il file e carichiamolo su FreeFileHosting
Postiamo qui il link che ci viene assegnato.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
da Gianni78 » mer feb 20, 2008 7:08 pm
Ciao ho eseguito i due passaggi indicati i link sono i seguenti:
Link 1° passaggio:
http://www.freefilehosting.net/download/3caef
<a href="http://www.freefilehosting.net/files/3caef">gmer pas 1.txt</a>
[url="http://www.freefilehosting.net/files/3caef"]gmer pas 1.txt[/url]
Link 2° passaggio:
http://www.freefilehosting.net/download/3caei
<a href="http://www.freefilehosting.net/files/3caei">gmer pas 2.txt</a>
[url="http://www.freefilehosting.net/files/3caei"]gmer pas 2.txt[/url]
Resto in attesa di tue comunicazioni
Saluti
Link 1° passaggio:
http://www.freefilehosting.net/download/3caef
<a href="http://www.freefilehosting.net/files/3caef">gmer pas 1.txt</a>
[url="http://www.freefilehosting.net/files/3caef"]gmer pas 1.txt[/url]
Link 2° passaggio:
http://www.freefilehosting.net/download/3caei
<a href="http://www.freefilehosting.net/files/3caei">gmer pas 2.txt</a>
[url="http://www.freefilehosting.net/files/3caei"]gmer pas 2.txt[/url]
Resto in attesa di tue comunicazioni
Saluti
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da Gianni78 » gio feb 21, 2008 10:44 am
Quindi deduco che il problema è risolto, anche perché per ora i problemi di riavvio o blocco del pc non li stò avendo più, solo quando scarico le e-mail non riesco a salvare gli allegati e si blocca il programma.
Comunque il problema del virus bagle è risolto. Grazie del grosso aiuto che mi avete dato.
Saluti
Comunque il problema del virus bagle è risolto. Grazie del grosso aiuto che mi avete dato.
Saluti
Gianni
-
Gianni78 - Aficionado
- Messaggi: 51
- Iscritto il: mer feb 13, 2008 7:02 pm
da ste_95 » gio feb 21, 2008 1:17 pm
Ripristina anche la modalità provvisoria utilizzando questo file.
«A volte è meglio tacere e sembrare stupidi che aprir bocca e togliere ogni dubbio.» Oscar Wilde
-
ste_95 - Membro Ufficiale (Gold)
- Messaggi: 17271
- Iscritto il: lun ago 06, 2007 11:19 am
20 messaggi
• Pagina 1 di 1
Chi c’è in linea
Visitano il forum: Nessuno e 3 ospiti
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising