Condividi:        

aiuto RIMOZIONE VIRTUMONDE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

aiuto RIMOZIONE VIRTUMONDE

Postdi argo82 » 13/03/08 18:38

ecco la scansione con H.T. vi chiedo un aiuto per eliminare virtumonde

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.33.25, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\MemoRex\MemoRex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {051DFCE4-A06F-4DBA-B4F6-27041E938380} - C:\WINDOWS\system32\vturp.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4C5EE58E-130A-4A76-80D6-C0CAE8577106} - C:\WINDOWS\system32\geeda.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {D85530E8-D39D-49D0-9F36-300D594556D2} - C:\WINDOWS\system32\rqrsqnk.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MemoREX] "C:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [BM47fb573c] Rundll32.exe "C:\WINDOWS\system32\lpjtgjkx.dll",s
O4 - HKLM\..\Run: [44c864a0] rundll32.exe "C:\WINDOWS\system32\fhxoqhno.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA5746] command /c del "C:\WINDOWS\system32\geeda.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC537] cmd /c del "C:\WINDOWS\system32\geeda.dll_old"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB9110] command /c del "C:\WINDOWS\system32\geeda.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4496] cmd /c del "C:\WINDOWS\system32\geeda.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/ ... 586-jc.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFE9298F-A6CF-4AAA-9844-62C88DF9F68D}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: rqrsqnk - C:\WINDOWS\SYSTEM32\rqrsqnk.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 7461 bytes
argo82
Utente Junior
 
Post: 52
Iscritto il: 11/12/06 01:27
Località: basilicata

Sponsor
 

Re: aiuto RIMOZIONE VIRTUMONDE

Postdi Luke57 » 13/03/08 19:34

Ciao, scarica questi 2 files sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
VundoFix
http://www.atribune.org/ccount/click.php?id=4

Disconettiti da internet
disattiva l'antivirus



Esegui vundofix
VundoFix si chiuderà e si riaprirà da solo, una volta riaperto, clicca sul pulsante "Scan for Vundo" quando la scansione è finita, clicca sul pulsante "Remove Vundo" a questo punto ti chiederà se vuoi eliminare i files, rispondi Yes una volta cliccato su Yes, non preoccuparti se il desktop scompare, è normale dato che è iniziata la procedura di eliminazione, finito la rimozione ti chiederà se vuoi riavviare, rispondi Yes e si riavvierà il pc.
E' possibile che vundofix non riesca ad eliminare alcuni files, in questo caso, vedrai vundofix apparire al riavvio basta che premi il pulsante Remove vundo per continuare la rimoazione.
Finito tutto, riavvia il pc

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se spariscono le icone dal desktop è normale, la scansione è puttosto lenta)
Segui le instruzioni e alla fine verrà generato un log.

Riavvia il pc, collegati e posta questi 2 logs (copiandoli e incollandoli in un post)
C:\vundofix.txt
C:\combofix.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: aiuto RIMOZIONE VIRTUMONDE

Postdi argo82 » 13/03/08 20:30

ecco i log:

ComboFix 08-03-10.1 - fabio 2008-03-13 20.15.29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.476 [GMT 1:00]
Eseguito da: C:\Documents and Settings\fabio\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM47fb573c.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adeeg.ini
C:\WINDOWS\system32\adeeg.ini2
C:\WINDOWS\system32\ddcyv.dll
C:\WINDOWS\system32\evdrpntj.dll
C:\WINDOWS\system32\jtnprdve.ini
C:\WINDOWS\system32\kfmfglmr.dll
C:\WINDOWS\system32\krusyvse.dll
C:\WINDOWS\system32\lpjtgjkx.dll
C:\WINDOWS\system32\prutv.ini
C:\WINDOWS\system32\prutv.ini2
C:\WINDOWS\system32\vycdd.ini
C:\WINDOWS\system32\vycdd.ini2
C:\WINDOWS\system32\yknqcnru.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-02-13 al 2008-03-13 )))))))))))))))))))))))))))))))))))
.

