Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

ho problema di virus.penso di averne parecchi

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

ho problema di virus.penso di averne parecchi

Postdi polvy99 » 12/08/06 15:31

salve sono un nuovo utente del forum ho dei problemai con dei virus che nn vanno via..
cosa devo fare x prima cosa?
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Sponsor
 

Postdi Luke57 » 12/08/06 15:45

Ciao, se puoi navigare fai una scansion on line con bit defender:
http://www.bitdefender.com/scan8/ie.html

Se non risolvi, scarica hiajckthis 1.99.1 da qui:
http://www.pc-facile.com/HijackThis_s267/
scompatti il file.zip, metti hijackthis.exe in una cartella permanente appositamente dedicata, tipo C\HJT, nè temporanea nè desktop. Apri la cartella, click su hijackthis.exe, premi "do a system scan and save a logfile", attendi che venga elaborato un file di testo, selezioni tutto il contenuto, lo copi e lo incolli in un post nel forum.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ecco il risultato

Postdi polvy99 » 12/08/06 15:53

Logfile of HijackThis v1.99.1
Scan saved at 16.52.05, on 12/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\Temp\pmjs32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\F?nts\d?dplay.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\eDonkey2000\edonkey2000.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Emilio\IMPOST~1\Temp\Rar$EX01.768\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll (file missing)
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVAUTODELETE] "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [pmjs32.exe] C:\WINDOWS\Temp\pmjs32.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Lbnt] "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt ndrv
O4 - HKCU\..\Run: [Mrwylbj] C:\WINDOWS\system32\F?nts\d?dplay.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21CE4239-8F31-4832-BB00-9EEEE195A4EF}: NameServer = 194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1F6238-3104-4253-9193-32AD21943C48}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InN - Unknown owner - C:\Programmi\lQ.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\winvnc.exe" -service (file missing)

ECCO IL RISULTATO..ASPETTO NOTIZIE
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi Luke57 » 12/08/06 16:31

Ciao, ancora linkoptimizer, una pandemia.
Scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit"
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows clicca su modifica e seleziona incolla
Adesso seleziona tutto il contenuto del block notes e fai un copia e incolla nel forum

Allega anche il log fatto dalla posizione Autostart, con le stesse procedure del precedente.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi polvy99 » 13/08/06 16:04

scusa x il ritardoo
ti mando le cose che mi avevei chiesto
aspetto tue notizie grazie


GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-13 17:00:50
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.10 ----

Device \Driver\BTHUSB \Device\00000064 IRP_MJ_CREATE [F4419BB0] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_CLOSEIRP_MJ_READ [F4445990] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_INTERNAL_DEVICE_CONTROL [F4417F00] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_SHUTDOWN [F4418A70] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_CREATE_MAILSLOT [F4419920] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_SYSTEM_CONTROL [F4446EE0] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_DEVICE_CHANGE [F44477B0] bthport.sys
Device \Driver\BTHUSB \Device\00000064 IRP_MJ_PNP_POWER [F44463B0] bthport.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL [F781A266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN [F781A48E] AnyDVD.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE [F4419BB0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CLOSEIRP_MJ_READ [F4445990] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL [F4417F00] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SHUTDOWN [F4418A70] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE_MAILSLOT [F4419920] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SYSTEM_CONTROL [F4446EE0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_DEVICE_CHANGE [F44477B0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_PNP_POWER [F44463B0] bthport.sys

---- Processes - GMER 1.0.10 ----

Process dwwin.exe (*** hidden *** ) 2820 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{388D31C6-19B3-475B-B30C-3247ED8A0B21}
File C:\WINDOWS\byqcp1.dll
File C:\WINDOWS\byqcp1.upd
File C:\WINDOWS\com1.tlx

---- EOF - GMER 1.0.10 ----


GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-13 17:02:24
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINDOWS\com1.tlx

