Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto non so come fare a togliere questo virus!!!!!!!!!!!!!!!!!!!!!!

2 pages: 1 [2]
aiuto non so come fare a togliere questo virus!!!!!!!!!!!!!!!!!!!!!! Opzioni
Topic Precedente · Topic Sucessivo
draco
Inviato: Friday, June 27, 2008 10:37:12 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
r16 hai capito che nn sono uno che si arrende facilmente ... coq farò come dici grazieeeeeeeeee!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Torna in alto
 
draco
Inviato: Saturday, June 28, 2008 12:59:18 AM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
forse con il vostro aiuto ho risolto tutto ... perche riesco d'inuovo a vedere le cartelle nascoste comunque ecco il log fatto da combofix
(però non riesco a rimettere avazt all'avvio) VI RINGRAZZIO INFINITAMENTE!!!!!!!!!!!!! Applause Applause Applause Applause

ecco il log (anche se non ho capito niente di cosa ci sia scritto , ho solo capito che tutte le scritte sono indirizzi delle mie cartelle e dei miei documenti )



ComboFix 08-06-20.4 - marco 2008-06-28 0:30:44.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.17 [GMT 2:00]
Eseguito da: C:\Documents and Settings\marco\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\marco\Impostazioni locali\Dati applicazioni\jfrnqmi.dat
C:\Documents and Settings\marco\Impostazioni locali\Dati applicazioni\jfrnqmi_nav.dat
C:\Documents and Settings\marco\Impostazioni locali\Dati applicazioni\jfrnqmi_navps.dat
C:\WINDOWS\system32\drivers\downld
C:\WINDOWS\system32\drivers\downld\1295218.exe
C:\WINDOWS\system32\drivers\downld\1383171.exe
C:\WINDOWS\system32\drivers\downld\1410156.exe
C:\WINDOWS\system32\drivers\downld\16387093.exe
C:\WINDOWS\system32\drivers\downld\16634796.exe
C:\WINDOWS\system32\drivers\downld\16657562.exe
C:\WINDOWS\system32\drivers\downld\16712406.exe
C:\WINDOWS\system32\drivers\downld\16741187.exe
C:\WINDOWS\system32\drivers\downld\16764750.exe
C:\WINDOWS\system32\drivers\downld\16795343.exe
C:\WINDOWS\system32\drivers\downld\1775500.exe
C:\WINDOWS\system32\drivers\downld\1897062.exe
C:\WINDOWS\system32\drivers\downld\1932812.exe
C:\WINDOWS\system32\drivers\downld\1951640.exe
C:\WINDOWS\system32\drivers\downld\1975968.exe
C:\WINDOWS\system32\drivers\downld\31203609.exe
C:\WINDOWS\system32\drivers\downld\32265109.exe
C:\WINDOWS\system32\drivers\downld\32295078.exe
C:\WINDOWS\system32\drivers\downld\32352468.exe
C:\WINDOWS\system32\drivers\downld\32380328.exe
C:\WINDOWS\system32\drivers\downld\32407671.exe
C:\WINDOWS\system32\drivers\downld\32427937.exe
C:\WINDOWS\system32\drivers\downld\329484.exe
C:\WINDOWS\system32\drivers\downld\335796.exe
C:\WINDOWS\system32\drivers\downld\46835312.exe
C:\WINDOWS\system32\drivers\downld\809265.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-05-27 al 2008-06-27 )))))))))))))))))))))))))))))))))))
.

