Accedi per seguire   
Seguaci 0
evenescence82

Aiutooo Virus!

Iniziato da evenescence82,

31 messaggi in questa discussione

Inviato

Salve a tutti..Scrivo dal mio portatile..Poco fa il mio pc fisso è stato infettato..Avast mi continua a rilevare Adware e Cavallo di tr**a..Faccio la scansione e tento più e più volte a cancellare i virus..ma continuano a persistere..Cosa devo fare??non me ne intendo di virus e non so davvero come fare..aiutatemi al più presto..

Grazie.. :sigh: :sigh:

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

in attesa che un moderatore ti sposti, fai così:

Scarica HiJackThis

Salvalo in una cartella (non aprirlo direttamente, sennò non farà i backup!)

Apri l'eseguibile

Clicca quindi su "Do a System Scan and Save a Logfile"

Attendi che finisca la scansione

Quindi copia il contenuto del blocco note qui sul forum.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Come anticipato da Ste_95 sposto nella sezione Hijackthis dove potrai trovare un aiuto specifico al tuo problema. ;-)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14.20.05, on 22/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\tmhwwcas.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Canon\CAL\CALMAIN.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\wcnsvc.exe

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\FreeSoft\Uranium\Uranium.exe

C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\rundll32.exe

C:\Programmi\Internet Explorer\iexplore.exe

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wgoukcis.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [3DNADesktop] "C:\Programmi\3DNA\Resources\3dnasys.exe" -open

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe

O4 - HKLM\..\Run: [fcf640f5] rundll32.exe "C:\WINDOWS\system32\vfsbhbto.dll",b

O4 - HKCU\..\Run: [L07IXLRD_21392281] "C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ladyevenworld.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164444945476

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172161485781

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1336ff4f3459a1e0.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0060F79.dat

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: DomainService - - C:\WINDOWS\system32\tmhwwcas.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

--

End of file - 12383 bytes

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Disattiva il ripristino e avvia in modalità provvisoria,

avvia HijackThis, seleziona Do a system scan only, metti la spunta alle voci indicate e premi Fix checked

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wgoukcis.dll

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe

O4 - HKLM\..\Run: [fcf640f5] rundll32.exe "C:\WINDOWS\system32\vfsbhbto.dll",b

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0060F79.dat

Scarica Avenger

Estrailo in una cartella a tua scelta

Esegui il file avenger.exe con la figura di una spada

Metti il pallino su input script manually

Quindi scegli la lente e cliccaci

Ora incolla queste righe nella box bianca che si è aperta:

Files to delete:

C:\WINDOWS\system32\wcnsvc.exe

C:\WINDOWS\system32\wgoukcis.dll

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe

C:\WINDOWS\system32\vfsbhbto.dll

C:\WINDOWS\system32\__c0060F79.dat

Adesso devi cliccare su Done in basso nella box

Seleziona il semaforino in alto a destra

Rispondi di Si alle due richieste di Avenger

Adesso il tuo computer dovrebbe riavviarsi, nel caso non succedesse, riavvialo tu manualmente

Al riavvio del computer, copia e incolla qui il contenuto del blocco note che apparirà.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

scusami l'ignoranza ma come si fa a Disattivare ii ripristino e avviare in modalità provvisoria?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

scusami ma sta facendo la scansione con VirIT che mi ha consigliato angelique e mi ha trovato e rimosso dei file infetti..Ho fatto bene a seguire il consiglio?avenger è un programma simile?

cosa faccio quando finisce la scansione?seguo le tue istruzioni?

grazie della disponibilità..

