|
| Precedente :: Successivo |
| Autore |
Messaggio |
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
 Inviato: 12 Apr 2007 16:45 Oggetto: Problema distallazione antivirus |
 |
|
Salve a tutti sono nuovo di questo forum, prima di cominciare faccio i complimenti per questi forum sono veramente fantastici. Io ho un problema nel mio pc spero mi potete aiutare, mi sono accorto che il mio antivirus non fuonziona bene come faceva prima, mi spiego mi sono accorto che l'icona dell'antivirus avg e diventata tutta bianca cliccando su mi dice collegamento mancante, visto ciò dopo tanti tentativi provo ad disistallare l'antivirus avg dopo il riavvio del pc provo di nuovo ad istallare l'antivirus e non mi fa finire l'istallazione, mi da un'errore, cmq a breve ho provato con una decina di antivirus e non me ne istalla uno. anche spyboot non mi funziona questo me lo istalla e l'icona e bianca e cliccando su mi dice anche lui collegamento mancate, io non so cosa fare devo formattare non so
mi potete aiutare |
|
| Top |
|
 |
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 12 Apr 2007 18:20 Oggetto: |
|
|
ciao marco.dinicola80 benvenuto! 
se vuoi presentarti anche agli altri utenti, fai un salto al Caffe!
il tuo problema potrebbe essere legato al virus Bagle.
Scarica Gmer e fai lo scan dal tab rootkit
posta qui il risultato |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 12 Apr 2007 19:57 Oggetto: |
|
|
ok scarico subito gmer e ti faccio leggere i risultati
grazie |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 12 Apr 2007 20:36 Oggetto: |
|
|
spero che quello che ho copiato sia giusto fammi sapere grazie per la vostra collaborazione
GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-12 20:35:04
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\drivers\klif.sys ZwClose
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwCreateFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateSection
SSDT \SystemRoot\System32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \SystemRoot\System32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \SystemRoot\System32\drivers\klif.sys ZwQueryInformationFile
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwQueryKey
SSDT \??\C:\Documents and Settings\Marco\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation
SSDT \SystemRoot\System32\drivers\klif.sys ZwResumeThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwSetInformationProcess
SSDT \SystemRoot\System32\drivers\klif.sys ZwSuspendThread
SSDT \SystemRoot\System32\drivers\klif.sys ZwTerminateProcess
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[284]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[285]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[286]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[287]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[288]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[289]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[290]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[291]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[292]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[293]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[294]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[295]
SSDT \SystemRoot\System32\drivers\klif.sys SSDT[296]
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP F151A310 \SystemRoot\System32\drivers\klif.sys
---- Processes - GMER 1.0.12 ----
Process C:\Documents and Settings\Marco\Dati applicazioni\hidires\hidr.exe (*** hidden *** ) 1856
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>00}qZ=`RaAFZQ{?{DArt?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e}GvMMOnH@hg(nYnu%p8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aPzKX=15Z?*VmZwfL?5??
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>]-2y_C5dWAq8t'Ahp=bS?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>IvR7u6?dq8g4^Yd4V1J6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>8P8fd9s@-?D*V},`V=T3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>xY=TG9CqU@W)~p?RO_w[?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C)z]OrW%R=wF2GW{Mgf2?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hWlcu7oG*9ybzp+^-VdU?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>_FJM`5byo=hcOs8jwB`u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>^'5*]IAel?w8MnWaY[Jf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>'.E-h@SP~=w?DXL*AL.m?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>=6xEmQ}b$?[kDPAt*+Mv?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?7w%[IH(QA(f_Nv)g1+u?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>6_Lp.YrKG=t~lt)yuC(b?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Av^oip*aw@nLUAKMX6tN?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>vQk-c(tl+9_q.YVyjkqq?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>R,YAg8Uzf?q9ZRNgCdW.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>nV30Foad^=4D0FLgllXd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>W**YR.kDv?kTe!evxZOf?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{?^lW%IQJ=DGh@&,glnR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@mscorlib,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>v~Yw+7RXK?*n7r]K90Xd?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>PCwF,UKRl=)zd@Q'%%3G?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>oaxX*et~F@1qEj-wm]ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\C:|WINDOWS|Microsoft.NET|Framework|v1.1.4322|mscorwks.dll@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>hXM40zsHQ9T~regpU=Bb?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>ZYT6Y}7@o?kE(HR+=APT?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>vC~AI=2_U=jP1y7`PgEK?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>dxy+{V6B(@+d{@(0_+AQ?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>.[PYtUR-d8WP[=+EL+1O?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>2Y]8C*W[d@g,InfZq=QO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>uqOdb3z0A9nOM3DNwRap?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" %EmAj?C%k9W7cNB_.[t[Redist_Package>w=KLXB[Xr=7Tk@&xP9mc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>HgVH13*D4=(W~'P?(s2v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>e64H(FT9aAe*?nR&Hqu&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>,.idGaf+a@p?-Q++qW2k?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NA^,LBxBWAO8^5,~v&8R?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>kgT}+.%vy?ikM)Pm%j(e?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>NLc&){D?)A$1sUX?25sO?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$v^BT?)o-=UTn*mAe$WC?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>5FJq?3gMD@zhYonAA7zP?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&n!BoCXqG=-dnT!D_K^F?