2008-03-13 17:58 . 2008-03-13 20:08 <DIR> d-------- C:\VundoFix Backups
2008-03-13 17:37 . 2008-03-13 17:37 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-03-13 17:37 . 2008-03-13 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-03-13 17:05 . 2008-03-13 19:18 1,346,502 ---hs---- C:\WINDOWS\system32\onhqoxhf.ini
2008-03-13 07:36 . 2008-03-13 17:33 147 --a------ C:\WINDOWS\wininit.ini
2008-03-05 19:37 . 2008-03-05 19:37 268 --ah----- C:\sqmdata07.sqm
2008-03-05 19:37 . 2008-03-05 19:37 244 --ah----- C:\sqmnoopt07.sqm
2008-02-20 22:51 . 2008-02-20 22:51 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-20 22:51 . 2008-02-20 22:51 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 22:04 . 2008-02-18 22:04 244 --ah----- C:\sqmnoopt06.sqm
2008-02-18 22:04 . 2008-02-18 22:04 232 --ah----- C:\sqmdata06.sqm
2008-02-14 00:32 . 2008-02-14 00:32 244 --ah----- C:\sqmnoopt05.sqm
2008-02-14 00:32 . 2008-02-14 00:32 232 --ah----- C:\sqmdata05.sqm
2008-02-13 19:57 . 2008-02-13 19:57 0 --ah----- C:\WINDOWS\msds.dat
2008-02-13 19:54 . 2008-02-13 19:56 <DIR> d-------- C:\Programmi\Finson Live Update
2008-02-13 19:54 . 2004-01-22 17:43 786,944 --a------ C:\WINDOWS\system32\FinsonRG.exe
2008-02-13 19:54 . 2004-05-20 18:00 80,384 --a------ C:\WINDOWS\system32\FinsonLU.dll
2008-02-13 19:54 . 2008-02-13 19:56 110 --a------ C:\WINDOWS\FinsonLiveUpdate.ini
2008-02-13 19:53 . 2008-02-13 19:57 <DIR> d-------- C:\Programmi\3D GIARDINI
2008-02-13 19:52 . 2000-10-02 00:00 122,128 --a------ C:\WINDOWS\system32\Vb6it.dll
2008-02-13 19:52 . 1999-06-02 23:00 101,888 --a------ C:\WINDOWS\system32\Vb6stkit.dll
2008-02-13 19:52 . 2008-02-13 19:57 973 --a------ C:\WINDOWS\FINSON.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 18:48 --------- d-----w C:\Documents and Settings\fabio\Dati applicazioni\Free Download Manager
2008-03-13 17:51 --------- d-----w C:\Programmi\Free Download Manager
2008-03-12 23:15 --------- d-----w C:\Documents and Settings\fabio\Dati applicazioni\LimeWire
2008-03-05 18:21 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-04 20:37 --------- d-----w C:\Programmi\Digisoft AntiDialer
2008-02-12 23:17 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-12 23:15 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-12 22:34 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-11 18:03 --------- d-----w C:\Programmi\Blender Foundation
2008-01-31 18:09 --------- d-----w C:\Programmi\MemoRex
2008-01-29 18:35 --------- d-----w C:\Programmi\WINDEasyConnect
2008-01-28 18:02 --------- d-----w C:\Documents and Settings\fabio\Dati applicazioni\WINDEasyConnect
2008-01-27 22:12 --------- d-----w C:\Programmi\MSN Messenger
2008-01-22 22:32 --------- d-----w C:\Programmi\Java
2008-01-15 23:29 --------- d-----w C:\Programmi\MSXML 4.0
2008-01-14 19:20 --------- d-----w C:\Programmi\Magellan
2007-12-30 13:12 24,192 ----a-w C:\Documents and Settings\fabio\usbsermptxp.sys
2007-12-30 13:12 22,768 ----a-w C:\Documents and Settings\fabio\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{051DFCE4-A06F-4DBA-B4F6-27041E938380}]
C:\WINDOWS\system32\vturp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C5EE58E-130A-4A76-80D6-C0CAE8577106}]
C:\WINDOWS\system32\geeda.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-10-08 09:31 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-10-08 09:27 126976]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
"RegistryMechanic"="" []
"MemoREX"="C:\Programmi\MemoRex\MemoRexStart.exe" [2003-07-30 00:37 332288]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Digisoft AntiDialer.lnk - C:\Programmi\Digisoft AntiDialer\AntiDialer.exe [2003-08-19 15:53:40 730112]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2008-03-11 17:49:06 389120]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Alwil Software\\Avast4\\ashAvast.exe"=
"C:\\Programmi\\Microsoft Office\\OFFICE11\\WINWORD.EXE"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=

R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2004-02-12 09:18]
S3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2004-01-28 22:15]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 20:20:43
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MemoRex\MemoRex.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-13 20:22:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 19:22:19
.
2008-03-11 22:46:09 --- E O F ---





VundoFix V6.5.10

Checking Java version...

Sun Java not detected
Scan started at 17.58.58 13/03/2008

Listing files found while scanning....

No infected files were found.


Beginning removal...

VundoFix V7.0.3

Scan started at 19.55.26 13/03/2008

Listing files found while scanning....

C:\WINDOWS\system32\rqrsqnk.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rqrsqnk.dll
C:\WINDOWS\system32\rqrsqnk.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rqrsqnk.dll
C:\WINDOWS\system32\rqrsqnk.dll Has been deleted!

Performing Repairs to the registry.
Done!




N.B. ad ogni riavvio del computer il programma spybotS.D. mi chiede, in continuazione, se voglio apportare delle modifiche al registro di sistema
argo82
Utente Junior
 
Post: 52
Iscritto il: 11/12/06 01:27
Località: basilicata

Re: aiuto RIMOZIONE VIRTUMONDE

Postdi Luke57 » 13/03/08 21:07

Ciao,copia questo codice:

File::
C:\WINDOWS\system32\onhqoxhf.ini

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{051DFCE4-A06F-4DBA-B4F6-27041E938380}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4C5EE58E-130A-4A76-80D6-C0CAE8577106}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D85530E8-D39D-49D0-9F36-300D594556D2}]



incollalo in un file di testo (start>esegui>notepad.exe>OK), salva obbligatoriamente il file con il nome CFScript.exe
trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione ed eventuale riavvio.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "aiuto RIMOZIONE VIRTUMONDE":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 33 ospiti