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

se hai fatto la scansione con virit (ottimo antivirus), fallo finire e alla fine postane il log, quindi, posta anche un log aggiornato di hiajckthis

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Ciao even,

fai cosi; (per adesso avenger non serve)

* Assicurati di avere accesso a file e cartelle nascosti

(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)

1) metti la spunta su: Visualizza file e cartelle nascoste

2) Disattiva: nascondi file protetti di sistema

* disattiva il ripristino configurazione di sistema

* Avvia in modalità provvisoria

Avvia hijackthis, metti la spunta alle voci che andro ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wgoukcis.dll

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe

O4 - HKLM\..\Run: [fcf640f5] rundll32.exe "C:\WINDOWS\system32\vfsbhbto.dll",b

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0060F79.dat

O23 - Service: DomainService - - C:\WINDOWS\system32\tmhwwcas.exe

Cerca ed elimina;

C:\WINDOWS\system32\tmhwwcas.exe

C:\WINDOWS\system32\wcnsvc.exe

C:\WINDOWS\system32\wgoukcis.dll

C:\WINDOWS\system32\__c0060F79.dat

* Dai una ripulita a cookie,cache e prefetch con Ccleaner

(Quando lo installi ricordati che se lasci le spunte di defuat ,verrà installata anche la toolbar yahoo)

(prima di usarlo vai in Opzioni/avanzate e togli la spunta da :Elimina file temp di Windows solo se piu vecchi di 48 ore)

* Ritorna in modalità normale e posta un log aggiornato HJT, quello di Virit, e quello dello scan online che segue

* Fai anche uno scan online Kaspersky in questo modo

**PS_Dovresti installare un firewall diverso da quello di windows -> QUI

_____________________________________________

Alla fine delle procedure di pulizia è fondamentale :

1) ri-nascondere i file e le cartelle di sistema

2) Riattivare il ripristino configurazione di sistema (XP / ME)

3) Creare un nuovo punto di ripristino

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Virit ha finito di fare la scansione

VirIT eXplorer Lite Log

[sCANSIONE DELLA MEMORIA]

OK

[sCANSIONE DELLA MEMORIA]

OK

--------------------------------------------------------

22/11/2007 - 14:38:09

[sCANSIONE DEL REGISTRO]

{1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} Infetto da BHO.Softomate.D

* * * RIMOSSO * * *

{11A69AE4-FBED-4832-A2BF-45AF82825583} Infetto da Trojan.Win32.Vundo.CA

* * * RIMOSSO * * *

[C:]

MASTER BOOT RECORD: OK

BOOT SECTOR: OK

C:\Documents and Settings\ladyeven\Impostazioni locali\Temporary Internet Files\Content.IE5\5MLTM7DQ\upd32_v14[1] Infetto da Trojan.Win32.Vundo.CA

* * * RIMOSSO * * *

C:\Documents and Settings\ladyeven\Impostazioni locali\Temporary Internet Files\Content.IE5\ESPEITHQ\mosx1024[1] Infetto da Trojan.Win32.Agent.BFS

* * * RIMOSSO * * *

C:\Documents and Settings\ladyeven\Impostazioni locali\Temporary Internet Files\Content.IE5\JM57H2EX\hctp[1] Infetto da Trojan.Win32.Vundo.CA

* * * RIMOSSO * * *

C:\Documents and Settings\ladyeven\Impostazioni locali\Temporary Internet Files\Content.IE5\LNXIEOVL\pochki20071106[1] Infetto da Trojan.Win32.Agent.AYL

* * * RIMOSSO * * *

C:\WINDOWS\system32\etthacyd.dll Infetto da Trojan.Win32.Vundo.CA

* * * RIMOSSO * * *

C:\WINDOWS\system32\hlqaojny.dll Infetto da Trojan.Win32.Agent.BFS

* * * RIMOSSO * * *

C:\WINDOWS\system32\tmhwwcas.exe Infetto da Trojan.Win32.Agent.AYL

* * * RIMOSSO * * *

C:\WINDOWS\system32\vfsbhbto.dll Infetto da Trojan.Win32.Vundo.CA

Il file sarà spostato nella cartella di quarantena.

C:\WINDOWS\system32\wgoukcis.dll Infetto da Trojan.Win32.Vundo.CA

Il file sarà spostato nella cartella di quarantena.

C:\WINDOWS\system32\__c0060F79.dat Infetto da Trojan.Win32.Agent.BFS

Il file sarà spostato nella cartella di quarantena.

Chiavi Registro infette: 2.

Files Infetti: 10.

Files Sospetti: 0.

Files Analizzati: 141434.

Files Totali: 141434.

Chiavi Registro rimosse: 2.

Virus Rimossi: 7.