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>lWHd$@tF]9]5,Sm%4[C+?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>Z4gl`yrv7=muBlQnQKLc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>aNAK!_!Eo=`)&1S{-9qF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>VM.bWln_GA'bH^9b4zy!?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>%$f[5O}U(A5g(F1lojgF?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>&E8MWjh%YAwnpr?O'Yi%?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>C*F%G*9^O@W5=%1gR^8-?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>SksH4=PK%=e-_b0RuAPa?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>fHeMP]gBr8xqs@n2Co?]?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>(GwSNVGT+@7fT)]}SlJ_?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>bbB7w3YPI?^u?S_0}W8T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>{e[a-{V).94C1..jDAj.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" %EmAj?C%k9W7cNB_.[t[Redist_Package>a+z?fXORD?MQ[Q9IU8rM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>)FaXaBH81?z8.(n5Ifk0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>?Apg'v4Ao8k8Bcl_)c@q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>LSv0fvZqn=B^x-K9?$ZH?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>E-9C,Ky_,=`o0ZsSt.K4?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>$AqI^d@FOAa}lhk6lCx6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>b(NwVxq^D9N$NykQh&F=?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" %EmAj?C%k9W7cNB_.[t[Redist_Package>f8hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.JScript.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>xt?_kV[TL=1YsIA}j8nR?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Microsoft.VisualBasic.resources,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="7.10.3052.4" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>{C}9ka0NP?[JXZ40*SN&?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Security.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>i5D~ev8`l@wdOrb7`v%t?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.EnterpriseServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>PfSXn7Q5f=EJFhAo+ACn?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@Regcode.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>$~`k].=7g(X*z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.DirectoryServices.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>b3f0=M]_v9qN2l.yX1$v?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.ServiceProcess.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>3]9ZToAs[9t@ug]6wx8f?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_lorO!11%@sD?*T9!ctc?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Services.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Jd75P~mpS?8gy(M-yt}6?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@SYSTEM.WINDOWS.FORMS.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>X?WW3GI9p@VZT0tdnz[0?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.XML.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>*PY+kd!_!9L@l~SNJb%Q?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Data.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>,`Zt6!6sAAkxzRXOLa]h?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Yh302W[px=t%@tz2lZq9?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>uwyWzXrpk?,o(App5E9T?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Messaging.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>+ly8{x[k}=1pW6*zLygW?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>_^&sneG7n?QA~-cZ=ADM?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorcfg.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>ti[ZWxsk9AarL!U)GOhV?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@mscorlib.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>W$ns(7iwC@&{o~)}MiTz?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Configuration.Install.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Ivc$vDYb[A%nW6x2Cuk3?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Drawing.Design.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>UKXVo05uH?$a7Mh0?lK8?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@system.management.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>DO3uPNA+L?xlR41=@so,?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Remoting.resources,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>[vDERFebj?Gv7JQlntpr?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Runtime.Serialization.Formatters.Soap.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>Cg?^mQr!L@a?sU.}rr2.?
Reg \Registry\MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global@System.Web.Mobile.resources,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="it",FileVersion="1.1.4322.573" *y`&wFVdi=-hSsrbZvu4Language_Pack_Redist_Package>G@hJ=QM?g(Z1z?VXB]2d?
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\ACDSee\8.0\ACDInTouch\IT\StaticPages\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\ACDSee\8.0\ACDInTouch\IT\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\ACDSee\8.0\ACDInTouch\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\ACDSee\8.0\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\ACDSee\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Dati applicazioni\ACD Systems\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\ACD Systems\ACDSee\8.0\LM\Pages\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\ACD Systems\ACDSee\8.0\LM\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\ACD Systems\ACDSee\8.0\LM\Products\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\ACD Systems\ACDSee\8.0\QuickStart\img\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\ACD Systems\ACDSee\8.0\QuickStart\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Documents and Settings\All Users\Menu Avvio\Programmi\ACD Systems\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Installer\{43CFC13C-C1A2-491B-BF10-4AED7A0CC3DD}\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\ 1
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ASP.NETClientFiles\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\Programmi\Internet Explorer\MUI\
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders@C:\WINDOWS\system32\MUI\0409\ |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 14 Apr 2007 11:14 Oggetto: |
|
|
Riavvia il pc in Modalità Provvisoria (quando ti fa il calcolo della memoria, ti segna gli hd collegati ecc premi continuamente F8 finchè non appare un menu, da lì scegli con le freccie la modalità).
| Citazione: | Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì). |
Cancella questa cartella C:\Documents and Settings\Marco\Dati applicazioni\hidires.
Dimmi poi come va. |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 14 Apr 2007 23:59 Oggetto: |
|
|
| ciao Smjert allora una cosa strana la modalità provvisoria non mi si avvia mi esce una schermata blu segnalandomi un errore poi ho tolto la spunta dove mi hai detto tu ma quella cartella non ci sta, adesso non so se si vede nella modalita provvisoria, non so cosa devo fare mi si aprono finestre di continuo antivirus non si istallano che faccio ? |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 15 Apr 2007 11:20 Oggetto: |
|
|
Prima di tutto riportarmi l'errore che ti da (ti dovrebbe dare una specie di codice).
Seconda cosa scarica Avenger e decomprimilo sul desktop.
Adesso avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte qui sotto:
| Citazione: | folders to delete:
C:\Documents and Settings\Marco\Dati applicazioni\hidires |
Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Posta il contenuto del log di avenger (C:\Avenger.txt)
Edit: fai girare anche questo tool che dovrebbe rimuoverti completamente il Bagle. |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 15 Apr 2007 21:18 Oggetto: |
|
|
ciao Smjert ecco questo e il log di avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qiobjsgr
*******************
Script file located at: \??\C:\Program Files\hsgtnoih.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Documents and Settings\Marco\Dati applicazioni\hidires deleted successfully.
Completed script processing.
*******************
Finished! Terminate. |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 15 Apr 2007 23:05 Oggetto: |
|
|
Bene!
La cartella l'ha rimossa.. hai fatto girare anche il tool?
Com'è andata? ti ha "detto" qualcosa? |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 16 Apr 2007 10:25 Oggetto: |
|
|
| il tool lo fatto girare ma non mi ha detto nulla di particolare adesso secondo te cosa devo fare provare ad istallare un'antivirus ? |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 16 Apr 2007 16:32 Oggetto: |
|
|
Forse c'è ancora qualche chiave di registro da rimuovere prima.
Scarica HijackThis, decomprimilo in una cartella tutta sua non temporanea (ad esempio mettilo in C:\HijackThis).
Avvialo e premi Do a system scan and save a log file, ti si aprirà una finestra di notepad con il risultato della scansione, copia e incolla qua il suo contenuto. |
|
| Top |
|
|
marco.dinicola80
Mortale devoto
Registrato: 12/04/07 16:34
Messaggi: 8
|
| Inviato: 16 Apr 2007 19:33 Oggetto: |
|
|
ciao Smjert ti allego il log. cmq ad essere sincero l'antivirus l'ho istallato ed andato tutto ok anche spyboot funziona adesso
Logfile of HijackThis v1.99.1
Scan saved at 19.30.52, on 16/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Programmi\Grisoft\AVG6\avgcc32.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Marco\Desktop\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\D-Link\DSL-200\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\D-Link\DSL-200\dslagent.exe
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\VIRUSfighter\Bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Antiy Auto Update] C:\Programmi\Antiy Labs\Alive\ALiveCenter.exe
O4 - HKLM\..\Run: [AGB5Monitor] C:\Programmi\Antiy Labs\AGuard\AGuard.exe /AutoRun
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Marco\Dati applicazioni\hidires\hidr.exe
O4 - HKCU\..\RunOnce: [AVGW] C:\PROGRA~1\Grisoft\AVG6\avgw.exe /RUNONCE
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1161000638247
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1175008081475
O17 - HKLM\System\CCS\Services\Tcpip\..\{D05D474E-D8A4-41F9-BF97-09E711D88DFE}: NameServer = 213.205.32.70 213.205.36.70
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winvaw32 - winvaw32.dll (file missing)
O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
cmq sei un genio grazie |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 16 Apr 2007 21:25 Oggetto: |
|
|
Riesegui HijackThis, clicca su "Do a system scan only" e seleziona le seguenti voci:
| marco.dinicola80 ha scritto: |
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [hldrrr] C:\WINDOWS\system32\hldrrr.exe
O4 - HKCU\..\Run: [drvsyskit] C:\Documents and Settings\Marco\Dati applicazioni\hidires\hidr.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O20 - Winlogon Notify: winvaw32 - winvaw32.dll (file missing)
|
Clicca sul bottone "Fix checked" |
|
| Top |
|
|
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 16 Apr 2007 21:54 Oggetto: |
 |
|
E sopratutto
| Citazione: | Apri una cartella qualunque, vai su
Strumenti->Opzioni Cartella->scheda Visualizzazione,
spunta la voce "Visualizza cartelle e file nascosti", togli la spunta a
"Nascondi file protetti di sistema" (digli di sì). |
Controlla che non ci siano (e se ci sono cancellali) questi file C:\WINDOWS\system32\Suchspur.dll, C:\WINDOWS\system32\hldrrr.exe
| Citazione: | Usa la ricerca di Windows e trova questo file: winvaw32.dll
(ricordati di attivare la ricerca nelle cartelle e nei file nascosti andando in "Altre opzioni avanzate" e spuntando la voce
"Cerca nei file e nelle cartelle nascosti"). |
Se lo trovi lo cancelli
Se qualche file non lo riesci a cancellare perchè dice che è in uso prova a cancellarlo dalla Modalità Provvisoria. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
