Log Hijack this (xp) - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijack this (xp)

6 pages: 1 [2] 3 4 5 6

Log Hijack this (xp)

Opzioni

Topic Precedente · Topic Sucessivo

cbbusto

Inviato: Sunday, July 12, 2009 10:56:20 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964

Ciao saddy, come già consigliato, se hai il pc a posto, fai subito l'immagine di bakup del disco
con Macrium o simili e in caso di problemi risolvi subito col ripristino senza dannarti, così facciamo
riposare l'infaticabile r16.

Torna in alto

saddy4

Inviato: Sunday, July 12, 2009 11:04:38 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

cbbusto ha scritto:

lo farò al più presto ma purtroppo credo di non avere ancora il pc completamente apposto(purtroppo c'è un .exe chiamato reader_s che gira ancora sul mio pc e suppongo sia un virus.). In ogni caso non ti preoccupare che è la prima cosa che intendo fare non appena sarò certo di aver rimosso ogni infezione.

Torna in alto

r16

Inviato: Sunday, July 12, 2009 11:36:36 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao.
Ma adesso, Malwarebytes e Combofix, funzionano?
Se si', fai le scansioni. (e falle presto, prima che l'infezione si espandi)
E segui il mio consiglio:
Disistalla Avast!.
E installa Avira.
Le indicazioni te le ho già postate nei post precedenti.

Torna in alto

saddy4

Inviato: Sunday, July 12, 2009 11:55:39 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

r16 ho qua per te lo scan da te richiesto, ora riprovo con combofix e poi avvio disinstallazione di avast e installazione di antivir.
report.txt

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 12:02:27 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

r16, malware bite's e combofix continuano a non funzionare. Nel tentativo di non perdere tutto e di non incasinare altro il mio secondo hardisck su cui non ho alcuna installazione di alcun tipo, nè programmi nè sistema operativo, è esterno, posso staccarlo con la tranquillità che non sia infetto oppure devo tenerlo attaccato perchè potrebbe essere già nei guai??

ps: ora riprovo con avira.

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 12:17:02 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

mio caro r16 con questo ti riporto un'altra brutta notizia, dio voglia che sia l'ultima: nemmeno avira è installabile.

Torna in alto

r16

Inviato: Monday, July 13, 2009 12:43:03 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Abbi pazienza, sei pieno come un uovo.
Ti stò preparando uno script, per togliere il maledetto.
Non formattare adesso.

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 12:50:28 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

r16 io non formatto, tranquillo. L'unica cosa che ho da dirti è che mi hai già aiutato molto, che te ne sono grato e che se non c'è modo o ti sei rotto dimmelo e formatto, mi basterebbe solo salvare il secondo hardisck su cui ho tutto a questo punto. Poi se tu vuoi insistere a me va benissimo, sinceramente non c'è niente che mi farebbe più felice che eliminare quel bastardo senza dover formattare e dargliela vinta!^^

Torna in alto

r16

Inviato: Monday, July 13, 2009 1:25:54 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Fai attenzione:
Segui i percorsi di queste 2 chiavi:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run

Arrivato alla cartella Run, cliccaci sopra una volta.
Sulla destra trovi:
"reader_s"="C:\Documents and Settings\Saddy4\reader_s.exe"
"reader_s"="C:\WINDOWS\System32\reader_s.exe"
Le elimini. Se ci sono le icone, eliminale.
NON riavviare il pc.

Poi:
Avvia nuovamente SystemScan

metti il segno di spunta a I have read and agree. Please let me free to proceed e clicca su Proceed
clicca su Removal Script
Nel riquadro inserisci il seguente script: (fai copia-incolla.)

Files to delete:
C:\WINDOWS\ld12.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\0101120101464849.dat
C:\WINDOWS\934fdfg34fgjf23
C:\WINDOWS\010112010146118114.dat
C:\WINDOWS\msa.exe
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\reader_s.exe
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\GameMon.des
C:\Documents and Settings\Saddy4\reader_s.exe
C:\WINDOWS\system32\config\systemprofile\reader_s.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o

e clicca Proceed with removal
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il contenuto del file C:\Avenger.txt con un log aggiornato di systemscan

Esegui una scansione con Malwarebytes.
Disistalla Combofix, reistallalo e fai una scansione.