Adesso puoi RIAVVIARE il computer per spostare il file nella cartella di quarantena.

Ho riavviato e mi esce questa finestra:

http://xs221.xs.to/xs221/07474/IMG_0837.JPG

non mi si aprono tantissime finestre uguali come queste:

http://xs221.xs.to/xs221/07474/IMG_0829.JPG

http://xs221.xs.to/xs221/07474/IMG_0830.JPG

ho rifatto la scansione hijackthis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16.13.52, on 22/11/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16544)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\ALCWZRD.EXE

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Programmi\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\wcnsvc.exe

C:\VEXPLITE\MONLITE.EXE

C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\FreeSoft\Uranium\Uranium.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\svchost.exe

C:\VEXPLITE\viritsvc.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe

C:\Programmi\Canon\CAL\CALMAIN.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\ATI Technologies\ATI.ACE\cli.exe

C:\Programmi\Internet Explorer\IEXPLORE.EXE

C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgsoft.it/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\2007\ENCWCBAR.DLL

O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\wgoukcis.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s

O4 - HKLM\..\Run: [3DNADesktop] "C:\Programmi\3DNA\Resources\3dnasys.exe" -open

O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Windows Logical Connection] wcnsvc.exe

O4 - HKLM\..\Run: [fcf640f5] rundll32.exe "C:\WINDOWS\system32\vfsbhbto.dll",b

O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE

O4 - HKCU\..\Run: [L07IXLRD_21392281] "C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.EXE" -m

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1

O4 - HKCU\..\Run: [uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: BlueSoleil.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: officejet 6100.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200610...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programmi\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ladyevenworld.spaces.live.com//Phot...ad/MsnPUpld.cab

O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1164444945476

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172161485781

O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-1336ff4f3459a1e0.spaces.live.co...ad/MsnPUpld.cab

O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpda...api/activex.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\__c0060F79.dat

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programmi\Canon\CAL\CALMAIN.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--

End of file - 11954 bytes

che faccio ora?

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

il log lo hai fatto prima o dopo lo scan con Virit e con il tool per il Vundo ?

blocca quelle richieste di cui hai postato gli screen, sono dll del Vundo

fai anche un fix con combofix

* Scaricalo

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

- Una volta scaricato,avvialo con un doppio click.

- Si aprirà una finestra blu ...Attendere....

- Dopo qualche attimo apparirà un avviso che declina l'autore da ogni responsabilità.

- A questo punto seleziona 1 e premi ENTER per lanciare lo scan.

- Attendere.....

Il tool ti avviserà una volta lo scan finito e in qualche attimo visualizzerà il rapporto con i dettagli.

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

:)

Scusami ma potresti parlare in maniera meno tecnica..non mi intendo molto di virus..per me questo è arabo e non capisco cosa devo fare..Non ho capito solo questo "blocca quelle richieste di cui hai postato gli screen, sono dll del Vundo" per il resto ci sono..

nel frattempo sul pc mi si sono aperte 40 finestre di Security Center..

scusa ancora..

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

fai quanto richiesto, poi approfondiremo....

quando esegui le operazioni consigliate disconnettiti da internet

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ecco il rapporto:

ComboFix 07-11-19.3 - ladyeven 2007-11-22 18.16.32.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.442 [GMT 1:00]

Eseguito da: M:\ComboFix.exe

* Creato nuovo punto di ripristino

.

Impossibile acquisire privilegi di Sistema

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk

C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk

C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk

C:\WINDOWS\system32\__c0060F79.dat

C:\WINDOWS\system32\opqss.ini

C:\WINDOWS\system32\opqss.ini2

C:\WINDOWS\system32\ssqpo.dll

C:\WINDOWS\system32\wgoukcis.dllbox

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\LEGACY_IPRIP

-------\Iprip

((((((((((((((((((((((((( Files Creati Da 2007-10-22 al 2007-11-22 )))))))))))))))))))))))))))))))))))

.

