Home News Guide Hardware Download Forum Glossario

Condividi:        

Log da Gmer per il virus misterioso

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Topic bloccato

Log da Gmer per il virus misterioso

Postdi kental » 15/08/06 15:56

Ciao Luke57, ho eseguito le indicazioni che mi hai dato! Con Hijack mi sono apparsi 2 messaggi di errore:
1) Quando ho cercato di eliminare D:\Programmi\avp.exe. da open process manager di Hijack mi diceva che il processo era già stato chiuso oppure era protetto. Nessun problema invece a killare Updater.exe
2) Error #5- chiamata di routine o argomento non valido relativamente a "nul.iss" quando ho fixato i processi dopo lo Scan di Hijack .

Ho controllato nel pannello di controllo e infatti c'è Linkoptimizer...come mi hai suggerito per ora non ho provato a eliminarlo!

Ecco il log di Gmer_Rootkit:

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-15 16:40:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]

---- Devices - GMER 1.0.10 ----

Device \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F9F9E85A] avgtdi.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F9F9E85A] avgtdi.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F9F9E85A] avgtdi.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F9F9E85A] avgtdi.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_SHUTDOWN [F9F9E85A] avgtdi.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{1D954ECC-3B58-4F2E-8EFF-167B454AD2C6}
File D:\System Volume Information\_restore{3D89E505-7CAD-4AF0-98B0-1E00EBF956D2}
File D:\System Volume Information\_restore{7449ADDA-284F-4B37-8AFE-1A9B18A4FA2A}
File D:\System Volume Information\_restore{AA286F65-2E3D-434F-A73E-71F669B3CB17}

---- EOF - GMER 1.0.10 ----

E il log di Gmer_Autostart

GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-08-15 16:41:19
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon@DLLName = C:\WINDOWS\system32\klogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Avg7Alrt /*AVG7 Alert Manager Server*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Avg7UpdSvc /*AVG7 Update Service*/@ = C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
AVP /*Kaspersky Anti-Virus 6.0*/@ = D:\Programmi\avp.exe -r
C-DillaCdaC11BA /*C-DillaCdaC11BA*/@ = C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C-DillaSrv /*C-DillaSrv*/@ = C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
ewido anti-spyware 4.0 guard /*ewido anti-spyware 4.0 guard*/@ = C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\guard.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SDhelper /*PC Tools Spyware Doctor*/@ = D:\Programmi\Spyware Doctor\sdhelp.exe
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SiSUSBRGC:\WINDOWS\SiSUSBrg.exe = C:\WINDOWS\SiSUSBrg.exe
@CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd = RunDll32 cmicnfg.cpl,CMICtrlWnd
@PinnacleDriverCheckC:\WINDOWS\system32\PSDrvCheck.exe = C:\WINDOWS\system32\PSDrvCheck.exe
@HPDJ Taskbar UtilityC:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe = C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@SunJavaUpdateSchedC:\Programmi\Java\jre1.5.0_03\bin\jusched.exe = C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
@QuickTime Task"C:\Programmi\QuickTime\qttask.exe" -atboottime = "C:\Programmi\QuickTime\qttask.exe" -atboottime
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@DSLSTATEXEC:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon = C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
@DSLAGENTEXEdslagent.exe USB = dslagent.exe USB
@CnxTrApprundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB" = rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
@BlubsterD:\Programmi\Blubster\Blubster.exe SILENT /*file not found*/ = D:\Programmi\Blubster\Blubster.exe SILENT /*file not found*/
@ /*file not found*/ = /*file not found*/
@kav"D:\Programmi\avp.exe" = "D:\Programmi\avp.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@IW_Drop_IconD:\Programmi\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc = D:\Programmi\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
@BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" = "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
@InstantTrayC:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe = C:\Programmi\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe
@MSMSGS"C:\Programmi\Messenger\msmsgs.exe" /background = "C:\Programmi\Messenger\msmsgs.exe" /background
@Skype"C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized /*file not found*/ = "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized /*file not found*/
@Spyware Doctor /*file not found*/ = /*file not found*/

HKLM\Software\Classes\.scr@ = C:\WINDOWS\NOTEPAD.EXE "%1"

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/D:\programmi\Office10\OLKFSTUB.DLL = D:\programmi\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/D:\programmi\Office10\msohev.dll = D:\programmi\Office10\msohev.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealOne Player\rpshell.dll = C:\Programmi\Real\RealOne Player\rpshell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG7 Shell Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG7 Find Extension*/C:\Programmi\Grisoft\AVG Free\avgse.dll = C:\Programmi\Grisoft\AVG Free\avgse.dll
@{F5D92341-0A64-11D0-9956-0000E8096023} /*CD Copy Shell Extension*/C:\WINDOWS\system32\Shellext\CDWshext.dll = C:\WINDOWS\system32\Shellext\CDWshext.dll
@{F5D92342-0A64-11D0-9956-0000E8096023} /*CD Wizard Shell Extension*/C:\WINDOWS\system32\Shellext\CDWshext.dll = C:\WINDOWS\system32\Shellext\CDWshext.dll
@{F5D92344-0A64-11D0-9956-0000E8096023} /*InstantWrite Shellextension*/C:\WINDOWS\system32\ShellExt\iwshex.dll = C:\WINDOWS\system32\ShellExt\iwshex.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\lib\NeroDigitalExt.dll
@{85E0B171-04FA-11D1-B7DA-00A0C90348D6} /*Web Anti-Virus*/D:\Programmi\scieplugin.dll = D:\Programmi\scieplugin.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\context.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
ewido anti-spyware@{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Documents and Settings\Alfa.ALFA1-301004\Documenti\ewido anti-spyware 4.0\context.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG Shell Extension@{1E2CDF40-419B-11D2-A5A1-002018648BA7} =
AVG7 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Programmi\Grisoft\AVG Free\avgse.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = D:\Programmi\shellex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Programmi\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Plugins\Extension\.pdf@Location = C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redi ... ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Local PageC:\WINDOWS\SYSTEM32\blank.htm = C:\WINDOWS\SYSTEM32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/html@CLSID = /*file not found*/

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Alfa.ALFA1-301004\Menu Avvio\Programmi\Esecuzione automatica >>>
LyricsAMP Auto-Update!.lnk = LyricsAMP Auto-Update!.lnk
Reboot.exe = Reboot.exe

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Alice ti aiuta.lnk = Alice ti aiuta.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.10 ----


Grazie ancora per l'aiuto e Buon Ferragosto!
kental
Utente Junior
 
Post: 12
Iscritto il: 14/08/06 22:39
Top
Sponsor
 

Postdi Luke57 » 15/08/06 16:39

Ciao, grazie per l'augurio ;)
Un consiglio: continua nel solito post la discussione altrimenti non è facile tirare le fila

A parte questo, sembrerebbe che non ci siano grosse infiltrazioni.

Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

con questo programmino potrai disistallare LinkOptimizer.
Apri il programma (click su myuninst.exe, attendi che vengono elencate le applicazioni presenti, evidenzi Linkoptimizer, click con il dx e scegli Delected)

2) Da start>esegui>control userpassword2>OK
nella finestra Account Utente, verifica le utenze (Administrators, Utente, Aspnet sono regolari), se la trovi una con nome casuale, tipo XPGZQ e via dicendo fallo sapre; in caso affermativo elimina l’utenza aggiunta.

3) Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema (consigliato)
Premi OK
Se hai trovato l’utenza malefica
Vai nella cartella c:\Documents and settino e se trovi una cartella con lo stesso nome dell’utenza aggiunta, eliminala

4) In C:\programmi o C:\Programmi\file comuni\system verifica che non ci siano file .exe di colore verde (vuol dire che sono crittografati). Se ci sono fammelo sapere.

5) Svuota la cartella windows\temp

6) Scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare
D:\Programmi\avp.exe
e clicchi sulla crocetta rossa (il computer si riavvierà).

Con hiajckthis, fissa poi questa voce:
O4 - HKLM\..\Run: [kav] "D:\Programmi\avp.exe”

Facci sapere i responsi, riposta un nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi andorra24 » 15/08/06 16:42

Ragazzi continuate nel primo topic aperto da kental:
http://www.pc-facile.com/forum/viewtopi ... 455501226e

Questo topic lo chiudo. ;)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo
Top
Topic bloccato

Torna a Sicurezza e Privacy


Topic correlati a "Log da Gmer per il virus misterioso":

virus spagnolo nel router??
Autore: anm2004 		Forum: Sicurezza e Privacy
Risposte: 1
problema virus allo smart phone
Autore: terrybella 		Forum: Sicurezza e Privacy
Risposte: 8
Virus posta elettronica
Autore: libeccio20 		Forum: Sicurezza e Privacy
Risposte: 5
Problema tasto destro mouse, virus?
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 1
virus ? spam? o cosa
Autore: loyvaught 		Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 70 ospiti