Olimpo Informatico

[kefes]

Error: Action failed for file avgamsvr.exe: creating file....
> No such file or directory

ho aperto il computer e improvvisamente l'antivirus AVG fre non funziona
provo ad reinstallarlo e questa è la risposta....
stessa storia per spybot
provo ad installare panda antivirus uguale... manca un " exe"
idem con kaspersky che mi dice che l'installazione non si può fare causa errore.....
AHHH cosa succede e perchè??? che faccio ... ???
ciao
grazie

[Smjert]

Ti sarai preso un malware che sistematicamente cancella, quando li rileva, i file "vitali" degli antivirus/antispyware.

Scarica HijackThis, decomprimilo in una cartella tutta sua non temporanea (ad esempio mettilo in C:\HijackThis).
Avvialo e premi Do a system scan and save a log file, ti si aprirà una finestra di notepad con il risultato della scansione, copia e incolla qua il suo contenuto.

[kefes]

ho scaricato hijackthis ecco il risulatato..... speriamo bene... sono preoccupata...

Logfile of HijackThis v1.99.1
Scan saved at 23.29.31, on 25/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\SiteAdvisor\6028\SAService.exe
C:\WINDOWS\system32\slmdmsr.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\PROGRA~1\DIALER~1\dc.exe
C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Susanna\IMPOST~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/oggi/indexbb.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://codecs.r8.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Dialer Control] C:\PROGRA~1\DIALER~1\dc.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6028\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Dale audio] C:\DOCUME~1\Susanna\DATIAP~1\DUMBHE~1\intradupehtm.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1167331157109
O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://www.tele2mail.com/static/apps/utils/AccountHelper.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,4970/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{99580E80-4B12-4387-B121-21CEC91F28F1}: NameServer = 193.12.150.2 212.247.152.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6028\SiteAdv.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6028\SAService.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slmdmsr.exe

grazie ciao

[Orange]

ciao
il tuo problema potrebbe anche essere dovuto al nuovo worm chiamato BAGLE.
da Start/Esegui digita regedit
Individua la chiave
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run e riporta qui i valori che trovi. ( non eliminare nulla, per il momento)

[kefes]

fatto questo ho trovato:
una icona grigia con su scritto in rosso ab( predefinito) REG_SZ (valore non impostato)
una icona grigia con su scritto in rosso ab CTFMON:EXE REG_SZ C:\WINDOWS\system32\CTFMON.EXE

ciao
buona giornata

[Orange]

la vedo dura...
no, non ti preoccupare è perche si è nascosto bene

scrica ed installa GMER , avvialo, al termine posta il risultato della scheda ROOTKIT.

[kefes]

ho provato ad installare altri programmi antivirus o antispy... tutto impossibile ora sono senza nessun programma di questo genere nessuno funziona più.
ho installato gemer : ti faccio vedere la prima e la seconda schermata.

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-26 23:01:03
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \??\C:\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys ZwEnumerateKey
SSDT \??\C:\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys ZwEnumerateValueKey
SSDT \??\C:\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys ZwQueryDirectoryFile
SSDT \??\C:\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys ZwQuerySystemInformation

---- EOF - GMER 1.0.12 ----

e poi

GMER 1.0.12.12027 - http://www.gmer.net
Rootkit scan 2007-02-26 23:01:46
Windows 5.1.2600 Service Pack 2


---- User code sections - GMER 1.0.12 ----

.text C:\Programmi\QuickTime\qttask.exe[148] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\QuickTime\qttask.exe[148] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\RTHDCPL.EXE[180] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\RTHDCPL.EXE[180] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe[276] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe[276] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Thomson\SpeedTouch USB\dragdiag.exe[304] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Thomson\SpeedTouch USB\dragdiag.exe[304] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\SiteAdvisor\6028\SiteAdv.exe[448] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\SiteAdvisor\6028\SiteAdv.exe[448] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[964] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[964] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe[1452] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe[1452] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[1620] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\system32\ctfmon.exe[1724] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\system32\ctfmon.exe[1724] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe[1820] KERNEL32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe[1820] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\explorer.exe[1904] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\WINDOWS\explorer.exe[1904] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[2072] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[2072] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\eMule\emule.exe[2080] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\eMule\emule.exe[2080] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2096] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe[2096] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\DOCUME~1\Susanna\IMPOST~1\Temp\Rar$EX16.39093\gmer.exe[3184] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\DOCUME~1\Susanna\IMPOST~1\Temp\Rar$EX16.39093\gmer.exe[3184] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\WinRAR\WinRAR.exe[3544] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\WinRAR\WinRAR.exe[3544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Outlook Express\msimn.exe[3692] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\Programmi\Outlook Express\msimn.exe[3692] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 62533360 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 625333D0 C:\PROGRA~1\DIALER~1\dc.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!SetWindowLongA 77D1D60D 5 Bytes JMP 7E38FFBA C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!SetWindowLongW 77D1D62B 5 Bytes JMP 7E38FFEB C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!DialogBoxParamW 77D2662C 5 Bytes JMP 7E1FF205 C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamW 77D32043 5 Bytes JMP 7E38FEBF C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!MessageBoxIndirectA 77D3A05A 5 Bytes JMP 7E38FE40 C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!DialogBoxParamA 77D3B11C 5 Bytes JMP 7E38FE84 C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!MessageBoxExW 77D50538 5 Bytes JMP 7E38FDCC C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!MessageBoxExA 77D5055C 5 Bytes JMP 7E38FE06 C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!DialogBoxIndirectParamA 77D56CAD 5 Bytes JMP 7E38FEFA C:\WINDOWS\system32\IEFRAME.dll
.text C:\PROGRA~1\INTERN~1\iexplore.exe[3856] USER32.dll!MessageBoxIndirectW 77D66093 5 Bytes JMP 7E2215DA C:\WINDOWS\system32\IEFRAME.dll

---- EOF - GMER 1.0.12 ----
un salutone a tutti
grazie ciao

[Orange]

trovati!!
ora per rimuoverli

Scarica Virit
Installalo/aggiornalo e fai uno scan completo del sistema

scarica THE AVENGER e decomprimilo sul desktop.
disattiva Ripristino configurazione di sistema

con un doppio click avvia il file avenger.exe
Seleziona "Input Script Manually"
Clicca sulla lente di ingrandimento
Nella finestra che si aprirà "View/edit script"
copia / incolla quanto segue:

[kefes]

tutto ok fino a quando il computer si è riavviato dopo l'uso di avenger.
quando si è aperto e comparsa una finestra nera (quella dei comandi) che si chiama C:\windows\system32\cmd.exe
con su scritto
C:\avenger\1.reg
C.\avenger\2.reg
1 file copiati
zip warning: C:backup.zip not found or empty
adding: avenger/avenger.txt (188 bytes securiy) (deflated 72%)
adding: avenger/backup.reg (188 bytes security) ( deflated 68%)

e insieme a questo una finestra di avviso di wundows con su: windows- disco non presente
impossibile trovare il disco nell'unità

vir lite prima aveva cancellato il virus beagle
continuo nelle tue istruzioni
vediamo che succede...


ciao oggi è una bellissima giornata con tanto sole.... speriamo porti bene...

[Smjert]

Posta il contenuto di Avenger.txt

[liwhite]

SCUSATE MA ANCH'IO HO LO STESSO PROBLEMA CON IL FILE AVGAMSVR.EXE POSSO POSTARE IL LOG DI HIJACKTHIS ?

[liwhite]

Logfile of HijackThis v1.99.1
Scan saved at 19.44.25, on 27/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Microsoft Office2007\Office12\GrooveMonitor.exe
C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\hldrrr.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe
C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Programmi\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe
C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe
C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE
C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Skype\Plugin Manager\SkypePM.exe
C:\Programmi\Alwil Software\Avast4\ashSimp2.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Chiara\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI3369~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus C66 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0S2.EXE /P23 "EPSON Stylus C66 Series" /O6 "USB001" /M "Stylus C66"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office2007\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: PCSuiteperNokia6600 Detect.lnk = ?
O4 - Global Startup: PCSuiteperNokia6600 TS.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MI3369~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI3369~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI3369~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{64D7A53E-93E5-46FB-B1D9-2A204206A09D}: NameServer = 85.37.17.16 151.99.125.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI3369~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

[/img]

[Smjert]

Fai anche tu una scansione con GMER come dice Orange.

[Orange]

[kefes]

ho fatto tutto in sequenza ma nel punto dove dici:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Elimina il seguente valore nel riquadro di destra:
"drv_st_key" = "%UserProfile%\Application Data\hidn\hidn.exe"
trova ed elimina questi valori (Tasto destro --> Elimina):
hldrrr
drvsyskit
german.exe
tutto questo non c'è
ci sono altre voci a destra ma non queste

Nello stesso modo, elimina anche le seguenti chiavi:
HKEY_CURRENT_USER\Software\DateTime4 non c'è
HKEY_CURRENT_USER\Software\FirstRRRun c'è e l'ho cacellato come hai dettoHKEY_CURRENT_USER\Software\FirstRuxzx non c'è

il risultato è che ora il computer va meglio e finalmente posso aprire la posta di virgilio comunicator alla quale da giorni non accedevo più , ma ho provato nuovamente ad installare spybot ( o un altro antivirus come Panda o un anti spy e il risultato è sempre il medesimo:
spybotSD.exe non c'è per cui non parte il programma anche se installato nuovamente.... per gli altri programmi non riesco neppure a finire l'installazione perchè manca l'exe relativa...
ma cosa sono queste exe' vanno e vengono? vacanza mare? Scusa ma sono parti del programma che installo o parti che non ci sono nel mio computer comunque domande che capisco che per te possano essere semplici per me invece....
e adesso mi sto preoccupando

confido in te...
Sempre ciao e grazie

[kefes]

Local machine: installation failed
Installation:
Error: Action failed for file avgamsvr.exe: creating file....
No such file or directory

ho provato anche ad installare avg....
questo è il risulatato

ciao

[Orange]

ciao
ma hai riattivato i servizi?

[kefes]

Io avevo già completato tutte le istruzioni e attivato i servizi

questi sono i risultati con avg-antirootk:

C:\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys,Hidden driver file, Hidden file
c:\BundleSW\Antivirus\shared,Hidden directory
c:\BundleSW\Antivirus\shared\agent.cab,Hidden file
c:\BundleSW\Antivirus\shared\agentcfg.cab,Hidden file
c:\BundleSW\Antivirus\shared\agentdui.cab,Hidden file
c:\BundleSW\Antivirus\shared\agentsub.cab,Hidden file
c:\BundleSW\Antivirus\shared\agentupd.cab,Hidden file
c:\BundleSW\Antivirus\shared\mcafwel.cab,Hidden file
c:\BundleSW\Antivirus\shared\mccomctl.cab,Hidden file
c:\BundleSW\Antivirus\shared\McGDMgr.dll,Hidden file
c:\BundleSW\Antivirus\shared\mcinsctl.dll,Hidden file
c:\BundleSW\Antivirus\shared\mcscoem.cab,Hidden file
c:\BundleSW\Antivirus\shared\mghtml.cab,Hidden file
c:\BundleSW\Antivirus\shared\regwiz.cab,Hidden file
c:\BundleSW\Antivirus\shared\vsoreg.cab,Hidden file
c:\Documents and Settings\eMule_Secure\Dati applicazioni\hidires,Hidden directory
c:\Documents and Settings\eMule_Secure\Dati applicazioni\hidires\m_hook.sys,Hidden file
c:\Documents and Settings\Susanna\Dati applicazioni\hidires,Hidden directory
c:\Documents and Settings\Susanna\Dati applicazioni\hidires\hidr.exe,Hidden file
c:\Programmi\McAfee.com\Shared,Hidden directory
c:\Programmi\McAfee.com\Shared\cleanup.ini,Hidden file
c:\Programmi\McAfee.com\Shared\dunzip32.dll,Hidden file
c:\Programmi\McAfee.com\Shared\mcappins.exe,Hidden file
c:\Programmi\McAfee.com\Shared\mcappins.inf,Hidden file
c:\Programmi\McAfee.com\Shared\mghtml.exe,Hidden file
c:\Programmi\McAfee.com\Shared\mghtml.inf,Hidden file
c:\Programmi\Movie Maker\Shared,Hidden directory
c:\Programmi\Movie Maker\Shared\Empty.txt,Hidden file
c:\Programmi\Movie Maker\Shared\Filters.xml,Hidden file
c:\Programmi\Movie Maker\Shared\news.png,Hidden file
c:\Programmi\Movie Maker\Shared\paint.png,Hidden file
c:\Programmi\Movie Maker\Shared\Sample1.jpg,Hidden file
c:\Programmi\Movie Maker\Shared\Sample2.jpg,Hidden file
c:\Programmi\Skype\toolbars\Shared,Hidden directory
c:\Programmi\Skype\toolbars\Shared\SPhoneParser.dll,Hidden file
c:\WINDOWS\ime\shared,Hidden directory

AVENGER:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\msjpocoh

*******************

Script file located at: \??\C:\WINDOWS\system32\ythybnxe.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C::\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys for deletion
Deletion of file C::\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys failed!

Could not process line:
C::\Documents and Settings\Susanna\Dati applicazioni\hidires\m_hook.sys
Status: 0xc000003a

Registry key HKLM\SYSTEM\CurrentControlSet\Services\m_hook deleted successfully.
Registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[color=red]con sophos non riesco a copiare i risultati ( non sono evidenziabili ) tranne in questo modo se così ti va bene li copio tutti questi sono solo alcuni[/color]

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Office.Interop.Graph,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0"
Removable: No
Notes: (type 7, length 104) "C m l q V n - } f ( Z X f e A R 6 . j i G r a p h _ P I A > ~ 6 Q 5 ^ G " ... "{ B "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\Microsoft.Office.Interop.Excel,Version="11.0.0.0000",Culture="neutral",PublicKeyToken="71e9bce111e9429c",FileVersion="11.0.5530.0"
Removable: No
Notes: (type 7, length 104) "C m l q V n - } f ( Z X f e A R 6 . j i E x c e l _ P I A > h = N ( ] v " ... "g M "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\mscomctl,Version="10.0.4504.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",FileVersion="10.0.4504.0"
Removable: No
Notes: (type 7, length 116) "C m l q V n - } f ( Z X f e A R 6 . j i d u m m y _ O W C 1 1 _ P I A > " ... "i h "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Assemblies\Global\MSDATASRC,Version="7.0.3300.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",FileVersion="7.0.9466.0"
Removable: No
Notes: (type 7, length 120) "C m l q V n - } f ( Z X f e A R 6 . j i V S C o m m o n P I A H i d d e " ... "2 d "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\Security\Roles\App_LocalResources\
Removable: No
Notes: (type 1, length 2) " "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\system32\MUI\0409\
Removable: No
Notes: (type 1, length 2) " "
Area: Windows registry
Description: Hidden registry value
Location: \HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\WINDOWS\winsxs\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\
Removable: No
Notes: (type 1, length 2) " "

grazie
ciao
[/code][/list]

[kefes]

ribuonasera a tutti....
vedi vedi che ho trovato con Sophos.... che erano parte quelli che dovevo trovare e cancellare e non c'erano ma allora ciò significa che ci sono o no?

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1006\Software\Microsoft\Windows\CurrentVersion\Run\hldrrr
Removable: No
Notes: (type 1, length 62) "C : \ W I N D O W S \ s y s t e m 3 2 \ h l d r r r . e x e "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1006\Software\Microsoft\Windows\CurrentVersion\Run\german.exeRemovable: No
Notes: (type 1, length 64) "C : \ W I N D O W S \ s y s t e m 3 2 \ w i n t e m s . e x e "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1006\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit
Removable: No
Notes: (type 1, length 148) "C : \ D o c u m e n t s a n d S e t t i n g s \ e M u l e _ S e c u " ... "e x e "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1005\Software\Microsoft\Windows\CurrentVersion\Run\drvsyskit
Removable: No
Notes: (type 1, length 138) "C : \ D o c u m e n t s a n d S e t t i n g s \ S u s a n n a \ D a " ... "e x e "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1005\Software\Microsoft\Windows\CurrentVersion\Run\hldrrr
Removable: No
Notes: (type 1, length 62) "C : \ W I N D O W S \ s y s t e m 3 2 \ h l d r r r . e x e "

Area: Windows registry
Description: Hidden registry value
Location: \HKEY_USERS\S-1-5-21-3496567198-3364525246-1203913045-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHACNGU:P:\Qbphzragf naq Frggvatf\Fhfnaan\Qrfxgbc\fnethv.rkr
Removable: No
Notes: (type 3, length 16) "W \x06 \xe0\xd2\xee\xeb[\xc7\x01"



ciaoooo....

[Orange]

ciao!

Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) metti la spunta su: Visualizza file e cartelle nascoste
2) Disattiva: nascondi file protetti di sistema

disabilita il ripristino di configurazione

apri nuovamente THE AVENGER e copia/incolla seguente