2007-11-22 15:52 <DIR> d-------- C:\QUARANTENA_VIRIT

2007-11-22 14:26 <DIR> d-------- C:\VEXPLITE

2007-11-22 14:26 36,096 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS

2007-11-22 14:19 <DIR> d-------- C:\Programmi\Trend Micro

2007-11-21 15:50 0 --a------ C:\WINDOWS\nsreg.dat

2007-11-19 19:12 <DIR> d-------- C:\Programmi\FDRLab

2007-11-19 18:41 <DIR> d-------- C:\Ares Tube

2007-11-09 12:16 <DIR> d-------- C:\Programmi\FreeSoft

2007-11-06 14:42 <DIR> d-------- C:\Documents and Settings\ladyeven\Dati applicazioni\mIRC

2007-11-06 00:31 <DIR> d-------- C:\Documents and Settings\ladyeven\Dati applicazioni\Yahoo!

2007-11-05 16:02 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx

2007-11-05 15:46 <DIR> d-------- C:\Documents and Settings\ladyeven\Dati applicazioni\.bittorrent

2007-11-01 11:37 <DIR> d-------- C:\Programmi\iPod

2007-11-01 11:35 <DIR> d-------- C:\WINDOWS\SxsCaPendDel

2007-11-01 11:24 <DIR> d-------- C:\Programmi\Apple Software Update

2007-10-31 15:11 <DIR> d-------- C:\Programmi\Stoik

2007-10-28 19:32 <DIR> d-------- C:\Documents and Settings\All Users\SonicStage

2007-10-28 19:12 90,112 --------- C:\WINDOWS\snymsico.dll

2007-10-28 19:12 38,951 --------- C:\WINDOWS\system32\drivers\NETMDUSB.sys

2007-10-28 19:12 36,679 --------- C:\WINDOWS\system32\drivers\NETMD052.sys

2007-10-28 19:12 36,232 --------- C:\WINDOWS\system32\drivers\NETMD033.sys

2007-10-28 19:12 35,319 --------- C:\WINDOWS\system32\drivers\NETMD031.sys

2007-10-28 19:11 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Sony Corporation

2007-10-28 19:10 <DIR> d-------- C:\Programmi\Sony

2007-10-28 19:10 <DIR> d-------- C:\Programmi\File comuni\Sony Shared

2007-10-28 19:10 <DIR> d-------- C:\Documents and Settings\ladyeven\Dati applicazioni\Sony Corporation

2007-10-25 13:54 <DIR> d-------- C:\Programmi\Windows Live Toolbar

2007-10-25 13:54 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Windows Live Toolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-21 18:52 --------- d-----w C:\Programmi\AdunanzA

2007-11-21 18:14 35,840 ----a-w C:\WINDOWS\system32\ljjjjgf.dll

2007-11-21 18:08 80,960 ----a-w C:\WINDOWS\system32\ohjrotjr.dll

2007-11-21 18:05 85,056 ----a-w C:\WINDOWS\system32\vfsbhbto.dll

2007-11-21 18:02 145,984 ----a-w C:\WINDOWS\system32\wgoukcis.dll

2007-11-21 17:45 --------- d-----w C:\Programmi\KaraFun

2007-11-21 17:16 35,840 ----a-w C:\WINDOWS\system32\urqnmno.dll

2007-11-21 12:50 10,752 --sh--r C:\WINDOWS\system32\wcnsvc.exe

2007-11-20 20:58 --------- d-----w C:\Documents and Settings\ladyeven\Dati applicazioni\dvdcss

2007-11-20 12:28 --------- d--h--w C:\Programmi\InstallShield Installation Information

2007-11-15 17:26 --------- d-----w C:\Programmi\File comuni\Adobe

2007-11-14 22:30 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help

2007-11-05 14:46 --------- d-----w C:\Documents and Settings\ladyeven\Dati applicazioni\.bittorrent

2007-11-01 12:58 --------- d-----w C:\Programmi\Picasa2

2007-11-01 10:37 --------- d-----w C:\Programmi\iTunes

2007-10-20 11:52 --------- d-----w C:\Programmi\Java

2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll

2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll

2007-10-19 11:23 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\FLEXnet

2007-10-17 14:44 --------- d-----w C:\Programmi\File comuni\Control Panels

2007-10-17 14:42 --------- d-----w C:\Programmi\Bonjour

2007-10-17 14:27 --------- d-----w C:\Programmi\File comuni\Macrovision Shared

2007-09-24 13:54 --------- d-----w C:\Programmi\QuickTime

2007-09-23 17:47 --------- d-----w C:\Programmi\WEBpatente

2007-09-06 10:09 801,144 ----a-w C:\WINDOWS\system32\aswBoot.exe

2007-09-06 10:00 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr

2007-07-05 08:47 458 ----a-w C:\Documents and Settings\ladyeven\Dati applicazioni\wklnhst.dat

2007-01-18 17:22 542 ---ha-w C:\Documents and Settings\ladyeven\Dati applicazioni\hpothb07.dat

2007-01-18 17:22 335 ---ha-w C:\Documents and Settings\ladyeven\hpothb07.dat

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43}]

2007-11-21 19:08 80960 --a------ C:\WINDOWS\system32\ohjrotjr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E}]

2007-11-21 19:14 35840 --a------ C:\WINDOWS\system32\ljjjjgf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]

2007-11-21 19:02 145984 --a------ C:\WINDOWS\system32\wgoukcis.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\wgoukcis.dll [2007-11-21 19:02 145984]

[HKEY_CLASSES_ROOT\clsid\{11a69ae4-fbed-4832-a2bf-45af82825583}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"L07IXLRD_21392281"="C:\Programmi\Microsoft Student\Microsoft Encarta 2007 - Premium + Student DVD\EDICT.exe" [2006-06-12 19:01]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00]

"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]

"Uranium"="C:\Programmi\FreeSoft\Uranium\Uranium.exe" [2007-09-28 10:55]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 C:\WINDOWS\system32\HdAShCut.exe]

"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]

"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]

"Share-to-Web Namespace Daemon"="C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 04:19]

"SoundMan"="SOUNDMAN.EXE" [2006-01-04 11:27 C:\WINDOWS\SOUNDMAN.EXE]

"AlcWzrd"="ALCWZRD.EXE" [2006-01-04 11:29 C:\WINDOWS\ALCWZRD.EXE]

"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43]

"CloneCDTray"="C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 14:47]

"3DNADesktop"="C:\Programmi\3DNA\Resources\3dnasys.exe" []

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []

"h3yb0y"="C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe" []

"h3yb0y1"="C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe" []

"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20]

"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]

"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 05:24]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 11:06]

"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-09-26 14:42]

"Windows Logical Connection"="wcnsvc.exe" [2007-11-21 13:50 C:\WINDOWS\system32\wcnsvc.exe]

"fcf640f5"="C:\WINDOWS\system32\vfsbhbto.dll" [2007-11-21 19:05]

"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2007-11-22 14:30]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00]

"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58]

"Picasa Media Detector"="C:\Programmi\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\

Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-02 13:43:54]

Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-05-05 20:23:15]

hp psc 2000 Series.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2002-06-27 01:20:58]

officejet 6100.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hposol08.exe [2002-06-27 01:21:30]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]

"{73E00092-5539-4661-9B61-3A66FC0D772E}"= C:\WINDOWS\system32\ljjjjgf.dll [2007-11-21 19:14 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjgf]

ljjjjgf.dll 2007-11-21 19:14 35840 C:\WINDOWS\system32\ljjjjgf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgoukcis]

wgoukcis.dll 2007-11-21 19:02 145984 C:\WINDOWS\system32\wgoukcis.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqpo.dll

R0 d346bus;d346bus;C:\WINDOWS\system32\DRIVERS\d346bus.sys

R0 d346prt;d346prt;C:\WINDOWS\system32\Drivers\d346prt.sys

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS

R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe

R3 Cap7134;ProVideo Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys

R3 PhTVTune;ProVideo WDM TVTuner;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys

R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

S3 p2pgasvc;Autenticazione gruppo rete peer;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 p2pimsvc;Gestione identità rete peer;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 p2psvc;Rete peer;C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys

S3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys

S3 PNRPSvc;Peer Name Resolution Protocol (PNRP);C:\WINDOWS\system32\svchost.exe -k p2psvc

S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc

.

Contenuto della cartella 'Scheduled Tasks'

"2007-11-01 10:24:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"

- C:\Programmi\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-22 18:28:43

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

Ora fine scansione: 2007-11-22 18:31:19 - machine was rebooted

.

--- E O F ---

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

fai cosi;

* scarica e decomprimi avenger sul desktop

- con un doppio click avvia il file avenger.exe

- Seleziona "Input Script Manually"

- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"

- copia / incolla quanto segue

Registry values to replace with dummy:

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs

files to delete:

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk

C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk

C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk

C:\WINDOWS\system32\__c0060F79.dat

C:\WINDOWS\system32\opqss.ini

C:\WINDOWS\system32\opqss.ini2

C:\WINDOWS\system32\ssqpo.dll

C:\WINDOWS\system32\actskn45.ocx

C:\WINDOWS\snymsico.dll

C:\WINDOWS\system32\ljjjjgf.dll

C:\WINDOWS\system32\ohjrotjr.dll

C:\WINDOWS\system32\vfsbhbto.dll

C:\WINDOWS\system32\wgoukcis.dll

C:\WINDOWS\system32\urqnmno.dll

C:\WINDOWS\system32\wcnsvc.exe

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

registry keys to delete:

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E}

HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}

hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{73E00092-5539-4661-9B61-3A66FC0D772E}

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjgf

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgoukcis

registry values to delete:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | h3yb0y

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | h3yb0y1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | fcf640f5

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa | msv1_0

folders to delete:

C:\Windows\Tasks

C:\Windows\Temp

- Clicca sul tasto Done

- Poi sull'icona del semaforo

- Rispondi Yes

Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)

Posta il log che verrà creato in C:\Avenger

fai anche lo scan online richiesto sopra e posta anche il suo log

:)

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\mvkgyapv

*******************

Script file located at: \??\C:\hynxlflt.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk not found!

Deletion of file C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk failed!

Could not process line:

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

Status: 0xc0000034

File C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk

Status: 0xc0000034

File C:\WINDOWS\system32\__c0060F79.dat not found!

Deletion of file C:\WINDOWS\system32\__c0060F79.dat failed!

Could not process line:

C:\WINDOWS\system32\__c0060F79.dat

Status: 0xc0000034

File C:\WINDOWS\system32\opqss.ini not found!

Deletion of file C:\WINDOWS\system32\opqss.ini failed!

Could not process line:

C:\WINDOWS\system32\opqss.ini

Status: 0xc0000034

File C:\WINDOWS\system32\opqss.ini2 not found!

Deletion of file C:\WINDOWS\system32\opqss.ini2 failed!

Could not process line:

C:\WINDOWS\system32\opqss.ini2

Status: 0xc0000034

File C:\WINDOWS\system32\ssqpo.dll not found!

Deletion of file C:\WINDOWS\system32\ssqpo.dll failed!

Could not process line:

C:\WINDOWS\system32\ssqpo.dll

Status: 0xc0000034

File C:\WINDOWS\system32\actskn45.ocx deleted successfully.

File C:\WINDOWS\snymsico.dll deleted successfully.

File C:\WINDOWS\system32\ljjjjgf.dll deleted successfully.

File C:\WINDOWS\system32\ohjrotjr.dll deleted successfully.

File C:\WINDOWS\system32\vfsbhbto.dll deleted successfully.

File C:\WINDOWS\system32\wgoukcis.dll deleted successfully.

File C:\WINDOWS\system32\urqnmno.dll deleted successfully.

File C:\WINDOWS\system32\wcnsvc.exe deleted successfully.

File C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe not found!

Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe failed!

Could not process line:

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe not found!

Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe failed!

Could not process line:

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

Status: 0xc0000034

Could not delete registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0

Deletion of registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0 failed!

Could not process line:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0

Status: 0xc0000034

Folder C:\Windows\Tasks deleted successfully.

Folder C:\Windows\Temp deleted successfully.

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} failed!

Status: 0xc0000034

Registry key hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{73E00092-5539-4661-9B61-3A66FC0D772E} not found!

Deletion of registry key hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{73E00092-5539-4661-9B61-3A66FC0D772E} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjgf deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgoukcis deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|h3yb0y deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|h3yb0y1 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fcf640f5 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

Logfile of The Avenger version 1, by Swandog46

Running from registry key:

\Registry\Machine\System\CurrentControlSet\Services\mvkgyapv

*******************

Script file located at: \??\C:\hynxlflt.txt

Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk not found!

Deletion of file C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk failed!

Could not process line:

C:\Documents and Settings\All Users\Menu Avvio\Live Safety Center.lnk

Status: 0xc0000034

File C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\All Users\Menu Avvio\Online Security Guide.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Desktop\Live Safety Center.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Desktop\Online Security Guide.lnk

Status: 0xc0000034

File C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk not found!

Deletion of file C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk failed!

Could not process line:

C:\Documents and Settings\ladyeven\Preferiti\Online Security Guide.lnk

Status: 0xc0000034

File C:\WINDOWS\system32\__c0060F79.dat not found!

Deletion of file C:\WINDOWS\system32\__c0060F79.dat failed!

Could not process line:

C:\WINDOWS\system32\__c0060F79.dat

Status: 0xc0000034

File C:\WINDOWS\system32\opqss.ini not found!

Deletion of file C:\WINDOWS\system32\opqss.ini failed!

Could not process line:

C:\WINDOWS\system32\opqss.ini

Status: 0xc0000034

File C:\WINDOWS\system32\opqss.ini2 not found!

Deletion of file C:\WINDOWS\system32\opqss.ini2 failed!

Could not process line:

C:\WINDOWS\system32\opqss.ini2

Status: 0xc0000034

File C:\WINDOWS\system32\ssqpo.dll not found!

Deletion of file C:\WINDOWS\system32\ssqpo.dll failed!

Could not process line:

C:\WINDOWS\system32\ssqpo.dll

Status: 0xc0000034

File C:\WINDOWS\system32\actskn45.ocx deleted successfully.

File C:\WINDOWS\snymsico.dll deleted successfully.

File C:\WINDOWS\system32\ljjjjgf.dll deleted successfully.

File C:\WINDOWS\system32\ohjrotjr.dll deleted successfully.

File C:\WINDOWS\system32\vfsbhbto.dll deleted successfully.

File C:\WINDOWS\system32\wgoukcis.dll deleted successfully.

File C:\WINDOWS\system32\urqnmno.dll deleted successfully.

File C:\WINDOWS\system32\wcnsvc.exe deleted successfully.

File C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe not found!

Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe failed!

Could not process line:

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

Status: 0xc0000034

File C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe not found!

Deletion of file C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe failed!

Could not process line:

C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe

Status: 0xc0000034

Could not delete registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0

Deletion of registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0 failed!

Could not process line:

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa|msv1_0

Status: 0xc0000034

Folder C:\Windows\Tasks deleted successfully.

Folder C:\Windows\Temp deleted successfully.

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6ff7352b-6c35-4426-8ee4-47b6ec114e43} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11A69AE4-FBED-4832-A2BF-45AF82825583} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73E00092-5539-4661-9B61-3A66FC0D772E} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} not found!

Deletion of registry key HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A} failed!

Status: 0xc0000034

Registry key hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{73E00092-5539-4661-9B61-3A66FC0D772E} not found!

Deletion of registry key hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks\{73E00092-5539-4661-9B61-3A66FC0D772E} failed!

Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjjjgf deleted successfully.

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wgoukcis deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|h3yb0y deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|h3yb0y1 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fcf640f5 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ok, in hijackthis fixa queste voci:

O4 - HKLM\..\Run: [h3yb0y] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\service.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\conf.dll

O4 - HKLM\..\Run: [h3yb0y1] C:\WINDOWS\SYSTEM32\DRIVERS\etc\LSASS.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\system.exe C:\WINDOWS\SYSTEM32\DRIVERS\etc\serv-u.ini

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

vai pure avanti, vorrà dire che lo farai senza aggiornamenti...

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Inviato

ora è partito..solo che non posso scannerizzare tutto il pc perché ci vorrebbero 5 ore minimo..lo farò domani e vi faccio sapere..grazie.. :)

buonanotte..

Condividi questo messaggio

Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0
Vai alla lista Discussioni HiJackThis - Posta qui i Log