View Full Version : malware....le ho provate tutte
viandante
09-01-2007, 16:09
Allora....
Si aprono in conituazione finestre pubblicitarie di : ERRORSAFE, AMAENA, VEGASRED e altri....
Ho provato tutti gli antispyware, 3 antivirus, tutto sia in modalità normale che in provvisoria. Trovano sempre gli stessi problemi, li riparano e poi tornano. Non c'è proprio niente da fare??
Il log di hijack è pulito.......
Sono disperato.
Grazie a chi mi aiuterà :cry:
viandante
09-01-2007, 16:11
Logfile of HijackThis v1.99.1
Scan saved at 17.10.49, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\vsnpstd.exe
C:\Programmi\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [aol] "C:\Programmi\AOL\Active Virus Shield\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?7e73abef10ce46a3b780de4d96f0b6b0
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?7e73abef10ce46a3b780de4d96f0b6b0
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Programmi\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
viandante
09-01-2007, 16:23
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-09 17:23:02
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwDuplicateObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwFlushKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwInitializeRegistry
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwLoadKey2
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwNotifyChangeKey
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryMultipleValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwQueryValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwReplaceKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSaveKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwUnloadKey
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys SSDT[296]
Code \??\C:\WINDOWS\system32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys IoIsOperationSynchronous
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!KiDispatchInterrupt + BA 804D492E 7 Bytes JMP EDBC4120 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E1752 5 Bytes JMP EDBC12A0 \??\C:\WINDOWS\system32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F4E09 5 Bytes JMP EDBC0E10 \??\C:\WINDOWS\system32\drivers\klif.sys
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\Internet Explorer\IEXPLORE.EXE[132] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\alg.exe[168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\alg.exe[168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\alg.exe[168] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\alg.exe[168] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 015B200E
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 015B1DAF
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 015B1CF2
.text C:\WINDOWS\system32\bgualjz.exe[488] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 015B191B
.text C:\WINDOWS\system32\bgualjz.exe[488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 015B2D81
.text C:\WINDOWS\system32\bgualjz.exe[488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 015B2CF3
.text C:\WINDOWS\system32\bgualjz.exe[488] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 015B2EF4
.text C:\WINDOWS\system32\bgualjz.exe[488] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 015B2E63
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\vsnpstd.exe[496] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\vsnpstd.exe[496] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\vsnpstd.exe[496] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\vsnpstd.exe[496] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\vsnpstd.exe[496] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 00BC200E
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 00BC1DAF
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 00BC1CF2
.text C:\WINDOWS\system32\winlogon.exe[552] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 00BC191B
.text C:\WINDOWS\system32\winlogon.exe[552] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BC2D81
.text C:\WINDOWS\system32\winlogon.exe[552] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BC2CF3
.text C:\WINDOWS\system32\winlogon.exe[552] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 00BC2EF4
.text C:\WINDOWS\system32\winlogon.exe[552] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 00BC2E63
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\services.exe[596] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\services.exe[596] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\lsass.exe[608] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\lsass.exe[608] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ctfmon.exe[712] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ctfmon.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ctfmon.exe[712] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ati2evxx.exe[740] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ati2evxx.exe[740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ati2evxx.exe[740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ati2evxx.exe[740] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ati2evxx.exe[740] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[860] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[904] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[904] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[960] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe[1020] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] kernel32.dll!SetUnhandledExceptionFilter 7C84479D 5 Bytes JMP 004E12D0 C:\Programmi\MSN Messenger\MsnMsgr.Exe
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\MSN Messenger\msnmsgr.exe[1080] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\spoolsv.exe[1168] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\spoolsv.exe[1168] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\spoolsv.exe[1168] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE[1312] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\slserv.exe[1348] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\slserv.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\slserv.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\slserv.exe[1348] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\slserv.exe[1348] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe[1392] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\wdfmgr.exe[1408] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\wdfmgr.exe[1408] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\wdfmgr.exe[1408] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\wdfmgr.exe[1408] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\ati2evxx.exe[1732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\ati2evxx.exe[1732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\ati2evxx.exe[1732] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\explorer.exe[1940] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\explorer.exe[1940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\explorer.exe[1940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\explorer.exe[1940] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\explorer.exe[1940] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\WINDOWS\system32\svchost.exe[2136] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\WINDOWS\system32\svchost.exe[2136] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\WINDOWS\system32\svchost.exe[2136] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\WINDOWS\system32\svchost.exe[2136] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\WINDOWS\system32\svchost.exe[2136] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtEnumerateKey 7C91D94C 5 Bytes JMP 1000200E
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtEnumerateValueKey 7C91D976 5 Bytes JMP 10001DAF
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 10001CF2
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 1000191B
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10002D81
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10002CF3
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77F67775 5 Bytes JMP 10002EF4
.text C:\Documents and Settings\Utente\Desktop\gmer.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77F80958 5 Bytes JMP 10002E63
---- Threads - GMER 1.0.12 ----
Thread 4:112 8265BA20
Thread 4:116 8263AC60
Thread 4:120 8263AC60
Thread 4:312 8265BA20
Thread 4:376 8265BA20
---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\bgualjz.exe (*** hidden *** ) 488
Library C:\windows\system32\bgualjz.exe (*** hidden *** ) @ C:\WINDOWS\system32\bgualjz.exe [488] 0x00400000
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\Prefetch\BGUALJZ.EXE-24D266E6.pf
File C:\WINDOWS\system32\bgualjz.dat
File C:\WINDOWS\system32\bgualjz.exe
File C:\WINDOWS\system32\bgualjz_nav.dat
File C:\WINDOWS\system32\bgualjz_navps.dat
---- EOF - GMER 1.0.12 ----
wizard1993
09-01-2007, 16:52
per curiosità; ma che firewall hai?
viandante
09-01-2007, 16:55
per curiosità; ma che firewall hai?
questo computer non ha firewall, solo antivirus
wizard1993
09-01-2007, 17:05
installane uno
Bugs Bunny
09-01-2007, 18:42
sei in rete con qualche pc? hai disabilitato ripristino conf di sys?
viandante
09-01-2007, 19:19
sei in rete con qualche pc? hai disabilitato ripristino conf di sys?
Allora il pc non era in rete, aveva un modem.Poi l'ho portato da me e l'ho messo in rete per farlo navigare.
Il firewall purtroppo non lo posso mettere perchè il proprietario del pc è uno di quegli "utonti" da far paura......
Si ho anche disabilitato il ripristino.
sto cercando la soluzione in tutti i forum del mondo.....ma pare proprio che nessuno sappia come fare
wizard1993
09-01-2007, 19:27
fai un passaggio con f-secure blacklight
viandante
09-01-2007, 19:31
fai un passaggio con f-secure blacklight
devo disinstallare il mio antivirus prima?
wizard1993
09-01-2007, 19:34
no visto chè è un antirootkit
viandante
10-01-2007, 08:58
no visto chè è un antirootkit
non mi ha trovato niente...che faccioi?
FOXYLADY
10-01-2007, 10:22
Se sono finestre di messaggistica immediata devi disattivare il messenger nei servizi di windows, benchè con l'sp2 dovrebbe essere disattivato di default :mbe:
Se invece sono finestre del browser prova a fare una scansione con smitfraudfix.
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
---- Processes - GMER 1.0.12 ----
Process C:\WINDOWS\system32\bgualjz.exe (*** hidden *** ) 488
Library C:\windows\system32\bgualjz.exe (*** hidden *** ) @ C:\WINDOWS\system32\bgualjz.exe [488] 0x00400000
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@bgualjz c:\windows\system32\bgualjz.exe bgualjz
---- Files - GMER 1.0.12 ----
File C:\WINDOWS\Prefetch\BGUALJZ.EXE-24D266E6.pf
File C:\WINDOWS\system32\bgualjz.dat
File C:\WINDOWS\system32\bgualjz.exe
File C:\WINDOWS\system32\bgualjz_nav.dat
File C:\WINDOWS\system32\bgualjz_navps.dat
---- EOF - GMER 1.0.12 ----
Penso che il problema sia questo processo c:\windows\system32\bgualjz.exe che gmer indica come nascosto
solidguitarman
10-01-2007, 10:37
Non sono molto esperto nel settore, ma io quando ero disperato ho installato Ad-aware SE Personal e con un passaggio in modalità provvisoria mia ripulito il sistema che era davverto incasinato. Come ho già detto non sono un esperto, magari non c'entra con il tuo problema, ma meglio avertelo consigliato che no...
Ciao.
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.