2008-06-27 21:48 . 2008-06-27 21:48 244 --ah----- C:\sqmnoopt02.sqm
2008-06-27 21:48 . 2008-06-27 21:48 232 --ah----- C:\sqmdata02.sqm
2008-06-27 21:45 . 2008-06-27 21:45 244 --ah----- C:\sqmnoopt01.sqm
2008-06-27 21:45 . 2008-06-27 21:45 232 --ah----- C:\sqmdata01.sqm
2008-06-26 19:20 . 2008-06-26 19:20 332 --a------ C:\WINDOWS\desctemp.dat
2008-06-26 13:36 . 2008-06-26 13:36 24,400 --a------ C:\Documents and Settings\marco\lrzvzvxo.exe
2008-06-26 13:29 . 2008-06-26 13:29 24,400 --a------ C:\Documents and Settings\marco\mhoeejnl.exe
2008-06-26 13:23 . 2008-06-26 13:23 24,400 --a------ C:\Documents and Settings\marco\lhdrumcf.exe
2008-06-26 13:17 . 2008-06-26 13:17 24,400 --a------ C:\Documents and Settings\marco\mwiqngsr.exe
2008-06-26 13:11 . 2008-06-26 13:11 24,400 --a------ C:\Documents and Settings\marco\gcfcftfi.exe
2008-06-26 13:05 . 2008-06-26 13:05 24,400 --a------ C:\Documents and Settings\marco\wktdusfb.exe
2008-06-26 12:59 . 2008-06-26 12:59 24,400 --a------ C:\Documents and Settings\marco\fszwjuoj.exe
2008-06-26 12:51 . 2008-06-26 12:51 24,400 --a------ C:\Documents and Settings\marco\zmxhunek.exe
2008-06-26 12:45 . 2008-06-26 12:45 24,400 --a------ C:\Documents and Settings\marco\skcjibdf.exe
2008-06-25 20:25 . 2008-06-25 20:34 <DIR> d-------- C:\Programmi\Web Photo Album
2008-06-25 20:25 . 2008-06-25 20:25 <DIR> d-------- C:\Programmi\Cartoonist
2008-06-25 19:28 . 2008-06-25 19:28 <DIR> d-------- C:\Programmi\Er Finestra
2008-06-24 21:52 . 2008-06-24 21:52 <DIR> d-------- C:\Programmi\Panda Security
2008-06-24 18:55 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-06-24 18:55 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-06-24 18:37 . 2008-06-24 18:37 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-06-13 22:20 . 2008-06-13 22:34 <DIR> d-------- C:\Programmi\BestPractice
2008-06-13 20:56 . 2008-06-13 20:56 <DIR> d-------- C:\Programmi\mp3DirectCut
2008-06-12 22:16 . 2008-06-19 15:30 <DIR> d-------- C:\Programmi\softxpansion
2008-06-12 22:14 . 2004-01-01 09:34 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-10 19:20 . 2008-06-10 19:20 <DIR> d-------- C:\SIERRA
2008-06-10 19:20 . 2008-06-10 19:20 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-31 12:22 . 2008-06-25 11:08 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 19:51 --------- d-----w C:\Programmi\Metin2_Italiano
2008-06-24 17:14 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\stopgreat
2008-06-24 16:44 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\uTorrent
2008-06-12 21:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-08 11:33 --------- d-----w C:\Programmi\Playboy - The Mansion
2008-05-31 10:23 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-05-16 19:37 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-05-15 14:18 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\Ahead
2008-05-15 14:12 --------- d-----w C:\Programmi\FDRLab
2008-05-07 13:55 --------- d-----w C:\Programmi\File comuni\Ahead
2008-05-07 13:49 --------- d-----w C:\Programmi\Nero
2008-05-07 13:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-04 12:50 --------- d-----w C:\Programmi\Google
2008-04-29 21:48 --------- d-----w C:\Programmi\uTorrent
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 07:03 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 07:03 81920]
"D-Link AirPlus G"="C:\Programmi\D-Link\AirPlus G\AirGCFG.exe" [2007-08-03 12:29 1552384]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 12:49 49152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioDeck]
--a------ 2004-09-30 08:44 7957504 C:\Programmi\VIAudioi\SBADeck\ADeck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverUpdaterPro]
C:\Programmi\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]
C:\WINDOWS\system32\drivers\hldrrr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flag Owns Live Grim]
--a------ 2008-05-03 07:55 5541888 C:\Documents and Settings\All Users\Dati applicazioni\Software rule flag owns\mp3 gpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jfrnqmi]
c:\documents and settings\marco\impostazioni locali\dati applicazioni\jfrnqmi.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\jugseach]
--a------ 2008-04-29 19:54 425984 C:\DOCUME~1\marco\DATIAP~1\STOPGR~1\DENT ANTI FLAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mule_st_key]
C:\Documents and Settings\marco\Dati applicazioni\m\flec006.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 12:43 2097488 C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
-ra------ 2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
-ra------ 2004-06-21 20:57 143360 C:\WINDOWS\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"C:\\Programmi\\Sitecom\\IVT BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Metin2_Italiano\\metin2.bin"=
"C:\\Documents and Settings\\marco\\Desktop\\COSE NUOVE\\eMule.v0.48a.Applejuice.vn\\eMule Applejuice\\emule.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69a9ea06-0b9b-11dd-9847-001cf09954bb}]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b51beae-fc0e-11dc-982d-001cf09954bb}]
\Shell\AutoRun\command - setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-06-27 22:11:07 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-28 00:38:00
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-06-28 0:43:19 - machine was rebooted [marco]
ComboFix-quarantined-files.txt 2008-06-27 22:43:08

7 Directory 11,171,966,976 byte disponibili
11 Directory 11,448,127,488 byte disponibili

194 --- E O F --- 2008-03-21 08:14:18
Torna in alto
 
draco
Inviato: Saturday, June 28, 2008 1:01:42 AM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ecco il log ... forse hi risolto tutto perche riesco di nuovo a vedere le mie cartelle nascoste ....
Torna in alto
 
draco
Inviato: Saturday, June 28, 2008 1:28:46 AM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
come faccio a riabilitare avast?????????????? per evitare di riprendermi virus?????? o gia riavviato il computre e poi spento nuovamente e riacceso , ma la pallina blu in basso a destra per la protezione residente non compare... come posso fare????? (non è per male , ma spero che questo sia l'ultimo messaggio che vi mando perche se ve ne mando altri vuol dire che ho ancora problemi) un sentito grazie!!!!!!!!!!!!!!!!!!!!!!!
Torna in alto
 
monsee
Inviato: Saturday, June 28, 2008 10:23:09 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Clicca col tasto destro del mouse sull'iconetta di Avast! che danza nel tray e rimetti al suo posto la spunta che prima avevi tolto.
Torna in alto
 
r16
Inviato: Saturday, June 28, 2008 11:03:04 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
No, è meglio disistallarlo completamente e Reistallarlo.
Hai Disattivato il Ripristino Configurazione Sistema?
Hai fatto la scansione con Elibagla?
E' fondamentale,sei ancora infettato.
Riesci a entrare in Modalità Provvisoria? Se si' fai una scansione con Elibagla.
Torna in alto
 
draco
Inviato: Saturday, June 28, 2008 9:03:26 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ecco il logdi combofix dopo aver fatto una scansione con elibalga in modalita provvisoria



ComboFix 08-06-20.4 - marco 2008-06-28 19.10.48.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.72 [GMT 2:00]
Eseguito da: C:\Documents and Settings\marco\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-05-28 al 2008-06-28 )))))))))))))))))))))))))))))))))))
.

2008-06-28 19:02 . 2008-06-28 19:02 268 --ah----- C:\sqmdata04.sqm
2008-06-28 19:02 . 2008-06-28 19:02 244 --ah----- C:\sqmnoopt04.sqm
2008-06-28 01:11 . 2008-06-28 01:11 268 --ah----- C:\sqmdata03.sqm
2008-06-28 01:11 . 2008-06-28 01:11 244 --ah----- C:\sqmnoopt03.sqm
2008-06-27 21:48 . 2008-06-27 21:48 244 --ah----- C:\sqmnoopt02.sqm
2008-06-27 21:48 . 2008-06-27 21:48 232 --ah----- C:\sqmdata02.sqm
2008-06-27 21:45 . 2008-06-27 21:45 244 --ah----- C:\sqmnoopt01.sqm
2008-06-27 21:45 . 2008-06-27 21:45 232 --ah----- C:\sqmdata01.sqm
2008-06-26 19:20 . 2008-06-26 19:20 332 --a------ C:\WINDOWS\desctemp.dat
2008-06-26 13:36 . 2008-06-26 13:36 24,400 --a------ C:\Documents and Settings\marco\lrzvzvxo.exe
2008-06-26 13:29 . 2008-06-26 13:29 24,400 --a------ C:\Documents and Settings\marco\mhoeejnl.exe
2008-06-26 13:23 . 2008-06-26 13:23 24,400 --a------ C:\Documents and Settings\marco\lhdrumcf.exe
2008-06-26 13:17 . 2008-06-26 13:17 24,400 --a------ C:\Documents and Settings\marco\mwiqngsr.exe
2008-06-26 13:11 . 2008-06-26 13:11 24,400 --a------ C:\Documents and Settings\marco\gcfcftfi.exe
2008-06-26 13:05 . 2008-06-26 13:05 24,400 --a------ C:\Documents and Settings\marco\wktdusfb.exe
2008-06-26 12:59 . 2008-06-26 12:59 24,400 --a------ C:\Documents and Settings\marco\fszwjuoj.exe
2008-06-26 12:51 . 2008-06-26 12:51 24,400 --a------ C:\Documents and Settings\marco\zmxhunek.exe
2008-06-26 12:45 . 2008-06-26 12:45 24,400 --a------ C:\Documents and Settings\marco\skcjibdf.exe
2008-06-25 20:25 . 2008-06-25 20:34 <DIR> d-------- C:\Programmi\Web Photo Album
2008-06-25 20:25 . 2008-06-25 20:25 <DIR> d-------- C:\Programmi\Cartoonist
2008-06-25 19:28 . 2008-06-25 19:28 <DIR> d-------- C:\Programmi\Er Finestra
2008-06-24 21:52 . 2008-06-24 21:52 <DIR> d-------- C:\Programmi\Panda Security
2008-06-24 18:55 . 2005-07-08 14:44 159,616 --a------ C:\WINDOWS\system32\drivers\vax347b.sys
2008-06-24 18:55 . 2004-04-30 09:33 5,248 --a------ C:\WINDOWS\system32\drivers\vax347s.sys
2008-06-24 18:37 . 2008-06-24 18:37 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-06-13 22:20 . 2008-06-13 22:34 <DIR> d-------- C:\Programmi\BestPractice
2008-06-13 20:56 . 2008-06-13 20:56 <DIR> d-------- C:\Programmi\mp3DirectCut
2008-06-12 22:16 . 2008-06-19 15:30 <DIR> d-------- C:\Programmi\softxpansion
2008-06-12 22:14 . 2004-01-01 09:34 24,576 --------- C:\WINDOWS\system32\msxml3a.dll
2008-06-10 19:20 . 2008-06-10 19:20 <DIR> d-------- C:\SIERRA
2008-06-10 19:20 . 2008-06-10 19:20 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-05-31 12:22 . 2008-06-28 00:58 7,680 --ahs---- C:\WINDOWS\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 19:51 --------- d-----w C:\Programmi\Metin2_Italiano
2008-06-24 17:14 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\stopgreat
2008-06-24 16:44 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\uTorrent
2008-06-12 21:40 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-08 11:33 --------- d-----w C:\Programmi\Playboy - The Mansion
2008-05-31 10:23 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-05-16 19:37 --------- d--h--w C:\Programmi\FX Uninstall Information
2008-05-15 14:18 --------- d-----w C:\Documents and Settings\marco\Dati applicazioni\Ahead
2008-05-15 14:12 --------- d-----w C:\Programmi\FDRLab
2008-05-07 13:55 --------- d-----w C:\Programmi\File comuni\Ahead
2008-05-07 13:49 --------- d-----w C:\Programmi\Nero
2008-05-07 13:11 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Nero
2008-05-04 12:50 --------- d-----w C:\Programmi\Google
2008-04-29 21:48 --------- d-----w C:\Programmi\uTorrent
.

((((((((((((((((((((((((((((( snapshot@2008-06-28_ 0.42.44.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-27 22:35:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 17:14:02 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-28 17:14:10 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_598.dat
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
Torna in alto
 
r16
Inviato: Saturday, June 28, 2008 9:44:06 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Scarica questo:Avenger
http://swandog46.geekstogo.com/avenger.zip
Scompatta Avenger all'interno di una apposita cartella creata sul Desktop
Metti la spunta alla voce Scan for Rootkits
Avvia AVENGER
Clicca Ok
Inserisci queste righe nel riquadro bianco: (fai Copia-incolla delle parole che vedi in grassetto,compresa la dicitura Files to delete)

Files to delete:
C:\sqmdata04.sqm
C:\sqmnoopt04.sqm
C:\sqmdata03.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmdata02.sqm
C:\sqmnoopt01.sqm
C:\sqmdata01.sqm
C:\WINDOWS\desctemp.dat
C:\Documents and Settings\marco\lrzvzvxo.exe
C:\Documents and Settings\marco\mhoeejnl.exe
C:\Documents and Settings\marco\lhdrumcf.exe
C:\Documents and Settings\marco\mwiqngsr.exe
C:\Documents and Settings\marco\gcfcftfi.exe
C:\Documents and Settings\marco\wktdusfb.exe
C:\Documents and Settings\marco\fszwjuoj.exe
C:\Documents and Settings\marco\zmxhunek.exe
C:\Documents and Settings\marco\skcjibdf.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\mdelk.exe
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT

registry keys to delete:
HKLM\SYSTEM\CurrentControlSet\Services\srosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet001\Services\srosa
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\ControlSet003\Services\srosa
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA
HKLM\SYSTEM\CurrentControlSet\Services\pci32
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\ControlSet001\Services\pci32
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\ControlSet003\Services\pci32
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32
HKLM\SYSTEM\CurrentControlSet\Services\rosa
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\ControlSet001\Services\rosa
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\ControlSet003\Services\rosa
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA
HKLM\SYSTEM\CurrentControlSet\Services\m_hook
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet001\Services\m_hook
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK
HKLM\SYSTEM\ControlSet003\Services\m_hook
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | drvsyskit
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | mule_st_key

Clicca su Execute e aspetta.
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Rifai la scansione con Elibagla (in modalità provvisoria) e posta il log che si trova in C:/ InfoSat.txt
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Torna in alto
 
draco
Inviato: Monday, June 30, 2008 12:52:43 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
questo è il log di un altra scansione che ho fatto senza evanger




Tue Jun 24 20:09:43 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Acción Directa):
C:\DOCUMENTS AND SETTINGS\MARCO\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Jun 24 20:11:21 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\MDELK.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\downld\1395078.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\16645156.EXE --> Eliminado Bagle
C:\WINDOWS\system32\drivers\downld\32283375.EXE --> Eliminado Bagle

Nº Total de Directorios: 3213
Nº Total de Ficheros: 35226
Nº de Ficheros Analizados: 7349
Nº de Ficheros Infectados: 4
Nº de Ficheros Limpiados: 4

Tue Jun 24 20:20:16 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Acción Directa):
Eliminada Carpeta "%AppData%\M"

Tue Jun 24 20:20:19 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3212
Nº Total de Ficheros: 35222
Nº de Ficheros Analizados: 7345
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:35:55 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Acción Directa):

Wed Jun 25 12:36:13 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3199
Nº Total de Ficheros: 34622
Nº de Ficheros Analizados: 7335
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:39:53 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 95
Nº Total de Ficheros: 1121
Nº de Ficheros Analizados: 18
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:40:05 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 4
Nº Total de Ficheros: 47
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:40:09 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:40:17 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad H:\

Nº Total de Directorios: 0
Nº Total de Ficheros: 0
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 25 12:40:24 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad E:\

Nº Total de Directorios: 4
Nº Total de Ficheros: 47
Nº de Ficheros Analizados: 0
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Jun 28 19:05:24 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Acción Directa):

Sat Jun 28 19:05:26 2008
EliBagle v11.51 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 23 de Junio del 2008)
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 3184
Nº Total de Ficheros: 32059
Nº de Ficheros Analizados: 7334
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Torna in alto
 
draco
Inviato: Monday, June 30, 2008 12:59:59 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
questo è il log di evanger

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\sqmdata04.sqm" deleted successfully.
File "C:\sqmnoopt04.sqm" deleted successfully.
File "C:\sqmdata03.sqm" deleted successfully.
File "C:\sqmnoopt03.sqm" deleted successfully.
File "C:\sqmnoopt02.sqm" deleted successfully.
File "C:\sqmdata02.sqm" deleted successfully.
File "C:\sqmnoopt01.sqm" deleted successfully.
File "C:\sqmdata01.sqm" deleted successfully.

Error: file "C:\WINDOWS\desctemp.dat" not found!
Deletion of file "C:\WINDOWS\desctemp.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\marco\lrzvzvxo.exe" deleted successfully.
File "C:\Documents and Settings\marco\mhoeejnl.exe" deleted successfully.
File "C:\Documents and Settings\marco\lhdrumcf.exe" deleted successfully.
File "C:\Documents and Settings\marco\mwiqngsr.exe" deleted successfully.
File "C:\Documents and Settings\marco\gcfcftfi.exe" deleted successfully.
File "C:\Documents and Settings\marco\wktdusfb.exe" deleted successfully.
File "C:\Documents and Settings\marco\fszwjuoj.exe" deleted successfully.
File "C:\Documents and Settings\marco\zmxhunek.exe" deleted successfully.
File "C:\Documents and Settings\marco\skcjibdf.exe" deleted successfully.

Error: file "C:\WINDOWS\system32\drivers\srosa.sys" not found!
Deletion of file "C:\WINDOWS\system32\drivers\srosa.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\wintems.exe" not found!
Deletion of file "C:\WINDOWS\system32\wintems.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\hldrrr.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\hldrrr.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\drivers\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\drivers\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\system32\mdelk.exe" not found!
Deletion of file "C:\WINDOWS\system32\mdelk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\WINDOWS\SYSTEM32\BAN_LIST.TXT" not found!
Deletion of file "C:\WINDOWS\SYSTEM32\BAN_LIST.TXT" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\srosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_SROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\pci32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\pci32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_PCI32" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\rosa" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\rosa" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_ROSA" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Services\m_hook" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Services\m_hook" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK" not found!
Deletion of registry key "HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_M_HOOK" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|drvsyskit" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: could not delete registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mule_st_key"
Deletion of registry value "HKLM\Software\Microsoft\Windows\CurrentVersion\Run|mule_st_key" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Torna in alto
 
r16
Inviato: Monday, June 30, 2008 6:47:30 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok "bocia",bel lavoro.
Il log di Hijackthis ?
Sembra che l'mpresa titanica stia riuscendo....Drool
Torna in alto
 
draco
Inviato: Monday, June 30, 2008 7:32:28 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ok speriamo in bene ... mi puoi solo dire dove scaricarlo???????? Applause

Torna in alto
 
r16
Inviato: Monday, June 30, 2008 7:36:43 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175
Torna in alto
 
draco
Inviato: Monday, June 30, 2008 9:59:22 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
ecco il log di Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.57.17, on 30/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\marco\Desktop\COSE NUOVE\eMule.v0.48a.Applejuice.vn\eMule Applejuice\emule.exe
C:\Programmi\Sitecom\IVT BlueSoleil\BlueSoleil.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.add-hhh.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Apri in nuova scheda in primo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?25df2c1ec6cc44d2abdca2ad3403c1e9
O8 - Extra context menu item: Apri in nuova scheda in secondo piano - res://C:\Programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?25df2c1ec6cc44d2abdca2ad3403c1e9
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: www.928476362.com
O15 - Trusted Zone: www.brut4l3.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205941026234
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} - http://www.928476362.com/ware/conn.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\Sitecom\IVT BlueSoleil\BTNtService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 7849 bytes
Torna in alto
 
r16
Inviato: Monday, June 30, 2008 10:18:33 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
ciao.
Con calma,senza fretta,leggi bene queste istruzioni:
Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.add-hhh.info/
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O15 - Trusted Zone: www.928476362.com
O15 - Trusted Zone: www.brut4l3.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_ site.cab?1205941026234
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {DCE2F8B1-A520-11D4-8FD0-00D0B7730277} - http://www.928476362.com/ware/conn.exe
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.

Fai una scansione on-line con questo http://housecall.trendmicro.com/it/
Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
ATTENZIONE:
La prima cosa che devi fare,è scaricare Virit, poi esegui alla lettera tutto il resto.
Riposta un log di hijackthis, e dimmi se il pc ha qualche problema.
Torna in alto
 
draco
Inviato: Monday, June 30, 2008 11:51:05 PM

Rank: AiutAmico

Iscritto dal : 5/4/2008
Posts: 225
spy-bot e Ccleaner li ho gia ... ma Ccleaner mi cancella le immagini ?????? perche ho provato a fare una pulizzia ma nei link delle cose da cancellare mi mette anche alcune immagini
Torna in alto
 
r16
Inviato: Tuesday, July 01, 2008 12:00:08 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
draco ha scritto:
spy-bot e Ccleaner li ho gia ... ma Ccleaner mi cancella le immagini ?????? perche ho provato a fare una pulizzia ma nei link delle cose da cancellare mi mette anche alcune immagini

Se non vuoi che le elimini. TOGLI la spunta.
Ma se vuoi un consiglio,(se non sono poi tanto importanti quelle immagini) cancella tutto.
E postami il log di Virit,quando hai finito le operazioni che ti ho indicato.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » aiuto non so come fare a togliere questo virus!!!!!!!!!!!!!!!!!!!!!!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.