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 1:36:43 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

aspetta, mi sfugge come seguire i due percorsi delle chiavi.

scusami, ho capito. regedit...xD

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 1:58:42 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

eccoci da capo. Ho usato regedit e ho tolto quello che mi hai detto benchè "reader_s"="C:\Documents and Settings\Saddy4\reader_s.exe" non fosse presente. Ho cercato manualmente in quella cartella e reader_s non c'è. Nelle due cartelle c'era un processo di messenger che ho tolto per sicurezza e uno di avast che non ho rimosso. A quel punto ho chiuso regedit, ho fatto partire system scan e ho seguito le tue istruzioni e poi ho fatto rpoceed with removal. Ecco qua la conclusione:

L'unica cosa che mi sento di chiederti ora è: esiste un'altro programma che possa lanciare lo script da te già fatto? magari non un'antivirus così forse non viene rilevato dal pc?

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 9:40:46 AM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

stamani all'avvio del pc avast dice:

Commenta:

Troppe email identiche nell'intervallo di tempo selezionato

Mittente: "Odis Curry" <rebound6@sshf.no>
Destinatario: <bill@schohariehistory.net>
Oggetto: rxsubTroppe email identiche nell'intervallo di tempo selezionato

Mittente: "Emmett Mcfadden" <bullringder530@soundcu.com>
Destinatario: <bill@schohariehistory.net>; <aky@tokushima.nhk.or.jp>
Oggetto: rxsubTroppe email identiche nell'intervallo di tempo selezionato

Mittente: "Jasmine Swan" <dirties02@sentar.com>
Destinatario: <bill@schohariehistory.net>; <aky@tokushima.nhk.or.jp>; <abac@tokusima.hosp.go.jp>
Oggetto: rxsubTroppe email identiche nell'intervallo di tempo selezionato

Mittente: "Jewell Mims" <vulgaresths365@schoch.it>
Destinatario: <bill@schohariehistory.net>; <aky@tokushima.nhk.or.jp>; <abac@tokusima.hosp.go.jp>; <bassettn@weldoninc.com>
Oggetto: rxsubTroppe email identiche nell'intervallo di tempo selezionato

Mittente: "Sheena Eason" <sulfurous09@stanki.info>
Destinatario: <bill@schohariehistory.net>; <aky@tokushima.nhk.or.jp>; <abac@tokusima.hosp.go.jp>; <bassettn@weldoninc.com>; <brooke.herron_jb@scala.net>
Oggetto: rxsubTroppe email identiche nell'intervallo di tempo selezionato

Mittente: "Raymond Meza" <coreojt56@siguenza.es>
Destinatario: <bill@schohariehistory.net>; <aky@tokushima.nhk.or.jp>; <abac@tokusima.hosp.go.jp>; <bassettn@weldoninc.com>; <brooke.herron_jb@scala.net>; <in@amberwoodproducts.com>
Oggetto: rxsub

e mentre navigo mi trova un malware win95:sk in c:\\windows\loadernew.exe

Torna in alto

r16

Inviato: Monday, July 13, 2009 11:52:05 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

L'infezione continua a estendersi sempre di più.
Devi riuscire a scaricare e farlo funzionare questo Software: Prova come hai fatti con Norman )
Scarica Avenger, e scompattalo in una sua cartella non temporanea e non sul desktop:
http://swandog46.geekstogo.com/avenger.zip

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

Files to delete:
C:\WINDOWS\ld12.exe
C:\WINDOWS\msb.exe
C:\WINDOWS\0101120101464849.dat
C:\WINDOWS\934fdfg34fgjf23
C:\WINDOWS\010112010146118114.dat
C:\WINDOWS\msa.exe
C:\WINDOWS\WMSysPr9.prx
C:\WINDOWS\system32\2A.tmp
C:\WINDOWS\system32\27.tmp
C:\WINDOWS\system32\reader_s.exe
C:\WINDOWS\system32\28.tmp
C:\WINDOWS\system32\25.tmp
C:\WINDOWS\system32\26.tmp
C:\WINDOWS\system32\22.tmp
C:\WINDOWS\system32\24.tmp
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\23.tmp
C:\WINDOWS\system32\20.tmp
C:\WINDOWS\system32\21.tmp
C:\WINDOWS\system32\1E.tmp
C:\WINDOWS\system32\1F.tmp
C:\WINDOWS\system32\1C.tmp
C:\WINDOWS\system32\1D.tmp
C:\WINDOWS\system32\1A.tmp
C:\WINDOWS\system32\1B.tmp
C:\WINDOWS\system32\18.tmp
C:\WINDOWS\system32\19.tmp
C:\WINDOWS\system32\16.tmp
C:\WINDOWS\system32\17.tmp
C:\WINDOWS\system32\14.tmp
C:\WINDOWS\system32\15.tmp
C:\WINDOWS\system32\12.tmp
C:\WINDOWS\system32\13.tmp
C:\WINDOWS\system32\10.tmp
C:\WINDOWS\system32\11.tmp
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\5.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\55.tmp
C:\WINDOWS\system32\GameMon.des
C:\Documents and Settings\Saddy4\reader_s.exe
C:\WINDOWS\system32\config\systemprofile\reader_s.exe
c:\windows\loadernew.exe

Registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o

Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger, che troverai in C:\

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 12:02:03 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

Ecco qua r16, in ogni caso avenger è utilizzabile, non è stato bloccato dal virus facendo tutto normalmente.(almeno che poi non lo abbia bloccato in parte come è successo con system scan)

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\ld12.exe" deleted successfully.
File "C:\WINDOWS\msb.exe" deleted successfully.
File "C:\WINDOWS\0101120101464849.dat" deleted successfully.
File "C:\WINDOWS\934fdfg34fgjf23" deleted successfully.
File "C:\WINDOWS\010112010146118114.dat" deleted successfully.
File "C:\WINDOWS\msa.exe" deleted successfully.
File "C:\WINDOWS\WMSysPr9.prx" deleted successfully.
File "C:\WINDOWS\system32\2A.tmp" deleted successfully.
File "C:\WINDOWS\system32\27.tmp" deleted successfully.

Error: file "C:\WINDOWS\system32\reader_s.exe" not found!
Deletion of file "C:\WINDOWS\system32\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\28.tmp" deleted successfully.
File "C:\WINDOWS\system32\25.tmp" deleted successfully.
File "C:\WINDOWS\system32\26.tmp" deleted successfully.
File "C:\WINDOWS\system32\22.tmp" deleted successfully.
File "C:\WINDOWS\system32\24.tmp" deleted successfully.
File "C:\WINDOWS\system32\B.tmp" deleted successfully.
File "C:\WINDOWS\system32\23.tmp" deleted successfully.
File "C:\WINDOWS\system32\20.tmp" deleted successfully.
File "C:\WINDOWS\system32\21.tmp" deleted successfully.
File "C:\WINDOWS\system32\1E.tmp" deleted successfully.
File "C:\WINDOWS\system32\1F.tmp" deleted successfully.
File "C:\WINDOWS\system32\1C.tmp" deleted successfully.
File "C:\WINDOWS\system32\1D.tmp" deleted successfully.
File "C:\WINDOWS\system32\1A.tmp" deleted successfully.
File "C:\WINDOWS\system32\1B.tmp" deleted successfully.
File "C:\WINDOWS\system32\18.tmp" deleted successfully.
File "C:\WINDOWS\system32\19.tmp" deleted successfully.
File "C:\WINDOWS\system32\16.tmp" deleted successfully.
File "C:\WINDOWS\system32\17.tmp" deleted successfully.
File "C:\WINDOWS\system32\14.tmp" deleted successfully.
File "C:\WINDOWS\system32\15.tmp" deleted successfully.
File "C:\WINDOWS\system32\12.tmp" deleted successfully.
File "C:\WINDOWS\system32\13.tmp" deleted successfully.
File "C:\WINDOWS\system32\10.tmp" deleted successfully.
File "C:\WINDOWS\system32\11.tmp" deleted successfully.
File "C:\WINDOWS\system32\E.tmp" deleted successfully.
File "C:\WINDOWS\system32\F.tmp" deleted successfully.
File "C:\WINDOWS\system32\C.tmp" deleted successfully.
File "C:\WINDOWS\system32\D.tmp" deleted successfully.
File "C:\WINDOWS\system32\9.tmp" deleted successfully.
File "C:\WINDOWS\system32\A.tmp" deleted successfully.
File "C:\WINDOWS\system32\7.tmp" deleted successfully.
File "C:\WINDOWS\system32\8.tmp" deleted successfully.
File "C:\WINDOWS\system32\4.tmp" deleted successfully.
File "C:\WINDOWS\system32\6.tmp" deleted successfully.
File "C:\WINDOWS\system32\2.tmp" deleted successfully.
File "C:\WINDOWS\system32\5.tmp" deleted successfully.
File "C:\WINDOWS\system32\3.tmp" deleted successfully.
File "C:\WINDOWS\system32\55.tmp" deleted successfully.
File "C:\WINDOWS\system32\GameMon.des" deleted successfully.

Error: file "C:\Documents and Settings\Saddy4\reader_s.exe" not found!
Deletion of file "C:\Documents and Settings\Saddy4\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\config\systemprofile\reader_s.exe" not found!
Deletion of file "C:\WINDOWS\system32\config\systemprofile\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\loadernew.exe" not found!
Deletion of file "c:\windows\loadernew.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Torna in alto

r16

Inviato: Monday, July 13, 2009 12:05:30 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Postami un log di System scan, (con le solite modalità.

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 12:47:03 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

Ecco qui il log di system scan.

report2.txt

Torna in alto

r16

Inviato: Monday, July 13, 2009 1:42:27 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ricontrollala le chiavi per vedere se trovi reader_s.exe:
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Avvia AVENGER
Clicca Ok
Inserisci queste righe (fai copia-incolla) nel riquadro bianco:

File to delete:
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\reader_s.exe
C:\WINDOWS\system32\4.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\grffr83hn.dll
C:\WINDOWS\system32\2D.tmp
C:\WINDOWS\system32\2B.tmp
C:\WINDOWS\system32\29.tmp
C:\WINDOWS\temp\askefhaw987ryhjinfd.tmp
C:\WINDOWS\temp\t5zdeg.exe
C:\WINDOWS\temp\ewcs73nf.exe

Folders to delete:
C:\WINDOWS\temp

Registry keys to delete:
HKEY_LOCAL_MACHINE\system\controlset001\services\ak84qo47

Togli la spunta da Scan for Rootkit
Clicca su Execute e aspetta...
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 1:51:54 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

r16 avenger mi dice:

Commenta:

Errore: Invalid script. A valid script must begin with a command directive. Aborting execution!

confrontando questo scritto con il precedente ho risolto da solo aggiungendo una s a file.

Torna in alto

saddy4

Inviato: Monday, July 13, 2009 2:03:40 PM

Rank: AiutAmico

Iscritto dal : 7/10/2009
Posts: 153

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\ld12.exe" deleted successfully.
File "C:\WINDOWS\msb.exe" deleted successfully.
File "C:\WINDOWS\0101120101464849.dat" deleted successfully.
File "C:\WINDOWS\934fdfg34fgjf23" deleted successfully.
File "C:\WINDOWS\010112010146118114.dat" deleted successfully.
File "C:\WINDOWS\msa.exe" deleted successfully.
File "C:\WINDOWS\WMSysPr9.prx" deleted successfully.
File "C:\WINDOWS\system32\2A.tmp" deleted successfully.
File "C:\WINDOWS\system32\27.tmp" deleted successfully.

Error: file "C:\WINDOWS\system32\reader_s.exe" not found!
Deletion of file "C:\WINDOWS\system32\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\WINDOWS\system32\28.tmp" deleted successfully.
File "C:\WINDOWS\system32\25.tmp" deleted successfully.
File "C:\WINDOWS\system32\26.tmp" deleted successfully.
File "C:\WINDOWS\system32\22.tmp" deleted successfully.
File "C:\WINDOWS\system32\24.tmp" deleted successfully.
File "C:\WINDOWS\system32\B.tmp" deleted successfully.
File "C:\WINDOWS\system32\23.tmp" deleted successfully.
File "C:\WINDOWS\system32\20.tmp" deleted successfully.
File "C:\WINDOWS\system32\21.tmp" deleted successfully.
File "C:\WINDOWS\system32\1E.tmp" deleted successfully.
File "C:\WINDOWS\system32\1F.tmp" deleted successfully.
File "C:\WINDOWS\system32\1C.tmp" deleted successfully.
File "C:\WINDOWS\system32\1D.tmp" deleted successfully.
File "C:\WINDOWS\system32\1A.tmp" deleted successfully.
File "C:\WINDOWS\system32\1B.tmp" deleted successfully.
File "C:\WINDOWS\system32\18.tmp" deleted successfully.
File "C:\WINDOWS\system32\19.tmp" deleted successfully.
File "C:\WINDOWS\system32\16.tmp" deleted successfully.
File "C:\WINDOWS\system32\17.tmp" deleted successfully.
File "C:\WINDOWS\system32\14.tmp" deleted successfully.
File "C:\WINDOWS\system32\15.tmp" deleted successfully.
File "C:\WINDOWS\system32\12.tmp" deleted successfully.
File "C:\WINDOWS\system32\13.tmp" deleted successfully.
File "C:\WINDOWS\system32\10.tmp" deleted successfully.
File "C:\WINDOWS\system32\11.tmp" deleted successfully.
File "C:\WINDOWS\system32\E.tmp" deleted successfully.
File "C:\WINDOWS\system32\F.tmp" deleted successfully.
File "C:\WINDOWS\system32\C.tmp" deleted successfully.
File "C:\WINDOWS\system32\D.tmp" deleted successfully.
File "C:\WINDOWS\system32\9.tmp" deleted successfully.
File "C:\WINDOWS\system32\A.tmp" deleted successfully.
File "C:\WINDOWS\system32\7.tmp" deleted successfully.
File "C:\WINDOWS\system32\8.tmp" deleted successfully.
File "C:\WINDOWS\system32\4.tmp" deleted successfully.
File "C:\WINDOWS\system32\6.tmp" deleted successfully.
File "C:\WINDOWS\system32\2.tmp" deleted successfully.
File "C:\WINDOWS\system32\5.tmp" deleted successfully.
File "C:\WINDOWS\system32\3.tmp" deleted successfully.
File "C:\WINDOWS\system32\55.tmp" deleted successfully.
File "C:\WINDOWS\system32\GameMon.des" deleted successfully.

Error: file "C:\Documents and Settings\Saddy4\reader_s.exe" not found!
Deletion of file "C:\Documents and Settings\Saddy4\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "C:\WINDOWS\system32\config\systemprofile\reader_s.exe" not found!
Deletion of file "C:\WINDOWS\system32\config\systemprofile\reader_s.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: file "c:\windows\loadernew.exe" not found!
Deletion of file "c:\windows\loadernew.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Error: registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\abm27h5o" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:49:04 2009

13:49:04: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:49:10 2009

13:49:10: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:49:19 2009

13:49:19: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:49:40 2009

13:49:40: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:50:24 2009

13:50:24: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:50:34 2009

13:50:34: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:50:36 2009

13:50:36: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:51:51 2009

13:51:51: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Platform: Windows XP (build 2600, Service Pack 2)
Mon Jul 13 13:52:06 2009

13:52:05: Error: Invalid script. A valid script must begin with a command directive.
Aborting execution!

//////////////////////////////////////////

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\WINDOWS\system32\6.tmp" deleted successfully.
File "C:\WINDOWS\system32\reader_s.exe" deleted successfully.
File "C:\WINDOWS\system32\4.tmp" deleted successfully.
File "C:\WINDOWS\system32\3.tmp" deleted successfully.
File "C:\WINDOWS\system32\grffr83hn.dll" deleted successfully.
File "C:\WINDOWS\system32\2D.tmp" deleted successfully.
File "C:\WINDOWS\system32\2B.tmp" deleted successfully.
File "C:\WINDOWS\system32\29.tmp" deleted successfully.
File "C:\WINDOWS\temp\askefhaw987ryhjinfd.tmp" deleted successfully.
File "C:\WINDOWS\temp\t5zdeg.exe" deleted successfully.
File "C:\WINDOWS\temp\ewcs73nf.exe" deleted successfully.
Folder "C:\WINDOWS\temp" deleted successfully.

Error: registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ak84qo47" not found!
Deletion of registry key "HKEY_LOCAL_MACHINE\system\controlset001\services\ak84qo47" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

Completed script processing.

*******************

Finished! Terminate.

Torna in alto

r16

Inviato: Monday, July 13, 2009 4:39:18 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Si, non ho scritto la S finale su "File". Bravo.
Proviamo a vedere se funziona questo software:
Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e fai la scansione in Modalità Provvisoria (è molto importante).
Poi fai un'altra scansione in modalità normale.
Posta anche il log. (lo trovi sull'icona in alto, con raffigurato un block notes ,con una penna)

Disistalla Malwarebytes.
E prova a installarlo su cd e vedi se funziona.
Disistalla Combofix, e fai la stessa operazione.(lo installi nello stesso CD)

Faccio fatica a chiedertelo: come và il pc?

Torna in alto

Utenti presenti in questo topic

Guest

6 pages: 1 [2] 3 4 5 6

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijack this (xp)

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded