problemi con rond.starsdoor.com

[mic1975]

Buon giorno a tutti, avrei un problema col mio pc..Ogni tanto mi appare una pagina in explorer (anche se io uso mozilla) con scritto rond.starsdoor.com. Sicuramente avro' il pc infetto da virus perche' mi si e' rallentato notevolmente. Qualcuno puo' aiutarmi??
GRAZIE.

Se può essere utile questo è il mio file log di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21.26.29, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
D:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1074.exe
C:\Programmi\ComPlus Applications\mehevo77798.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WinAble\winable.exe
C:\Documents and Settings\Michele\Dati applicazioni\WinTouch\WinTouch.exe
C:\Documents and Settings\Michele\Dati applicazioni\Microsoft\Windows\usdwso.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Insider\Insider.exe
C:\windows\himem.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\unzipped\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.daemonsearch.com/it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Programmi\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\FILECO~1\Adobe\ADOBEV~1\Server\bin\VER SIO~2.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1074.exe 61A847B5BBF72813329C3C466188719AB689201522886B092C BD44BD8689220221DD325762EA4EBF968951185EFC41280686 7680AEDE604D64C2661373F916E7DCD66A47
O4 - HKLM\..\Run: [mehevo] C:\Programmi\ComPlus Applications\mehevo77798.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Michele\Dati applicazioni\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Michele\Dati applicazioni\Microsoft\Windows\usdwso.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Insider] C:\Programmi\Insider\Insider.exe
O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff
O4 - Global Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Append to existing PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D183B0A-1DD1-49E0-BC62-24FB9F1DD97E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D183B0A-1DD1-49E0-BC62-24FB9F1DD97E}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D183B0A-1DD1-49E0-BC62-24FB9F1DD97E}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS3 - Unknown owner - C:\Programmi\File comuni\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" -win32service (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Programmi\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)

grazie a tutti di nuovo.rond.starsdoor.com

[OYS]

1) Fixa questi:


O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1074.exe 61A847B5BBF72813329C3C466188719AB689201522886B092C BD44BD8689220221DD325762EA4EBF 968951185EFC412806867680AEDE604D64C2661373F916E7DC D66A47

O4 - HKLM\..\Run: [mehevo] C:\Programmi\ComPlus Applications\mehevo77798.exe

O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe

O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Michele\Dati applicazioni\WinTouch\WinTouch.exe

O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Michele\Dati applicazioni\Microsoft\Windows\usdwso.exe

O4 - HKCU\..\Run: [Insider] C:\Programmi\Insider\Insider.exe

O4 - HKCU\..\Run: [himem] "c:\windows\himem.exe" 3fff 8ffff



2) Scarica http://swandog46.geekstogo.com/avenger.zip

clicca su input script manually e poi sulla lente di ingrandimento.
Nello spazio bianco inserisci con copia incolla tutta la parte colorata in rosso:


folders to delete:
C:\Programmi\Insider\

files to delete:
C:\WINDOWS\mrofinu1074.exe
C:\Programmi\ComPlus Applications\mehevo77798.exe
C:\Documents and Settings\Michele\Dati applicazioni\WinTouch\WinTouch.exe
C:\Documents and Settings\Michele\Dati applicazioni\Microsoft\Windows\usdwso.exe
C:\windows\himem.exe



clicca su done.
poi sul semaforo con luce verde
due volte si, il pc si riavviera' e al ritorno posta il log di avenger (C:/avenger.txt).


3) Vai in C:\windows\system32\drivers\etc apri Il file HOSTS con il blocco note e inserisci al termine questa riga:

127.0.0 rond.starsdoor.com

[mic1975]

Grazie mille OYS!!! Sei stato davvero gentilissimo.
A Buon rendere!!!!
Buon fine settimana,
Michele.

[OYS]

Buon Fine settimana anche a te.

[Zady]

Ciaoz a tutti..ho anch'io lo stesso problema..ma ci capisco poco e neinte...qualcuno ha la pazienza di potermi dare una mano??un grazie anticipato..

[OYS]

Originariamente inviato da Zady
Ciaoz a tutti..ho anch'io lo stesso problema..ma ci capisco poco e neinte...qualcuno ha la pazienza di potermi dare una mano??un grazie anticipato..

Inanzitutto scarica HijackThis, avvialo e premi "do a system scan and save a logfile", copia il contenuto del blocco noto che si creerà e incollalo nel tuo prossimo post.


Intanto vai in C:\windows\system32\drivers\etc apri Il file HOSTS con il blocco note ed inserisci allla fine questa riga:


127.0.0 rond.starsdoor.com

[Zady]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.29.15, on 29/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\17PHolmes1000140.exe
C:\Programmi\WinAble\winable.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Alwil Software\Avast4\ashSimpl.exe
C:\Documents and Settings\giady\Desktop\giady\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Programmi\Dcads Advanced Toolbar\toolbar.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify
O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe
O4 - HKCU\..\RunOnce: [OSSProxy] c:\windows\system32\rlvknlg.exe -bootinstall
O4 - HKCU\..\RunOnce: [Del13685] cmd /c del C:\WINDOWS\system32\RKInstaller.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programmi\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe

--
End of file - 4279 bytes

[OYS]

1) Avvia HijackThis, premi do a system scan only, seleziona le seguenti voci e premi fix checked in basso a sinistra:



O3 - Toolbar: Dcads Toolbar - {41C29B07-6F91-4966-91BE-2E2841643C83} - C:\Programmi\Dcads Advanced Toolbar\toolbar.dll

O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\spads.dll" DllVerify

O4 - HKLM\..\Run: [Host Process] C:\WINDOWS\Fonts\svchost.exe

O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1000140.exe 61A847B5BBF72813329B385776F901F0B3E35B6638993F4661 AA4EBD86D67C56389B284534F310

O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe

O4 - HKCU\..\RunOnce: [OSSProxy] c:\windows\system32\rlvknlg.exe -bootinstall

O4 - HKCU\..\RunOnce: [Del13685] cmd /c del C:\WINDOWS\system32\RKInstaller.exe




2) Scarica http://swandog46.geekstogo.com/avenger.zip

clicca su input script manually e poi sulla lente di ingrandimento.
Nello spazio bianco inserisci con copia incolla tutta la parte colorata in verde:


folders to delete:
C:\Programmi\WinAble\
C:\Programmi\Dcads Advanced Toolbar

files to delete:
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\spads.dll
C:\WINDOWS\mrofinu1000140.exe
c:\windows\system32\rlvknlg.exe
C:\WINDOWS\system32\RKInstaller.exe


clicca su done.
poi sul semaforo con luce verde
due volte si, il pc si riavviera' e al ritorno posta il log di avenger (C:/avenger.txt).

[Zady]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\pwvhnmiu

*******************

Script file located at: \??\C:\Program Files\stkvrvgj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmi\WinAble deleted successfully.
Folder C:\Programmi\Dcads Advanced Toolbar deleted successfully.
File C:\WINDOWS\Fonts\svchost.exe deleted successfully.
File C:\WINDOWS\system32\spads.dll deleted successfully.
File C:\WINDOWS\mrofinu1000140.exe deleted successfully.
File c:\windows\system32\rlvknlg.exe deleted successfully.
File C:\WINDOWS\system32\RKInstaller.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[OYS]

Ok. Hai fatto il procedimento che ti ho detto prima col file hosts?