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
InN /*InN*/@ = "C:\Programmi\sNQC.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
winvnc /*VNC Server*/@ = "C:\Programmi\UltraVNC\winvnc.exe" -service /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SpeedTouch USB Diagnostics"C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
@AVAUTODELETE"C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/ = "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@WinVNC"C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/ = "C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@pmjs32.exeC:\WINDOWS\Temp\pmjs32.exe = C:\WINDOWS\Temp\pmjs32.exe
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@3COMC:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe = C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@Lbnt"C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt ndrv /*file not found*/ = "C:\WINDOWS\SCURIT~1\regsvr32.exe" -vt ndrv /*file not found*/
@MrwylbjC:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/ = C:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/
@AnyDVDC:\Programmi\SlySoft\AnyDVD\AnyDVD.exe = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
@{C0C4375A-5B72-4efe-929D-3B848C3A1E91} /*Message View*/C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\MessageView.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{184726FC-0A5F-1C4B-02D0-96C8A7EC9D84}C:\Programmi\LinkOptimizer\LinkOptimizer.dll /*file not found*/ = C:\Programmi\LinkOptimizer\LinkOptimizer.dll /*file not found*/
@{DA39029C-D291-A968-3FF4-D0990D5CB5FC}C:\Programmi\LinkOptimizer\LinkOptimizer.dll /*file not found*/ = C:\Programmi\LinkOptimizer\LinkOptimizer.dll /*file not found*/
@{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll = C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.virgilio.it/free = http://www.virgilio.it/free
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.virgilio.it/ = http://www.virgilio.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21CE4239-8F31-4832-BB00-9EEEE195A4EF} /*Connessione rete senza fili 2*/ >>>
@IPAddress192.168.1.17 = 192.168.1.17
@NameServer194.243.154.62 = 194.243.154.62
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi Luke57 » 13/08/06 17:55

Ciao, prova a fare questa procedura:


Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer se è sempre presente nel tuo computer (impossibile farlo da pannello di controllo, installazioni/applicazioni)
Apri il programmino (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected;

1)Start>esegui>control userpasswords2>OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);

2) Rendi visibili file e cartelle nascosti:

da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa;

Vai in C:\Programmi, elimina la cartella LinkOptimizer



4) scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{184726FC-0A5F-1C4B-02D0-96C8A7EC9D84}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{DA39029C-D291-A968-3FF4-D0990D5CB5FC}

Files to delete:
File C:\WINDOWS\byqcp1.dll
File C:\WINDOWS\byqcp1.upd
File C:\WINDOWS\com1.tlx
C:\Programmi\sNQC.exe
C:\WINDOWS\Temp\pmjs32.exe



Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Posta il log di Avenger (C:/avenger.txt) con l´esito dello script



con hijackthis, premi Open the misc tools section, poi clicca su Open Ads Spy e togli la spunta dalla casella Quick Scan, se trovi il file C:\WINDOWS\com1.tlx
lo selezioni e premi Remove Selected

Fai sapere di eventuali problemi e incongruenze.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi polvy99 » 14/08/06 10:01

caro amico luke
nn abbiamo saputo fare la dicitura
avenger... tu coisa intendi con aedvenger c/...etc?
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi polvy99 » 14/08/06 10:14

ecco credo che abbiamo risolto ..forse..
ti invio il log di avenger....
nn abbiamo trovato il file windows c/exe...



//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84}


Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 0
Line: {DA39029C-D291-A968-3FF4-D0990D5CB5FC}


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cluexlpf

*******************

Script file located at: \??\C:\tqqrhngi.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Registry key HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe not found!
Deletion of registry key HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe failed!

Could not process line:
HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe
Status: 0xc0000034



Could not open file File C:\WINDOWS\byqcp1.dll for deletion
Deletion of file File C:\WINDOWS\byqcp1.dll failed!

Could not process line:
File C:\WINDOWS\byqcp1.dll
Status: 0xc000003a



Could not open file File C:\WINDOWS\byqcp1.upd for deletion
Deletion of file File C:\WINDOWS\byqcp1.upd failed!

Could not process line:
File C:\WINDOWS\byqcp1.upd
Status: 0xc000003a



Could not open file File C:\WINDOWS\com1.tlx for deletion
Deletion of file File C:\WINDOWS\com1.tlx failed!

Could not process line:
File C:\WINDOWS\com1.tlx
Status: 0xc000003a

File C:\Programmi\sNQC.exe deleted successfully.
File C:\WINDOWS\Temp\pmjs32.exe deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects deleted successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi Luke57 » 14/08/06 11:15

Ciao, mi posti due nuovi log di GMer (rootkit e autostart) + uno di hiajckthis.
hai disistallato LinkOptimizer e cancellato l'utenza aggiunta dal malware?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

ecco quello che mi hai richiesto

Postdi polvy99 » 15/08/06 17:49

ecco quello che mi hai richiesto..
il fil opmiz nn l'ho trovato...nn era presente...
ciao e grazie ancora x il tuo prezioso aiuto


Logfile of HijackThis v1.99.1
Scan saved at 18.46.57, on 15/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Mixer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Winamp\winampa.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Temp\pmjs32.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\WNSXS~1\winspool.exe
C:\WINDOWS\system32\F?nts\d?dplay.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\Programmi\eDonkey2000\edonkey2000.exe
C:\Documents and Settings\Emilio\Documenti\MP3 DataBase\MP3DB.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\Emilio\Desktop\Nuova cartella\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: 205.238.40.2 http://www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3313.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3314.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3316.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3317.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3318.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVAUTODELETE] "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\UltraVNC\winvnc.exe" -servicehelper
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [pmjs32.exe] C:\WINDOWS\Temp\pmjs32.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [3COM] C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Lbnt] "C:\WINDOWS\WNSXS~1\winspool.exe" -vt ndrv
O4 - HKCU\..\Run: [Mrwylbj] C:\WINDOWS\system32\F?nts\d?dplay.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{21CE4239-8F31-4832-BB00-9EEEE195A4EF}: NameServer = 194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE1F6238-3104-4253-9193-32AD21943C48}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InN - Unknown owner - C:\Programmi\zTnaqo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\UltraVNC\winvnc.exe" -service (file missing)




GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-15 18:44:49
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
InN /*InN*/@ = "C:\Programmi\zTnaqo.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
winvnc /*VNC Server*/@ = "C:\Programmi\UltraVNC\winvnc.exe" -service /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SpeedTouch USB Diagnostics"C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
@AVAUTODELETE"C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/ = "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@WinVNC"C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/ = "C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@pmjs32.exeC:\WINDOWS\Temp\pmjs32.exe = C:\WINDOWS\Temp\pmjs32.exe
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@3COMC:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe = C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@Lbnt"C:\WINDOWS\WNSXS~1\winspool.exe" -vt ndrv /*file not found*/ = "C:\WINDOWS\WNSXS~1\winspool.exe" -vt ndrv /*file not found*/
@MrwylbjC:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/ = C:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/
@AnyDVDC:\Programmi\SlySoft\AnyDVD\AnyDVD.exe = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.virgilio.it/free = http://www.virgilio.it/free
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.virgilio.it/ = http://www.virgilio.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21CE4239-8F31-4832-BB00-9EEEE195A4EF} /*Connessione rete senza fili 2*/ >>>
@IPAddress192.168.1.17 = 192.168.1.17
@NameServer194.243.154.62 = 194.243.154.62
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----




GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-15 18:44:23
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.10 ----

Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CREATE [F4295BB0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CLOSEIRP_MJ_READ [F42C1990] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL [F4293F00] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_SHUTDOWN [F4294A70] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CREATE_MAILSLOT [F4295920] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_SYSTEM_CONTROL [F42C2EE0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_DEVICE_CHANGE [F42C37B0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_PNP_POWER [F42C23B0] bthport.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_INTERNAL_DEVICE_CONTROL [F77FA266] AnyDVD.sys
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 IRP_MJ_SHUTDOWN [F77FA48E] AnyDVD.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CREATE [F4295BB0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CLOSEIRP_MJ_READ [F42C1990] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL [F4293F00] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_SHUTDOWN [F4294A70] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CREATE_MAILSLOT [F4295920] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_SYSTEM_CONTROL [F42C2EE0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_DEVICE_CHANGE [F42C37B0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_PNP_POWER [F42C23B0] bthport.sys
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F326AC8A
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\system32\F (*** hidden *** ) @ C:\WINDOWS\system32\F?nts\d?dplay.exe [1980] 0x00400000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\System Volume Information\_restore{388D31C6-19B3-475B-B30C-3247ED8A0B21}

---- EOF - GMER 1.0.10 ----
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-15 18:44:49
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
AntiVirScheduler /*AntiVir Scheduler*/@ = C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
AntiVirService /*AntiVir PersonalEdition Classic Service*/@ = C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
InN /*InN*/@ = "C:\Programmi\zTnaqo.exe"
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
winvnc /*VNC Server*/@ = "C:\Programmi\UltraVNC\winvnc.exe" -service /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@C-Media MixerMixer.exe /startup = Mixer.exe /startup
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SpeedTouch USB Diagnostics"C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon = "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
@AVAUTODELETE"C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/ = "C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition classic\UPGRADE\upgrade.exe" /restart ? ? ??? u??|? ???| L? ? ??? ? ??? ???|p??|????m??|???| ? ??? ??? ???|??? L? ??? ? ?|??? ?G? ´ÿ /*file not found*/
@avgnt"C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min = "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
@WinVNC"C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/ = "C:\Programmi\UltraVNC\winvnc.exe" -servicehelper /*file not found*/
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@WinampAgentC:\Programmi\Winamp\winampa.exe = C:\Programmi\Winamp\winampa.exe
@pmjs32.exeC:\WINDOWS\Temp\pmjs32.exe = C:\WINDOWS\Temp\pmjs32.exe
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@3COMC:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe = C:\Programmi\3COM Technology Corporation\3COM Wireless USB Utility\Wlan.exe
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@Lbnt"C:\WINDOWS\WNSXS~1\winspool.exe" -vt ndrv /*file not found*/ = "C:\WINDOWS\WNSXS~1\winspool.exe" -vt ndrv /*file not found*/
@MrwylbjC:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/ = C:\WINDOWS\system32\F?nts\d?dplay.exe /*file not found*/
@AnyDVDC:\Programmi\SlySoft\AnyDVD\AnyDVD.exe = C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
@PcSyncC:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/ = C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\OFFICE11\msohev.dll = C:\Programmi\Microsoft Office\OFFICE11\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} /*Shell Extension for Malware scanning*/C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*PhoneBrowser*/C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\PhoneBrowser.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
Shell Extension for Malware scanning@{45AC2688-0253-4ED8-97DE-B5370FA7D48A} = C:\Programmi\AntiVir PersonalEdition Classic\shlext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.virgilio.it/free = http://www.virgilio.it/free
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.virgilio.it/ = http://www.virgilio.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Programmi\File comuni\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{21CE4239-8F31-4832-BB00-9EEEE195A4EF} /*Connessione rete senza fili 2*/ >>>
@IPAddress192.168.1.17 = 192.168.1.17
@NameServer194.243.154.62 = 194.243.154.62
@DefaultGateway192.168.1.1 = 192.168.1.1
@Domain =

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica = Avvio veloce di Adobe Reader.lnk

---- EOF - GMER 1.0.10 ----
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi Luke57 » 15/08/06 18:38

Ciao, con avenger copia e incolla questo script in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Mrwylbj

Files to delete:
C:\Programmi\zTnaqo.exe
C:\WINDOWS\Temp\pmjs32.exe
C:\WINDOWS\system32\F?nts\d?dplay.exe


Posta poi lo script.

Controlla in C:\programmi , dopo aver visualizzato file e cartelle nascosti (da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK)
se hai presenti altri file .exe colorati di verde

Inoltre con
start>esegui>control userpasswords2>OK, nella finestra Account Utente verifica che non vi sia un'utenza malefica con nome casuale, tipo XYZQ, accanto alle solite legittime (Administrators, Utente, Aspnet). Se sì eliminala con click destro del mouse.

In C:\Documents and settings, dovresti trovare, a questo punto, una cartella con il solito nome dell'utenza casuale. Elimina anch'essa.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

risposta

Postdi polvy99 » 15/08/06 20:21

nn ho trovato nulla di cui mi hai dettoo
che vuol dire
che il io pc sta bene...??????
poi hoi dei virus sul deskdop
li ho messi in una cartella....
nn riresco ad eliminarli....
sono dei file .exe--...
cosa posso fare?
grazie
polvy99
Newbie
 
Post: 7
Iscritto il: 12/08/06 15:24

Postdi Luke57 » 15/08/06 22:26

Ciao, ma la procedura suddetta con Avenger l'hai fatta?
te la ripeto:
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\InN HKLM\Software\Microsoft\Windows\CurrentVersion\Run\pmjs32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Mrwylbj

Files to delete:
C:\Programmi\zTnaqo.exe
C:\WINDOWS\Temp\pmjs32.exe
C:\WINDOWS\system32\F?nts\d?dplay.exe


Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Posta lo script generato da Avenger nel forum.


per quanto riguarda i file .exe , come si chiamano?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "ho problema di virus.penso di averne parecchi":

Problema Windows 10
Autore: asso1998
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti