Accedi per seguire   
Seguaci 0
rossonero

Problema con Trojan Agent -jyl

Iniziato da rossonero,

65 messaggi in questa discussione

Inviato

Ciao a tutti sono nuovo,avast mi ha trovato trojan agent-jyl che non riesce a rimuovere,mi inibisce l'uso di ccleaner,quando vado sull'icona con il mouse mi spariscono per 2 secondi tutte le icone sul monitor,chiudendomi anche delle pagine sui forum che riguardano la sicurezza,ma credo di aver p

reso anche altro che non viene rilevato.il file infetto e': windows\sistem 32\winvewvs.exe,

tra l'altro il processo di questo file nel task manager non viene rilevato.potete aiutarmi?grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

[ben]rossonero[/ben]

Ciao,

preleva l'ultima versione di VirIT. (non crea conflitti)

http://www.tgsoft.it/italy/download.htm

Installalo, avvialo, aspetta il termine del controllo della memoria, ed AGGIORNALO (importante)

poi fai la scansione completa del sistema (salva il log e postalo)

Posta anche un log di Hijack: Istruzioni e Download Hijack

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao kuma ,il trojan mi impedisce di fare le cose che mi hai detto di fare,virIT non me lo fa eseguire,e quando clicco su "Istruzioni e Download Hijack" mi chiude tutto,come posso fare a risolvere il problema?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

:P e :)

hai provato a fare una scansione in modalità provvisoria? :leggi:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao,ho provato piu' volte a fare scansioni in mod.provvisoria ma il problema non i risolve proprio.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ma se cancellassi il file infetto all'interno della cartella, farei una cavolata grossa?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao kuma ,il trojan mi impedisce di fare le cose che mi hai detto di fare,virIT non me lo fa eseguire,e quando clicco su "Istruzioni e Download Hijack" mi chiude tutto,come posso fare a risolvere il problema?

ciao,

prova a fare cosi ;

* Scarica e decomprimi X-RayPC

- Avvia il file X-RayPC.exe

- Clicca su Save log....

- Salvalo dove meglio ritieni e poi copia il suo contenuto in un post di risposta

* Scarica questo tool

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Una volta scaricato,avvialo con un doppio click.

- Si aprirà una finestra blu ...Attendere....

- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.

- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.

- Attendere.....

Il tool ti avviserà una volta lo scan finito e in qualche attimo visualizzerà il rapporto con i dettagli.

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ecco il log:

ogfile of X-RayPc Build 39029 (Installed 1188943252)

Scan saved at 04/09/2007 22.04.53

Registry Settings:

IE Start Page (User) : http://www.libero.it/

IE Start Page (Global) : http://go.microsoft.com/fwlink/?LinkId=69157

IE Default Page : http://go.microsoft.com/fwlink/?LinkId=69157

IE Search Page (User) : http://www.google.com

IE Search Page (Global) : http://go.microsoft.com/fwlink/?LinkId=54896

IE Default Search : http://go.microsoft.com/fwlink/?LinkId=69157

IE Customize Search : http://dnl.crawler.com/support/sa_customize.aspx?TbId=60327

IE Search Assistant : http://www.crawler.com/search/ie.aspx?tb_id=60327

HOSTS Directory : %SystemRoot%\System32\drivers\etc

C:\WINDOWS\system32\services.exe (108544 1a58ca8f695b31e800ae6ddfc02814b0)

C:\WINDOWS\system32\lsass.exe (13312 4e4d7fa847a3fa5a67d56e57c8d238e8)

C:\WINDOWS\system32\Ati2evxx.exe (434176 c27a0a876e7277428ab894cd58600686)

C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

C:\WINDOWS\system32\Ati2evxx.exe (434176 c27a0a876e7277428ab894cd58600686)

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (16248 c2232db3b804e3e62c774def3b672e2b)

C:\Programmi\Alwil Software\Avast4\ashServ.exe (132472 6d97ccd5880025899d2a7ee893bca90f)

C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)

C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (28672 3caabc2d0f87413eb1e0c7e0b3245e67)

C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe (258103 40ccbdccfd85e7f12238058f1444fe70)

C:\WINDOWS\eHome\ehRecvr.exe (237568 5d1347aa5ae6e2f77d7f4f8372d95ac9)

C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe (75520 edf5d27c6d244740418903626df5741a)

C:\WINDOWS\RTHDCPL.EXE (14854144 8d6c32d982dc380287d446de1d166e48)

C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe (32768 8fb740d758b14b1bc950cc347c21e461)

C:\WINDOWS\eHome\ehSched.exe (103424 9e8d8d5cd36c389db34d23f7836cbff6)

C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe (200069 693580dffc1949fd5fdaf39d181521b1)

C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (401408 f502978012e90d851abf4e9ac4baa91e)

C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)

C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe (462848 68b262f15e3c8dbb085cfef76bdff9c7)

C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

C:\WINDOWS\system32\SysMonitor.exe (49152 93ee120ae332dbe31632a00d232096d8)

C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE (45056 64c4c17bf6a40ff1cd21205e6fd415b8)

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (75128 fcbca639fcff182a39d528512bd29a11)

C:\Programmi\Spyware Terminator\sp_rsser.exe (965632 fdc430e395253e0e0d55513bc889ed30)

C:\Programmi\SPAMfighter\SFAgent.exe (481424 cebb1b84eedf7a5ed6ddfbb6a9dd675d)

C:\Programmi\SPYWAREfighter\spftray.exe (115608 b98d723fbdf2508c8959258bd42f46e9)

C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe (2776576 96180d5040960fa1e064d5f4da58bda9)

C:\WINDOWS\system32\ctfmon.exe (15360 33f14c55448ffa3e9dae4854cc632d33)

C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (68856 e616a6a6e91b0a86f2f6217cde835ffe)

C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (45056 e6756a27cbde6a31a8fd18d0bf49c3eb)

C:\Programmi\Acer WLAN 11g USB Dongle\ZDWlan.exe (745472 12e322762d17b9effe84808e2e258aa7)

C:\WINZIP\WZQKPICK.EXE (106560 86dbf4b001546af239e2ab7236373552)

C:\Programmi\D-Link\Software Bluetooth\BTTray.exe (577597 a911fcb59de1555323280e64d4cd78d0)

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (243064 d196b08cfd308d1930fcad7bd3685471)

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (345464 2794d4a8f6f9a7530e8818464e1685b7)

C:\Programmi\SPYWAREfighter\spfprc.exe (410520 dd634a9825135ddd919683a7dc04360b)

C:\WINDOWS\system32\wbem\wmiprvse.exe (218112 9b879b491d48562e0a8ea03cd546a707)

C:\WINDOWS\system32\dllhost.exe (5120 44dd4a2ed4fec05447983b61978eba67)

C:\WINDOWS\eHome\ehmsas.exe (46592 f163e77da87a6ad558ff5bb747a58efc)

C:\WINDOWS\System32\alg.exe (44544 232ac1991affa43f26cd70f829db7129)

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe (45056 64c4c17bf6a40ff1cd21205e6fd415b8)

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe (45056 64c4c17bf6a40ff1cd21205e6fd415b8)

C:\WINDOWS\explorer.exe (1035776 7e2817a623e16f830b660f81c0fd63da)

C:\Programmi\Internet Explorer\iexplore.exe (625152 275cee268b9e5d82474c43d5d249d111)

C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe (1862144 e4681a1c28bcd97d6baae44ff6e733fb)

C:\unzipped\xraypc[1]\x-raypc.exe (348928 df5ba440e4384adcd1a0bf653da84387)

C:\WINDOWS\system32\REGSVR32.EXE (12288 6c468cb8e85ccc735ee72334813897eb)

Service: AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe (28672 3caabc2d0f87413eb1e0c7e0b3245e67)

Service: ALG C:\WINDOWS\System32\alg.exe (44544 232ac1991affa43f26cd70f829db7129)

Service: aswUpdSv C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe (16248 c2232db3b804e3e62c774def3b672e2b)

Service: Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe (434176 c27a0a876e7277428ab894cd58600686)

Service: AudioSrv C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: avast! Antivirus C:\Programmi\Alwil Software\Avast4\ashServ.exe (132472 6d97ccd5880025899d2a7ee893bca90f)

Service: avast! Mail Scanner C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe (243064 d196b08cfd308d1930fcad7bd3685471)

Service: avast! Web Scanner C:\Programmi\Alwil Software\Avast4\ashWebSv.exe (345464 2794d4a8f6f9a7530e8818464e1685b7)

Service: BITS C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: btwdins C:\Programmi\D-Link\Software Bluetooth\bin\btwdins.exe (258103 40ccbdccfd85e7f12238058f1444fe70)

Service: COMSysApp C:\WINDOWS\system32\dllhost.exe (5120 44dd4a2ed4fec05447983b61978eba67)

Service: CryptSvc C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: DcomLaunch C:\WINDOWS\system32\svchost -k DcomLaunch

Service: Dhcp C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: dmserver C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: ehRecvr C:\WINDOWS\eHome\ehRecvr.exe (237568 5d1347aa5ae6e2f77d7f4f8372d95ac9)

Service: ehSched C:\WINDOWS\eHome\ehSched.exe (103424 9e8d8d5cd36c389db34d23f7836cbff6)

Service: ERSvc C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: Eventlog C:\WINDOWS\system32\services.exe (108544 1a58ca8f695b31e800ae6ddfc02814b0)

Service: EventSystem C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: FastUserSwitchingCompatibility C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: helpsvc C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: HidServ C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: lanmanserver C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: lanmanworkstation C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: Netman C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: Nla C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: PlugPlay C:\WINDOWS\system32\services.exe (108544 1a58ca8f695b31e800ae6ddfc02814b0)

Service: ProtectedStorage C:\WINDOWS\system32\lsass.exe (13312 4e4d7fa847a3fa5a67d56e57c8d238e8)

Service: RasMan C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: RemoteRegistry C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: RpcSs C:\WINDOWS\system32\svchost -k rpcss

Service: SamSs C:\WINDOWS\system32\lsass.exe (13312 4e4d7fa847a3fa5a67d56e57c8d238e8)

Service: seclogon C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: SENS C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: SharedAccess C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: ShellHWDetection C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: Spooler C:\WINDOWS\system32\spoolsv.exe (57856 da81ec57acd4cdc3d4c51cf3d409af9f)

Service: SPYWAREfighterRP C:\Programmi\SPYWAREfighter\spfprc.exe (410520 dd634a9825135ddd919683a7dc04360b)

Service: sp_rssrv C:\Programmi\Spyware Terminator\sp_rsser.exe (965632 fdc430e395253e0e0d55513bc889ed30)

Service: srservice C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: TapiSrv C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: TermService C:\WINDOWS\System32\svchost -k DComLaunch

Service: Themes C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: TrkWks C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: W32Time C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: winmgmt C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: wscsvc C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: wuauserv C:\WINDOWS\system32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

Service: WZCSVC C:\WINDOWS\System32\svchost.exe (14336 30b08704e17975eab783752b86b528b8)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (59032 4ea3a6cd9d20584ffafdb1e47dbf0e20)

O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll (1122816 5fc7e2d8e672426b45772160aaa2a7c2)

O2 - BHO: (no name) - {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll (853672 250d787a5712d7768ddc133b3e477759)

O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O2 - BHO: (Windows Live Sign-in Helper) - {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (324416 52a70c80a446fa3bbcdaf59a9ab26af4)

O2 - BHO: (Google Toolbar Helper) - {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programmi\google\googletoolbar2.dll (2423872 f0b634b957e774e90edf0f90d0039303)

O2 - BHO: (Google Toolbar Notifier BHO) - {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (325048 1dc47ca76a0ffeaa25b45de5706f2115)

O2 - BHO: (Windows Live Toolbar Helper) - {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Programmi\Windows Live Toolbar\msntb.dll (546672 0faf0281cbc1f5b8293a2a03745c0acb)

O3 - Toolbar: &Google {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programmi\google\googletoolbar2.dll (2423872 f0b634b957e774e90edf0f90d0039303)

O3 - Toolbar: Windows Live Toolbar {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Programmi\Windows Live Toolbar\msntb.dll (546672 0faf0281cbc1f5b8293a2a03745c0acb)

O3 - Toolbar: Toolbar &Crawler {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll (1122816 5fc7e2d8e672426b45772160aaa2a7c2)

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe (75520 edf5d27c6d244740418903626df5741a)

O4 - HKLM\..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (14854144 8d6c32d982dc380287d446de1d166e48)

O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe (32768 8fb740d758b14b1bc950cc347c21e461)

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (455168 024dc0f68df5fd6ae9dd82dfbaf479d6)

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE (455168 024dc0f68df5fd6ae9dd82dfbaf479d6)

O4 - HKLM\..\Run: [ntiMUI] c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe (45056 27ecdc43b2e41a865092cc31263358f2)

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe (59392 1b17e09c1223f6d17336d2dd7a1af4f4)

O4 - HKLM\..\Run: [LaunchApp] C:\WINDOWS\Alaunch.EXE (524288 59dcf4f8b0e222c97b69086185c583a4)

O4 - HKLM\..\Run: [iMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (208952 7bbe4cf421aecc7f0226edd75f12079f)

O4 - HKLM\..\Run: [imageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe (40960 a2a1f31e044bb41620141ed87e350516)

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\system32\HDAShCut.exe (61952 9c3b2302b60fb0efb13bc880a5e3e93e)

O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe (200069 693580dffc1949fd5fdaf39d181521b1)

O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (401408 f502978012e90d851abf4e9ac4baa91e)

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (67584 7e48b4958c131e9643ddcd2e7ca3fe9f)

O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe (462848 68b262f15e3c8dbb085cfef76bdff9c7)

O4 - HKLM\..\Run: [ATICCC] C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe (90112 0dc2e1b6951bd2170bc47f0eebf629b3)

O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe (49152 93ee120ae332dbe31632a00d232096d8)

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (75128 fcbca639fcff182a39d528512bd29a11)

O4 - HKLM\..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (69632 8b4cbba1ea526830c7f97e7822e2493a)

O4 - HKLM\..\Run: [sPAMfighter Agent] C:\Programmi\SPAMfighter\SFAgent.exe (481424 cebb1b84eedf7a5ed6ddfbb6a9dd675d)

O4 - HKLM\..\Run: [spywarefighterguard] C:\Programmi\SPYWAREfighter\spftray.exe (115608 b98d723fbdf2508c8959258bd42f46e9)

O4 - HKLM\..\Run: []

O4 - HKLM\..\Run: [spywareTerminator] C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe (2776576 96180d5040960fa1e064d5f4da58bda9)

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (15360 33f14c55448ffa3e9dae4854cc632d33)

O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (68856 e616a6a6e91b0a86f2f6217cde835ffe)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [PostBootReminder] C:\WINDOWS\system32\SHELL32.dll (8482816 1d327a5be91abc96cac97f0ce0e64c50)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [CDBurn] C:\WINDOWS\system32\SHELL32.dll (8482816 1d327a5be91abc96cac97f0ce0e64c50)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [WebCheck] C:\WINDOWS\system32\webcheck.dll (232960 e1aca9afacecde90fa19bc500d9d6146)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [sysTray] C:\WINDOWS\system32\stobject.dll (122368 3d5c5d7ac90a781c23a6b74cf8eea0ef)

O4 - HKLM\..\ShellServiceObjectDelayLoad: [WPDShServiceObj] C:\WINDOWS\system32\WPDShServiceObj.dll (133632 045e228f71c31901084b64be59093499)

O16 - DPF: {0eb0e74a-2a76-4ab3-a7fb-9bd8c29f7f75} (CKAVWebScan Object)- http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab - C:\WINDOWS\Downloaded Program Files\kavwebscan.inf (2305 1180f4e32cc47de40e025c46cf51016f)

O16 - DPF: {193c772a-87be-4b19-a7bb-445b226fe9a1} (ewidoOnlineScan Control)- http://downloads.ewido.net/ewidoOnlineScan.cab - C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL (345656 b284992540e0fa2b76dea56f93d49a16)

O16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6)- http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab - C:\WINDOWS\Downloaded Program Files\hcImpl.inf (723 2781022c0395956ffb5ac9b26145027a)

O16 - DPF: {56393399-041a-4650-94c7-13dfcb1f4665} (PSFormX Control)- http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab - C:\WINDOWS\Downloaded Program Files\pestscanx.inf (479 22eb4873b8670a62a7ea4bfd86c923eb)

O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control)- http://download.bitdefender.com/resources/scan8/oscan8.cab - C:\WINDOWS\Downloaded Program Files\oscan8.inf (1331 e36a526c5faad337a96e6c841d0eed1c)

O16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module)- http://cdn.scan.onecare.live.com/resource/...lscbase8300.cab - C:\WINDOWS\Downloaded Program Files\CONFLICT.1\wlscBase.inf (320 4d662b7641193f92b664111302f88764)

O16 - DPF: {7b297bfd-85e4-4092-b2af-16a91b2ea103} (WScanCtl Class)- http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab - C:\WINDOWS\Downloaded Program Files\webscan.inf (477 1d212ebe1e9788763c5781cd9d224e6c)

O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} (Java Plug-in 1.6.0_01)- http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O16 - DPF: {9a9307a0-7da4-4daf-b042-5009f29e09e1} (ActiveScan Installer Class)- http://acs.pandasoftware.com/activescan/as5free/asinst.cab - C:\WINDOWS\Downloaded Program Files\asinst.inf (537 9038ee674a66f5f50e71852a690bd188)

O16 - DPF: {cafeefac-0015-0000-0005-abcdeffedcba} (Java Plug-in 1.5.0_05)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O16 - DPF: {cafeefac-0015-0000-0006-abcdeffedcba} (Java Plug-in 1.5.0_06)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O16 - DPF: {cafeefac-0015-0000-0011-abcdeffedcba} (Java Plug-in 1.5.0_11)- http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O16 - DPF: {cafeefac-0016-0000-0001-abcdeffedcba} (Java Plug-in 1.6.0_01)- http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll (501400 70fd57d6edbed8d80c1995257c99d27e)

O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} (Java Plug-in 1.6.0_01)- http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab - C:\Programmi\Java\jre1.6.0_01\bin\npjpi160_01.dll (132760 f112fb2fd2ef66d439799e3f834df000)

O16 - DPF: {d27cdb6e-ae6d-11cf-96b8-444553540000} (Shockwave Flash Object)- http://download.macromedia.com/pub/shockwa...ash/swflash.cab - C:\WINDOWS\Downloaded Program Files\swflash.inf (5085 f2cdd2edb98ed6975f0e33860703eeba)

020 - HKLM\..\Notify: [AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll (110592 d12741dcfde44114913e93e7a60369ea)

020 - HKLM\..\Notify: [crypt32chain] C:\WINDOWS\system32\crypt32.dll (601600 a77d5a8b6e8acdb0702403658e808f47)

020 - HKLM\..\Notify: [cryptnet] C:\WINDOWS\system32\cryptnet.dll (63488 cdf63e02d4046b4c381c82db00ca3a5c)

020 - HKLM\..\Notify: [cscdll] C:\WINDOWS\system32\cscdll.dll (102400 73cfbaf6ad6c64b19e063f08d182172c)

020 - HKLM\..\Notify: [scCertProp] C:\WINDOWS\system32\wlnotify.dll (93184 3cd9069dac74e68501be34ad636542a0)

020 - HKLM\..\Notify: [schedule] C:\WINDOWS\system32\wlnotify.dll (93184 3cd9069dac74e68501be34ad636542a0)

020 - HKLM\..\Notify: [sclgntfy] C:\WINDOWS\system32\sclgntfy.dll (21504 450cba3881d9e43c9bc05a51d25492f3)

020 - HKLM\..\Notify: [sensLogn] C:\WINDOWS\system32\WlNotify.dll (93184 3cd9069dac74e68501be34ad636542a0)

020 - HKLM\..\Notify: [termsrv] C:\WINDOWS\system32\wlnotify.dll (93184 3cd9069dac74e68501be34ad636542a0)

020 - HKLM\..\Notify: [WgaLogon] C:\WINDOWS\system32\WgaLogon.dll (236928 87cfcf38e69fd03eb888a67aa5ba15b5)

020 - HKLM\..\Notify: [wlballoon] C:\WINDOWS\system32\wlnotify.dll (93184 3cd9069dac74e68501be34ad636542a0)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Questo e' il rapporto del tool che mi hai detto di scaricare:

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\DOWNLO~1.\Quarantine

((((((((((((((((((((((((( Files Created from 2007-08-04 to 2007-09-04 )))))))))))))))))))))))))))))))

2007-09-04 22:10 51,200 --a------ C:\WINDOWS\nircmd.exe

2007-09-04 00:36 <DIR> d-------- C:\Programmi\WinClamAVShield

2007-09-04 00:34 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

2007-09-04 00:31 <DIR> d-------- C:\Programmi\Spyware Terminator

2007-09-04 00:31 <DIR> d-------- C:\Programmi\Crawler

2007-09-04 00:31 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spyware Terminator

2007-09-03 12:19 <DIR> d-------- C:\Programmi\RogueRemover FREE

2007-09-02 21:58 <DIR> d-------- C:\Programmi\SPYWAREfighter

2007-09-01 00:11 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab

2007-09-01 00:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\Kaspersky Lab

2007-08-30 22:45 <DIR> d-------- C:\WINDOWS\BDOSCAN8

2007-08-30 22:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan

2007-08-28 00:42 <DIR> d-------- C:\DOCUME~1\GIOVAN~1\DATIAP~1\PCToolsFirewallPlus

2007-08-28 00:39 55,904 --a------ C:\WINDOWS\system32\drivers\pctfw.sys

2007-08-20 23:24 <DIR> d-------- C:\Programmi\Ashampoo

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-31 19:34 --------- d-------- C:\Programmi\Windows Live Safety Center

2007-08-28 23:49 --------- d-------- C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink

2007-08-27 17:27 --------- d-a------ C:\DOCUME~1\ALLUSE~1\DATIAP~1\TEMP

2007-08-13 00:19 --------- d-------- C:\DOCUME~1\GIOVAN~1\DATIAP~1\AdobeUM

2007-08-03 01:48 --------- d-------- C:\Programmi\MSXML 4.0

2007-08-01 18:48 --------- d-------- C:\Programmi\SPAMfighter

2007-08-01 18:48 --------- d-------- C:\Programmi\File comuni\Ankiro

2007-08-01 18:48 --------- d-------- C:\DOCUME~1\GIOVAN~1\DATIAP~1\SPAMfighter

2007-08-01 18:47 --------- d-------- C:\Programmi\File comuni\Application

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll

2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll

2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\dllcache\wuapi.dll

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe

2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe

2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll

2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\dllcache\wucltui.dll

2007-07-30 19:19 271224 --a------ C:\WINDOWS\system32\mucltui.dll

2007-07-30 19:19 207736 --a------ C:\WINDOWS\system32\muweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll

2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\dllcache\wuweb.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll

2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll

2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\dllcache\wups.dll

2007-07-28 00:07 783224 --a------ C:\WINDOWS\system32\aswBoot.exe

2007-07-28 00:02 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys

2007-07-28 00:02 92848 --a------ C:\WINDOWS\system32\drivers\aswmon.sys

2007-07-28 00:00 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys

2007-07-27 23:59 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys

2007-07-27 23:58 26624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys

2007-07-27 23:57 95608 --a------ C:\WINDOWS\system32\AvastSS.scr

2007-07-19 19:14 --------- d-------- C:\Programmi\Lavasoft

2007-07-19 19:14 --------- d-------- C:\DOCUME~1\GIOVAN~1\DATIAP~1\Lavasoft

2007-07-19 19:13 --------- d-------- C:\Programmi\File comuni\Wise Installation Wizard

2007-07-19 08:53 3583488 --a------ C:\WINDOWS\system32\dllcache\mshtml.dll

2007-07-17 14:47 16 --a------ C:\WINDOWS\system32\msvcsv60.dll

2007-07-17 14:18 --------- d-------- C:\Programmi\PC Inspector File Recovery

2007-07-16 22:45 --------- d--h----- C:\Programmi\InstallShield Installation Information

2007-07-13 01:30 765952 --a------ C:\WINDOWS\system32\dllcache\vgx.dll

2007-07-06 00:53 --------- d-------- C:\Programmi\Windows Live Toolbar

2007-07-04 14:22 1184400 --a------ C:\WINDOWS\system32\FreeImage.dll

2007-06-27 15:48 318464 --a------ C:\WINDOWS\system32\dllcache\unregmp2.exe

2007-06-27 15:23 823808 --a------ C:\WINDOWS\system32\dllcache\wininet.dll

2007-06-27 15:23 232960 --a------ C:\WINDOWS\system32\dllcache\webcheck.dll

2007-06-27 15:22 671232 --a------ C:\WINDOWS\system32\dllcache\mstime.dll

2007-06-27 15:22 6058496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll

2007-06-27 15:22 52224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll

2007-06-27 15:22 477696 --a------ C:\WINDOWS\system32\dllcache\mshtmled.dll

2007-06-27 15:22 459264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll

2007-06-27 15:22 44544 --a------ C:\WINDOWS\system32\dllcache\iernonce.dll

2007-06-27 15:22 27648 --a------ C:\WINDOWS\system32\dllcache\jsproxy.dll

2007-06-27 15:22 267776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll

2007-06-27 15:22 193024 --a------ C:\WINDOWS\system32\dllcache\msrating.dll

2007-06-27 15:22 1152000 --a------ C:\WINDOWS\system32\dllcache\urlmon.dll

2007-06-27 15:22 105984 --a------ C:\WINDOWS\system32\dllcache\url.dll

2007-06-27 15:22 102400 --a------ C:\WINDOWS\system32\dllcache\occache.dll

2007-06-27 15:21 384512 --a------ C:\WINDOWS\system32\dllcache\iedkcs32.dll

2007-06-27 15:21 383488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll

2007-06-27 15:21 230400 --a------ C:\WINDOWS\system32\dllcache\ieaksie.dll

2007-06-27 15:21 153088 --a------ C:\WINDOWS\system32\dllcache\ieakeng.dll

2007-06-27 15:21 132608 --a------ C:\WINDOWS\system32\dllcache\extmgr.dll

2007-06-27 15:21 124928 --a------ C:\WINDOWS\system32\dllcache\advpack.dll

2007-06-27 10:28 625152 --a------ C:\WINDOWS\system32\dllcache\iexplore.exe

2007-06-27 10:27 63488 --a------ C:\WINDOWS\system32\dllcache\ie4uinit.exe

2007-06-27 10:27 13824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe

2007-06-27 09:00 161792 --a------ C:\WINDOWS\system32\dllcache\ieakui.dll

2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll

2007-06-26 08:08 1104896 --a------ C:\WINDOWS\system32\dllcache\msxml3.dll

2007-06-19 15:30 282112 --a------ C:\WINDOWS\system32\gdi32.dll

2007-06-19 15:30 282112 --a------ C:\WINDOWS\system32\dllcache\gdi32.dll

2007-06-13 15:22 1035776 --a------ C:\WINDOWS\system32\dllcache\explorer.exe

2007-06-13 15:22 1035776 --a------ C:\WINDOWS\explorer.exe

2007-06-11 23:51 10834944 --a------ C:\WINDOWS\system32\dllcache\wmp.dll

2007-06-08 11:52 947096 --a------ C:\WINDOWS\system32\_ISource30.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 04:23]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 C:\WINDOWS\RTHDCPL.exe]

"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 22:00]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 22:00]

"ntiMUI"="c:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 19:15]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 22:00]

"LaunchApp"="Alaunch" []

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-07 22:00]

"ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 14:02]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 18:07 C:\WINDOWS\system32\HdAShCut.exe]

"H2O"="C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe" [2005-05-11 02:46]

"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 16:43]

"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01]

"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2006-08-18 19:10]

"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]

"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-07-28 00:03]

"SPAMfighter Agent"="C:\Programmi\SPAMfighter\SFAgent.exe" [2007-07-04 14:22]

"spywarefighterguard"="C:\Programmi\SPYWAREfighter\spftray.exe" [2007-06-08 11:52]

"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2007-09-04 00:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 22:00]

"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-24 22:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"ALUAlert"=C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe]

Debugger="c:\windows\system32\xhvxkkda.bak"

R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys

R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys

R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;C:\WINDOWS\system32\drivers\hcw88aud.sys

R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

R2 Nsynas32;Nsynas32;C:\WINDOWS\system32\drivers\Nsynas32.sys

R3 CLEDX;Team H2O CLEDX service;C:\WINDOWS\system32\DRIVERS\cledx.sys

R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys

R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys

R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys

R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;C:\WINDOWS\system32\drivers\hcw88bda.sys

R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;C:\WINDOWS\system32\drivers\hcw88tse.sys

R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;C:\WINDOWS\system32\drivers\hcw88tun.sys

R3 hcw88vid;Hauppauge WinTV 88x Video;C:\WINDOWS\system32\drivers\hcw88vid.sys

R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;C:\WINDOWS\system32\drivers\HCW88BAR.sys

R3 int15.sys;int15.sys;\??\C:\Acer\Empowering Technology\eRecovery\int15.sys

R3 rtl8185;Realtek RTL8185 54M Wireless LAN Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\rtl8185.sys

R3 SpyFighter;SpyFighter Guard Device;\??\C:\Programmi\SPYWAREfighter\spyfighter.sys

R3 SPYWAREfighterRP;SPYWAREfighterRP;"C:\Programmi\SPYWAREfighter\spfprc.exe"

S1 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys

S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder

2007-07-25 17:30:56 C:\WINDOWS\Tasks\aadscooy.job

2007-06-29 22:14:39 C:\WINDOWS\Tasks\aar.job

2007-04-30 13:47:36 C:\WINDOWS\Tasks\alkgj.job

2007-07-30 18:29:07 C:\WINDOWS\Tasks\ang.job

2006-12-19 19:32:33 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe

2007-07-07 22:14:26 C:\WINDOWS\Tasks\aqkq.job

2007-06-27 17:25:55 C:\WINDOWS\Tasks\avzg.job

2007-05-25 14:09:41 C:\WINDOWS\Tasks\axts.job

2007-07-15 22:06:54 C:\WINDOWS\Tasks\bfbkzjvk.job

2007-04-30 23:18:12 C:\WINDOWS\Tasks\bfxard.job

2007-08-14 15:42:08 C:\WINDOWS\Tasks\bgpb.job

2007-08-01 20:27:39 C:\WINDOWS\Tasks\bgyaqgtz.job

2007-08-03 20:31:52 C:\WINDOWS\Tasks\bkidrfhx.job

2007-04-03 17:49:02 C:\WINDOWS\Tasks\bmfddcz.job

2007-06-30 18:49:49 C:\WINDOWS\Tasks\boicrh.job

2007-05-20 15:41:36 C:\WINDOWS\Tasks\bxhuynwy.job

2007-04-13 22:39:50 C:\WINDOWS\Tasks\bzrpadh.job

2007-04-25 21:16:30 C:\WINDOWS\Tasks\bzznmzb.job

2007-05-01 00:35:17 C:\WINDOWS\Tasks\cdnd.job

2007-08-06 08:59:47 C:\WINDOWS\Tasks\cenmlck.job

2007-04-17 10:37:29 C:\WINDOWS\Tasks\cexn.job

2007-04-06 19:37:28 C:\WINDOWS\Tasks\cixe.job

2007-04-15 21:53:57 C:\WINDOWS\Tasks\cmdd.job

2007-05-15 15:44:10 C:\WINDOWS\Tasks\cmnubnyu.job

2007-07-07 19:09:15 C:\WINDOWS\Tasks\cocmkpe.job

2007-05-04 14:13:58 C:\WINDOWS\Tasks\cooctvqx.job

2007-07-31 19:28:50 C:\WINDOWS\Tasks\cpyinq.job

2007-05-04 20:50:45 C:\WINDOWS\Tasks\crznwu.job

2007-05-24 19:52:39 C:\WINDOWS\Tasks\cviqci.job

2007-05-25 17:36:13 C:\WINDOWS\Tasks\cwk.job

2007-07-28 14:34:00 C:\WINDOWS\Tasks\dbfer.job

2007-06-11 11:27:15 C:\WINDOWS\Tasks\dcovxj.job

2007-04-05 22:09:34 C:\WINDOWS\Tasks\dffa.job

2007-06-24 12:01:03 C:\WINDOWS\Tasks\dnjww.job

2007-07-05 22:57:43 C:\WINDOWS\Tasks\dohpzo.job

2007-04-05 21:14:13 C:\WINDOWS\Tasks\dorjhrzz.job

2007-04-16 19:01:30 C:\WINDOWS\Tasks\dpa.job

2007-05-01 12:19:08 C:\WINDOWS\Tasks\dtxsykhu.job

2007-06-03 18:42:43 C:\WINDOWS\Tasks\dwxj.job

2007-04-30 13:42:44 C:\WINDOWS\Tasks\dyosx.job

2007-06-18 15:55:42 C:\WINDOWS\Tasks\edqbjp.job

2007-08-17 13:30:12 C:\WINDOWS\Tasks\ekk.job

2007-05-28 10:42:14 C:\WINDOWS\Tasks\epbf.job

2007-05-28 19:55:33 C:\WINDOWS\Tasks\epodvalj.job

2007-06-10 11:26:16 C:\WINDOWS\Tasks\eqhogk.job

2007-04-12 23:41:12 C:\WINDOWS\Tasks\erxkp.job

2007-08-08 15:22:02 C:\WINDOWS\Tasks\fbqddz.job

2007-04-14 22:24:52 C:\WINDOWS\Tasks\fcxzsicv.job

2007-05-07 14:31:10 C:\WINDOWS\Tasks\feibn.job

2007-07-10 23:43:09 C:\WINDOWS\Tasks\fepafwru.job

2007-07-21 15:51:07 C:\WINDOWS\Tasks\feyofwpr.job

2007-05-12 00:21:04 C:\WINDOWS\Tasks\fgah.job

2007-06-12 14:33:00 C:\WINDOWS\Tasks\fgun.job

2007-04-09 12:23:27 C:\WINDOWS\Tasks\fmbbw.job

2007-04-30 13:25:48 C:\WINDOWS\Tasks\foeo.job

2007-07-31 20:43:33 C:\WINDOWS\Tasks\fstbwml.job

2007-07-22 21:44:30 C:\WINDOWS\Tasks\ftmnfvu.job

2007-04-26 14:20:06 C:\WINDOWS\Tasks\fufyhu.job

2007-05-12 14:46:54 C:\WINDOWS\Tasks\fuzarncy.job

2007-08-30 21:13:35 C:\WINDOWS\Tasks\fzcy.job

2007-07-22 20:24:30 C:\WINDOWS\Tasks\gobumx.job

2007-08-05 21:09:26 C:\WINDOWS\Tasks\gowxmoa.job

2007-06-19 13:57:00 C:\WINDOWS\Tasks\gttbv.job

2007-04-12 10:45:30 C:\WINDOWS\Tasks\gwr.job

2007-06-15 22:26:56 C:\WINDOWS\Tasks\gwugtdrp.job

2007-08-01 23:11:28 C:\WINDOWS\Tasks\gyjt.job

2007-07-15 17:11:24 C:\WINDOWS\Tasks\gzl.job

2007-06-15 15:04:51 C:\WINDOWS\Tasks\hbt.job

2007-07-01 11:56:48 C:\WINDOWS\Tasks\hclu.job

2007-08-12 22:15:20 C:\WINDOWS\Tasks\hcqu.job

2007-06-04 19:06:56 C:\WINDOWS\Tasks\hfsoazz.job

2007-07-16 21:18:44 C:\WINDOWS\Tasks\hhe.job

2007-07-11 10:28:31 C:\WINDOWS\Tasks\hoffmu.job

2007-05-11 23:48:27 C:\WINDOWS\Tasks\htz.job

2007-06-10 11:23:54 C:\WINDOWS\Tasks\hue.job

2007-06-01 14:07:25 C:\WINDOWS\Tasks\hzrie.job

2007-05-13 09:51:11 C:\WINDOWS\Tasks\idputm.job

2007-07-30 17:18:46 C:\WINDOWS\Tasks\iiueb.job

2007-08-17 23:16:25 C:\WINDOWS\Tasks\inxrm.job

2007-07-10 18:52:29 C:\WINDOWS\Tasks\iqgmgp.job

2007-08-03 20:14:19 C:\WINDOWS\Tasks\iudsv.job

2007-04-06 22:26:50 C:\WINDOWS\Tasks\ixl.job

2007-05-12 14:28:52 C:\WINDOWS\Tasks\izu.job

2007-04-28 19:04:55 C:\WINDOWS\Tasks\jcmcjtqu.job

2007-04-29 15:37:52 C:\WINDOWS\Tasks\jhxvsy.job

2007-06-20 19:14:40 C:\WINDOWS\Tasks\jkgb.job

2007-04-30 20:17:28 C:\WINDOWS\Tasks\josnhwk.job

2007-04-26 21:53:52 C:\WINDOWS\Tasks\jrb.job

2007-07-25 18:16:29 C:\WINDOWS\Tasks\jrcpzw.job

2007-07-30 18:26:07 C:\WINDOWS\Tasks\jtmymr.job

2007-06-26 14:27:32 C:\WINDOWS\Tasks\jyotlq.job

2007-05-01 00:32:24 C:\WINDOWS\Tasks\jyuw.job

2007-07-09 14:28:48 C:\WINDOWS\Tasks\kbp.job

2007-08-01 16:00:48 C:\WINDOWS\Tasks\kefus.job

2007-06-15 22:50:38 C:\WINDOWS\Tasks\kfgqt.job

2007-08-19 12:23:38 C:\WINDOWS\Tasks\kimyvnl.job

2007-07-23 19:10:04 C:\WINDOWS\Tasks\kjwvm.job

2007-04-19 11:25:27 C:\WINDOWS\Tasks\kpnhyym.job

2007-06-17 18:14:30 C:\WINDOWS\Tasks\krcsoax.job

2007-06-03 00:32:43 C:\WINDOWS\Tasks\ldjy.job

2007-05-19 14:18:09 C:\WINDOWS\Tasks\ldtd.job

2007-04-30 14:01:22 C:\WINDOWS\Tasks\lgmm.job

2007-06-03 11:09:50 C:\WINDOWS\Tasks\liyq.job

2007-05-01 13:38:52 C:\WINDOWS\Tasks\ljur.job

2007-06-10 17:29:45 C:\WINDOWS\Tasks\lmvrslrm.job

2007-07-25 15:43:23 C:\WINDOWS\Tasks\lpq.job

2007-07-26 18:14:29 C:\WINDOWS\Tasks\lqs.job

2007-04-26 21:57:13 C:\WINDOWS\Tasks\lshs.job

2007-07-06 18:59:22 C:\WINDOWS\Tasks\ltjbfd.job

2007-05-13 13:16:51 C:\WINDOWS\Tasks\luphxb.job

2007-07-08 23:39:13 C:\WINDOWS\Tasks\mirotl.job

2007-04-25 10:56:58 C:\WINDOWS\Tasks\miyrqigr.job

2007-05-07 20:38:31 C:\WINDOWS\Tasks\mjtexk.job

2007-05-16 19:05:40 C:\WINDOWS\Tasks\mkp.job

2007-05-06 13:58:35 C:\WINDOWS\Tasks\mktmroy.job

2007-05-16 14:23:05 C:\WINDOWS\Tasks\mmandwk.job

2007-04-30 10:37:13 C:\WINDOWS\Tasks\mtalrx.job

2007-07-08 10:37:18 C:\WINDOWS\Tasks\mvwolm.job

2007-06-20 19:19:15 C:\WINDOWS\Tasks\mykv.job

2007-05-21 17:50:12 C:\WINDOWS\Tasks\ncentm.job

2007-04-12 16:42:11 C:\WINDOWS\Tasks\ndjljz.job

2007-05-13 18:53:34 C:\WINDOWS\Tasks\nesn.job

2007-05-28 12:50:32 C:\WINDOWS\Tasks\nkelc.job

2007-04-05 14:21:55 C:\WINDOWS\Tasks\nkmcxps.job

2007-06-08 14:45:34 C:\WINDOWS\Tasks\nrldzt.job

2007-06-20 16:14:27 C:\WINDOWS\Tasks\nufkcvr.job

2007-08-04 14:51:44 C:\WINDOWS\Tasks\nvclgtbo.job

2007-05-19 15:35:25 C:\WINDOWS\Tasks\nviiowtp.job

2007-06-22 19:30:54 C:\WINDOWS\Tasks\nvmdzvkw.job

2007-05-31 21:55:02 C:\WINDOWS\Tasks\nwvxne.job

2007-07-21 14:25:13 C:\WINDOWS\Tasks\nxrafso.job

2007-06-17 01:21:19 C:\WINDOWS\Tasks\obfwkjny.job

2007-07-10 23:45:27 C:\WINDOWS\Tasks\oggqkbuf.job

2007-07-17 18:56:55 C:\WINDOWS\Tasks\ohfy.job

2007-04-07 18:22:16 C:\WINDOWS\Tasks\okz.job

2007-07-08 23:42:02 C:\WINDOWS\Tasks\opnaxdm.job

2007-04-20 11:49:43 C:\WINDOWS\Tasks\orim.job

2007-08-09 21:13:26 C:\WINDOWS\Tasks\orzgfvf.job

2007-05-24 23:38:52 C:\WINDOWS\Tasks\osenbdbg.job

2007-05-21 22:07:29 C:\WINDOWS\Tasks\ottntqu.job

2007-04-08 13:02:13 C:\WINDOWS\Tasks\ourzod.job

2007-04-15 13:42:26 C:\WINDOWS\Tasks\oyi.job

2007-05-10 15:05:27 C:\WINDOWS\Tasks\ozz.job

2007-08-06 15:25:42 C:\WINDOWS\Tasks\pavsrm.job

2007-08-03 20:22:47 C:\WINDOWS\Tasks\pilxbwl.job

2007-06-17 11:07:53 C:\WINDOWS\Tasks\ppockqcb.job

2007-07-30 13:54:01 C:\WINDOWS\Tasks\ppqrg.job

2007-04-30 13:03:58 C:\WINDOWS\Tasks\pqfv.job

2007-06-11 10:18:29 C:\WINDOWS\Tasks\pte.job

2007-07-01 16:03:05 C:\WINDOWS\Tasks\qbxttobo.job

2007-04-27 14:14:52 C:\WINDOWS\Tasks\qdp.job

2007-05-31 22:22:23 C:\WINDOWS\Tasks\qlobhzb.job

2007-06-04 14:07:49 C:\WINDOWS\Tasks\qotls.job

2007-07-13 14:22:40 C:\WINDOWS\Tasks\qtw.job

2007-08-14 15:45:49 C:\WINDOWS\Tasks\qws.job

2007-04-30 19:52:17 C:\WINDOWS\Tasks\qytwyr.job

2007-04-18 19:18:59 C:\WINDOWS\Tasks\ref.job

2007-07-13 18:51:19 C:\WINDOWS\Tasks\rfahtqfx.job

2007-05-21 23:43:54 C:\WINDOWS\Tasks\rfjporzm.job

2007-06-28 14:29:24 C:\WINDOWS\Tasks\rgqbp.job

2007-04-30 13:51:03 C:\WINDOWS\Tasks\rgwi.job

2007-05-13 09:47:26 C:\WINDOWS\Tasks\rplyzov.job

2007-04-24 18:37:25 C:\WINDOWS\Tasks\rqc.job

2007-07-08 18:03:21 C:\WINDOWS\Tasks\rqxavbvu.job

2007-05-08 14:38:49 C:\WINDOWS\Tasks\rsamuv.job

2007-04-30 20:06:02 C:\WINDOWS\Tasks\rtvk.job

2007-06-21 14:04:41 C:\WINDOWS\Tasks\rvw.job

2007-07-02 16:37:39 C:\WINDOWS\Tasks\rwkesi.job

2007-07-16 20:28:04 C:\WINDOWS\Tasks\rwzgf.job

2007-05-13 09:39:24 C:\WINDOWS\Tasks\ryecd.job

2007-04-30 12:51:35 C:\WINDOWS\Tasks\sbwo.job

2007-06-20 10:09:31 C:\WINDOWS\Tasks\sgo.job

2007-05-01 13:35:16 C:\WINDOWS\Tasks\sjki.job

2007-06-02 21:09:27 C:\WINDOWS\Tasks\srukb.job

2007-05-11 18:51:11 C:\WINDOWS\Tasks\sum.job

2007-04-26 21:37:23 C:\WINDOWS\Tasks\Symantec NetDetect.job - C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE

2007-07-05 15:10:42 C:\WINDOWS\Tasks\szybhgn.job

2007-06-20 19:26:09 C:\WINDOWS\Tasks\tflals.job

2007-05-02 21:40:52 C:\WINDOWS\Tasks\tjw.job

2007-04-04 17:03:22 C:\WINDOWS\Tasks\tmw.job

2007-06-11 09:40:11 C:\WINDOWS\Tasks\tpb.job

2007-05-31 18:49:16 C:\WINDOWS\Tasks\treyvsj.job

2007-04-30 20:43:34 C:\WINDOWS\Tasks\trywqr.job

2007-05-13 10:24:02 C:\WINDOWS\Tasks\ttojwd.job

2007-06-02 12:39:07 C:\WINDOWS\Tasks\uecuyumc.job

2007-04-13 14:46:32 C:\WINDOWS\Tasks\ufbhlsw.job

2007-07-01 19:30:01 C:\WINDOWS\Tasks\uidl.job

2007-08-10 12:38:13 C:\WINDOWS\Tasks\ujmbycbf.job

2007-04-22 12:59:54 C:\WINDOWS\Tasks\uma.job

2007-05-05 20:14:40 C:\WINDOWS\Tasks\uojl.job

2007-06-23 23:15:10 C:\WINDOWS\Tasks\usoim.job

2007-04-05 21:54:37 C:\WINDOWS\Tasks\uvxbervx.job

2007-05-14 11:50:39 C:\WINDOWS\Tasks\uxdldd.job

2007-05-03 14:10:29 C:\WINDOWS\Tasks\uzhafmjl.job

2007-06-06 10:54:02 C:\WINDOWS\Tasks\vcu.job

2007-08-02 22:18:07 C:\WINDOWS\Tasks\vec.job

2007-07-05 22:54:53 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job - C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE

2007-07-31 19:20:49 C:\WINDOWS\Tasks\vfbri.job

2007-07-05 21:35:17 C:\WINDOWS\Tasks\vfneqx.job

2007-04-28 15:07:53 C:\WINDOWS\Tasks\vlef.job

2007-04-05 18:25:01 C:\WINDOWS\Tasks\vmkyqk.job

2007-05-30 16:26:56 C:\WINDOWS\Tasks\vnrnug.job

2007-04-28 14:14:46 C:\WINDOWS\Tasks\vpnkcr.job

2007-04-23 11:45:55 C:\WINDOWS\Tasks\vtwo.job

2007-06-30 14:41:09 C:\WINDOWS\Tasks\vucli.job

2007-07-04 10:16:48 C:\WINDOWS\Tasks\vvns.job

2007-05-20 19:01:07 C:\WINDOWS\Tasks\vxf.job

2007-07-27 18:08:50 C:\WINDOWS\Tasks\wbgbvb.job

2007-05-24 14:42:03 C:\WINDOWS\Tasks\wdqv.job

2007-07-25 18:42:55 C:\WINDOWS\Tasks\wexp.job

2007-05-30 18:35:55 C:\WINDOWS\Tasks\wfahbjcz.job

2007-07-19 17:12:23 C:\WINDOWS\Tasks\whaiejeb.job

2007-04-06 19:55:22 C:\WINDOWS\Tasks\wrahyms.job

2007-07-30 17:11:05 C:\WINDOWS\Tasks\wwiogr.job

2007-07-02 11:20:08 C:\WINDOWS\Tasks\wxhszu.job

2007-04-04 16:52:52 C:\WINDOWS\Tasks\xbiwnuuy.job

2007-07-31 19:23:44 C:\WINDOWS\Tasks\xdechc.job

2007-08-18 18:10:37 C:\WINDOWS\Tasks\xewe.job

2007-07-17 12:21:25 C:\WINDOWS\Tasks\xfzh.job

2007-06-14 21:51:42 C:\WINDOWS\Tasks\xjbc.job

2007-04-30 13:55:12 C:\WINDOWS\Tasks\xjzirdmb.job

2007-04-06 22:48:20 C:\WINDOWS\Tasks\xmldqhnh.job

2007-07-07 15:00:20 C:\WINDOWS\Tasks\xovtmqy.job

2007-08-18 11:52:57 C:\WINDOWS\Tasks\xrlkva.job

2007-07-20 20:27:19 C:\WINDOWS\Tasks\xtih.job

2007-04-18 14:24:04 C:\WINDOWS\Tasks\xvln.job

2007-04-30 13:22:29 C:\WINDOWS\Tasks\yccki.job

2007-07-23 14:37:41 C:\WINDOWS\Tasks\ykmut.job

2007-05-24 23:41:33 C:\WINDOWS\Tasks\ymswnhts.job

2007-06-20 21:38:00 C:\WINDOWS\Tasks\yndm.job

2007-06-29 14:47:53 C:\WINDOWS\Tasks\yrde.job

2007-05-31 20:48:13 C:\WINDOWS\Tasks\ytydxvoi.job

2007-08-14 15:17:51 C:\WINDOWS\Tasks\yvmll.job

2007-06-15 22:53:08 C:\WINDOWS\Tasks\zbkmbvhj.job

2007-05-01 10:46:51 C:\WINDOWS\Tasks\zoyecgh.job

2007-07-01 11:53:25 C:\WINDOWS\Tasks\zqbpk.job

2007-08-08 20:40:20 C:\WINDOWS\Tasks\zrne.job

2007-05-01 10:59:02 C:\WINDOWS\Tasks\zuz.job

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-09-04 22:13:31

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

Completion time: 2007-09-04 22.14.52

C:\ComboFix-quarantined-files.txt ... 2007-09-04 22:14

--- E O F ---

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

* scarica e decomprimi avenger sul desktop

http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe

- Seleziona "Input Script Manually"

- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"

- copia / incolla quanto segue:

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe

Folders to delete:

C:\windows\temp

C:\WINDOWS\Tasks

files to delete:

c:\windows\system32\xhvxkkda.bak

Clicca sul tasto Done

- Poi sull'icona del semaforo

- Rispondi Yes

Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger insieme ad un nuovo log fatto con Hijack

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Non aprire più discussioni per lo stesso problema, altrimenti si perde il filo del discorso...

Discussioni unite...

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao,purtroppo non mi fa scaricare avenger,mi chiude subito la pagina,stessa cosa con Hijack.

se ti posto un nuovo log fatto con x-raypc,va bene lo stesso?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ecco il nuovo log di x-raypc:

Logfile of X-RayPc Build 39029 (Installed 1188943252)

Scan saved at 05/09/2007 12.40.23

EDIT::non servono due log identici....

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

* Scarica ed estrai RegAssassin

- Avvia il file RegAssassin

- Assicurati che le 2 opzioni

Reset permissions e delete registry key and all subkeys siano spuntate

- nel box bianco copia il valore

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

- Clicca su delete

- rispondi SI ed aspetta l'avviso di avvenuta cancellazione

ora scarica OmoveIT

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

Scaricalo e salvalo sul desktop

Copia quanto riportato di seguito:

C:\windows\temp

C:\WINDOWS\Tasks

c:\windows\system32\xhvxkkda.bak

adesso doppio click su OTMoveIt.exe

Clicca sul quadrato di sinistra e incolla quanto copiato sopra

infine clicca su MoveIt!

Se ti viene prposto di riavviare clicca su YES

Posta il log C:\_OTMoveIt\MovedFiles

Scusa gli sbagli/omissioni ma vado di fretta

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao steve75,ho fatto esattamente quello che mi hai detto di fare,e sai con quale risultato?

Che non mi va piu' il pc.

Si sono cancellate tutte le icone sul monitor e la barra degli strumenti,praticamente e' rimasto solo lo sfondo,e anche quando vado in modalita' provvisoria e' uguale.

Il pc cosi' e' inutilizzabile.

Probabilmente andavi cosi' di fretta che non hai riflettuto abbastanza sull'operazione che mi hai suggerito di fare, per scrivere sono dovuto andare in un internet point, perche' il mio pc non va piu'.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao....

Con il Task Manager fai nuova operazione e digita regedit

portati quindi a questa chiave e controlla che la cartellina EXPLOLER.EXE (nella finestra di sinistra) non esista:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe

Qui puoi vederee un'immagine:

http://www.wininizio.it/forum/index.php?s=...st&p=381192

non mi pare che Steve abbia sbagliato la procedura, l'unica cosa che potrebbe essere successa è che il secondo programma ti ha eliminato il file infetto, ma il primo (regAssassin) non ti ha eliminato realmente la chiave dal registro ... eliminandola riapparirà il desktop

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao kuma.ho appena ritirato il pc da un centro assistenza e non sono riusciti a formattare e mi hanno detto di portarlo alla acer,ma prima voglio vedere se riesco a far ricomparire le icone.

Ho provato a fare quello che mi hai detto, ma dopo che ho digitato regedit nel task manager come mi hai detto,a sinistra compare la chiave HKEY_LOCAL_MACHINE,e dopo mi puoi dire esattmente dove devo cliccare per andare avanti?scusa ma non l'ho capito,guidami passo passo.grazie.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao...

in pratica... tu sei nella prima voce (HKEY_LOCAL_MACHINE)

foton001ja4.jpg

Ci fai DOPPIO clic per espanderla

foton002ct9.jpg

a questo punto passi (cerchi) la voce successiva [sOFTWARE]

Sempre facendoci doppio click la espandi e passi alla successiva : [MICROSOFT]:

foton003yf8.jpg

Quindi procedi per tutte le altre voci allo stesso modo:

[Windows NT]

[CurrentVersion]

[image File Execution Options]

[explorer.exe] su questa ci clicchi con il tasto destro e la elimini

Magari, segnati il percorso e il nome del file che vedi nella finestra di destra

foto002cc7.jpg

Poi riavvia il PC

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

kuma ci sono,ho fatto tutto ma la cartella explorer.exe non me la fa eliminare,mi dice"impossibile eliminare explorer.exe c'e' stato un errore...."

il nome del file e del percorso l'ho segnato.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao, entra nel registro di sistema digitando regdt32, individua la voce da eliminare, click tasto dx del mouse, sul menu che si apre scegli autorizzazioni>avanzate>proprietario, imposti la proprietà all'utente del computer>OK, nella nuova pagina metti la spunta a controllo completo e in lettura>OK.

A questo punto, di nuovo click tasto dx sulla voce da eliminare e scegli elimina.

Chiudi il registro, riavvii il computer.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ciao steve75,ho fatto esattamente quello che mi hai detto di fare,e sai con quale risultato?

Che non mi va piu' il pc.

Si sono cancellate tutte le icone sul monitor e la barra degli strumenti,praticamente e' rimasto solo lo sfondo,e anche quando vado in modalita' provvisoria e' uguale.

Il pc cosi' e' inutilizzabile.

Probabilmente andavi cosi' di fretta che non hai riflettuto abbastanza sull'operazione che mi hai suggerito di fare, per scrivere sono dovuto andare in un internet point, perche' il mio pc non va piu'.

anche se vado di fretta non do mai procedure sbagliate da eseguire....

il tuo problema é esattamente quello che ti ha descritto Kuma, e cioé che il file é stato eliminato da MoveIT ma la chiave di registro no, quindi sei rimasto senza desktop.....

elimina la chiave dando i dovuti permessi al tuo account e vedrai riapparirlo....

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao luke75,ho seguito la procedura che mi hai dato e il problema delle icone che erano sparite sembra risolto,sono ricomparse.

Ti ringrazio tantissimo per l'aiuto e ringrazio anche gli altri che si sono sbattuti per risolvere il problema.

Le icone sono ricomparse,ma il problema del trojan non e' stato risolto, e' sempre li al suo posto,non mi fa piu' chiudere le pagine,lo devo fare dal task manager,e in piu' adesso non mi va piu' il masterizzatore ma questo non so se dipende dal trojan,perche' ci clicco sopra e mi dice che"%1 non e' stato installato correttamente o e' stato modificato",mi date una mano a risolvere?

grazie

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

il nome del file e del percorso l'ho segnato.

Assicurati che l'opzione "Visualizza cartelle e file nascosti" sia attivata e disattiva "nascondi file protetti di sistema"

e Togli la spunta da: "Nascondi le estensioni dei file per i tipi di file conosciuti"(Pannello di controllo > Opzioni Cartella > Visualizzazione)

Controlla se il file esiste e se c'è eliminalo

Riprova con AVENGER

* scarica e decomprimi avenger sul desktop

http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe

- Seleziona "Input Script Manually"

- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"

- copia / incolla quanto segue:

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

Registry keys to delete:

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\explorer.exe

Folders to delete:

C:\windows\temp

C:\WINDOWS\Tasks

files to delete:

c:\windows\system32\xhvxkkda.bak

Clicca sul tasto Done

- Poi sull'icona del semaforo

- Rispondi Yes

Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger insieme ad un nuovo log fatto con Hijack

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni Altri problemi legati alla Sicurezza