Precedente :: Successivo |
Autore |
Messaggio |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 13 Giu 2007 19:01 Oggetto: |
|
|
Stesso problema di molti: il CID.
Vi allego il Log di HJT fatto pochi minuti fa... Devo dire che ho controllato sul sito ufficiale le voci a rischio, ed ho visto che sono abbastanza, infatti credo di non avere solo il problema CID, ma anche qualcun altro... Però prima vorrei togliere questo fastidio, poi magari pensiamo ad eliminare il resto.
Questo il Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.59.54, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Installazione\DAEMON Tools\daemon.exe
F:\Sandro\Applicazioni\[APP] - Topometro.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\Installazione\Azureus\Azureus.exe
C:\windows\explorer.exe
F:\Sandro\Applicazioni\File estratti\HiJackThis 2\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB60FE2-F5E8-444F-93E3-2C983C4324C2} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {3ABED1A3-6E01-46DB-85E5-DEC655B727D0} - C:\windows\system32\mevyymfd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\windows\system32\jfmgljre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINDOWS\system32\jkkhheb.dll
O2 - BHO: (no name) - {A65ED676-CBDB-DB43-D31C-4EB08FE60E4D} - (no file)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Installazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TopoMetro] F:\Sandro\Applicazioni\[APP] - Topometro.exe
O4 - HKLM\..\Run: [j8211436] rundll32 C:\windows\system32\j8211436.dll sook
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\windows\system32\mhstvqjv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
--
End of file - 6636 bytes
... So già che questi due:
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
...sono infetti, provo a fixarli e vanno via, però non appena faccio di nuovo il HJT rispuntano come se niente fosse. |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 13 Giu 2007 19:52 Oggetto: |
|
|
Per cominciare, scarica VundoFix e avvialo. Segui i passaggi e posta qui il log che ti verrà generato. |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 14 Giu 2007 09:42 Oggetto: |
|
|
Ho fatto tutti i passaggi... Ha anche riavviato il pc due volte e dopo ho rifatto il HJT... Qui il Log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.41.11, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Installazione\DAEMON Tools\daemon.exe
F:\Sandro\Applicazioni\[APP] - Topometro.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Sandro\Applicazioni\File estratti\HiJackThis 2\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ABED1A3-6E01-46DB-85E5-DEC655B727D0} - C:\windows\system32\mevyymfd.dll (file missing)
O2 - BHO: (no name) - {54E0CA07-BD9E-416B-AECC-58C3B3DDC3A4} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\windows\system32\jfmgljre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\windows\SYSTEM32\jkkhheb.dll
O2 - BHO: (no name) - {A65ED676-CBDB-DB43-D31C-4EB08FE60E4D} - (no file)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Installazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TopoMetro] F:\Sandro\Applicazioni\[APP] - Topometro.exe
O4 - HKLM\..\Run: [j8211436] rundll32 C:\windows\system32\j8211436.dll sook
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\windows\system32\mhstvqjv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
--
End of file - 6702 bytes |
|
Top |
|
 |
Orange Dio maturo

Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 14 Giu 2007 11:46 Oggetto: |
|
|
puoi mettere qui il log di VundoFix?
che antivirus stai usando? |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 14 Giu 2007 12:34 Oggetto: |
|
|
Orange ha scritto: | puoi mettere qui il log di VundoFix?
che antivirus stai usando? |
Allora... Per quanto riguarda l'antivirus... Al momento non ne sto usando, ma mi sto prontando ad installare Kaspersky!!
Per quanto riguarda il Log di VundoFix, io non riesco ad averlo questo log... Dove lo trovo??? |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 14 Giu 2007 12:37 Oggetto: |
|
|
Forse dici questo???
C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.dll
C:\WINDOWS\system32\pmnlj.dll |
|
Top |
|
 |
Orange Dio maturo

Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 14 Giu 2007 12:52 Oggetto: |
|
|
ER_MEGLIO ha scritto: | Per quanto riguarda il Log di VundoFix, io non riesco ad averlo questo log... Dove lo trovo??? | C:\vundofix.txt |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 14 Giu 2007 13:25 Oggetto: |
|
|
VundoFix V6.5.0
Checking Java version...
Sun Java not detected
Scan started at 9.33.45 14/06/2007
Listing files found while scanning....
C:\windows\system32\adqeiylx.dll
C:\windows\system32\ayhmnvmc.dll
C:\windows\system32\bcrroxct.exe
C:\windows\system32\budlvysa.dll
C:\windows\system32\bxmclwhb.dll
C:\windows\system32\bykdrkaw.dll
C:\windows\system32\cfayvhtb.dll
C:\windows\system32\commphao.dll
C:\windows\system32\dfdjbigu.exe
C:\windows\system32\edxfxlyf.dll
C:\windows\system32\egmbggek.exe
C:\windows\system32\erfyowpd.dll
C:\windows\system32\etpvshju.dll
C:\windows\system32\gqdkajey.dll
C:\windows\system32\gswfyavc.dll
C:\windows\system32\hiddvwui.dll
C:\windows\system32\hiepdjxj.dll
C:\windows\system32\hocbqgex.dll
C:\windows\system32\iknyrjvo.dll
C:\windows\system32\ikpixwgb.dll
C:\windows\system32\iujwtmpa.dll
C:\windows\system32\j8211436.dll
C:\WINDOWS\system32\jkkhheb.dll
C:\windows\system32\jkklj.dll
C:\windows\system32\jlkkj.ini
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\windows\system32\khfffge.dll
C:\windows\system32\kkwjntyg.dll
C:\windows\system32\lrokhkui.dll
C:\windows\system32\mevyymfd.dll
C:\windows\system32\nyikksbg.dll
C:\windows\system32\obcoafqy.ini
C:\windows\system32\osdmtbis.dll
C:\WINDOWS\system32\pmnlj.dll
C:\windows\system32\prutv.ini
C:\windows\system32\pxpixjtt.dll
C:\windows\system32\qcmefbdy.dll
C:\windows\system32\qhavddwy.dll
C:\windows\system32\qhlkoefi.dll
C:\windows\system32\ququvvon.dll
C:\windows\system32\qynsiirq.dll
C:\windows\system32\rhbovley.dll
C:\windows\system32\rihoppxe.dll
C:\windows\system32\rpvkhcqk.dll
C:\windows\system32\sciscswn.dll
C:\windows\system32\sjkjwems.dll
C:\windows\system32\spmewwns.dll
C:\windows\system32\sujpybhk.dll
C:\windows\system32\ttjxipxp.ini
C:\windows\system32\twelgaor.dll
C:\windows\system32\uhlaiosq.dll
C:\windows\system32\vflsrkuf.dll
C:\windows\system32\vturp.dll
C:\windows\system32\wbjafyyu.dll
C:\windows\system32\wbqtxtxw.exe
C:\windows\system32\wobgbtnu.dll
C:\windows\system32\xclypbui.dll
C:\windows\system32\yqfaocbo.dll
C:\windows\system32\yujmfdky.dll
Beginning removal...
Attempting to delete C:\windows\system32\adqeiylx.dll
C:\windows\system32\adqeiylx.dll Has been deleted!
Attempting to delete C:\windows\system32\ayhmnvmc.dll
C:\windows\system32\ayhmnvmc.dll Has been deleted!
Attempting to delete C:\windows\system32\bcrroxct.exe
C:\windows\system32\bcrroxct.exe Has been deleted!
Attempting to delete C:\windows\system32\budlvysa.dll
C:\windows\system32\budlvysa.dll Has been deleted!
Attempting to delete C:\windows\system32\bxmclwhb.dll
C:\windows\system32\bxmclwhb.dll Has been deleted!
Attempting to delete C:\windows\system32\bykdrkaw.dll
C:\windows\system32\bykdrkaw.dll Has been deleted!
Attempting to delete C:\windows\system32\cfayvhtb.dll
C:\windows\system32\cfayvhtb.dll Has been deleted!
Attempting to delete C:\windows\system32\commphao.dll
C:\windows\system32\commphao.dll Has been deleted!
Attempting to delete C:\windows\system32\dfdjbigu.exe
C:\windows\system32\dfdjbigu.exe Has been deleted!
Attempting to delete C:\windows\system32\edxfxlyf.dll
C:\windows\system32\edxfxlyf.dll Has been deleted!
Attempting to delete C:\windows\system32\egmbggek.exe
C:\windows\system32\egmbggek.exe Has been deleted!
Attempting to delete C:\windows\system32\erfyowpd.dll
C:\windows\system32\erfyowpd.dll Has been deleted!
Attempting to delete C:\windows\system32\etpvshju.dll
C:\windows\system32\etpvshju.dll Has been deleted!
Attempting to delete C:\windows\system32\gqdkajey.dll
C:\windows\system32\gqdkajey.dll Has been deleted!
Attempting to delete C:\windows\system32\gswfyavc.dll
C:\windows\system32\gswfyavc.dll Has been deleted!
Attempting to delete C:\windows\system32\hiddvwui.dll
C:\windows\system32\hiddvwui.dll Has been deleted!
Attempting to delete C:\windows\system32\hiepdjxj.dll
C:\windows\system32\hiepdjxj.dll Has been deleted!
Attempting to delete C:\windows\system32\hocbqgex.dll
C:\windows\system32\hocbqgex.dll Has been deleted!
Attempting to delete C:\windows\system32\iknyrjvo.dll
C:\windows\system32\iknyrjvo.dll Has been deleted!
Attempting to delete C:\windows\system32\ikpixwgb.dll
C:\windows\system32\ikpixwgb.dll Has been deleted!
Attempting to delete C:\windows\system32\iujwtmpa.dll
C:\windows\system32\iujwtmpa.dll Has been deleted!
Attempting to delete C:\windows\system32\j8211436.dll
C:\windows\system32\j8211436.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\jkkhheb.dll
C:\WINDOWS\system32\jkkhheb.dll Could not be deleted.
Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!
Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\jlnmp.tmp Has been deleted!
Attempting to delete C:\windows\system32\khfffge.dll
C:\windows\system32\khfffge.dll Has been deleted!
Attempting to delete C:\windows\system32\kkwjntyg.dll
C:\windows\system32\kkwjntyg.dll Has been deleted!
Attempting to delete C:\windows\system32\lrokhkui.dll
C:\windows\system32\lrokhkui.dll Has been deleted!
Attempting to delete C:\windows\system32\mevyymfd.dll
C:\windows\system32\mevyymfd.dll Could not be deleted.
Attempting to delete C:\windows\system32\nyikksbg.dll
C:\windows\system32\nyikksbg.dll Has been deleted!
Attempting to delete C:\windows\system32\obcoafqy.ini
C:\windows\system32\obcoafqy.ini Has been deleted!
Attempting to delete C:\windows\system32\osdmtbis.dll
C:\windows\system32\osdmtbis.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
Attempting to delete C:\windows\system32\prutv.ini
C:\windows\system32\prutv.ini Has been deleted!
Attempting to delete C:\windows\system32\pxpixjtt.dll
C:\windows\system32\pxpixjtt.dll Has been deleted!
Attempting to delete C:\windows\system32\qcmefbdy.dll
C:\windows\system32\qcmefbdy.dll Has been deleted!
Attempting to delete C:\windows\system32\qhavddwy.dll
C:\windows\system32\qhavddwy.dll Has been deleted!
Attempting to delete C:\windows\system32\qhlkoefi.dll
C:\windows\system32\qhlkoefi.dll Has been deleted!
Attempting to delete C:\windows\system32\ququvvon.dll
C:\windows\system32\ququvvon.dll Has been deleted!
Attempting to delete C:\windows\system32\qynsiirq.dll
C:\windows\system32\qynsiirq.dll Has been deleted!
Attempting to delete C:\windows\system32\rhbovley.dll
C:\windows\system32\rhbovley.dll Has been deleted!
Attempting to delete C:\windows\system32\rihoppxe.dll
C:\windows\system32\rihoppxe.dll Has been deleted!
Attempting to delete C:\windows\system32\rpvkhcqk.dll
C:\windows\system32\rpvkhcqk.dll Has been deleted!
Attempting to delete C:\windows\system32\sciscswn.dll
C:\windows\system32\sciscswn.dll Has been deleted!
Attempting to delete C:\windows\system32\sjkjwems.dll
C:\windows\system32\sjkjwems.dll Has been deleted!
Attempting to delete C:\windows\system32\spmewwns.dll
C:\windows\system32\spmewwns.dll Has been deleted!
Attempting to delete C:\windows\system32\sujpybhk.dll
C:\windows\system32\sujpybhk.dll Has been deleted!
Attempting to delete C:\windows\system32\ttjxipxp.ini
C:\windows\system32\ttjxipxp.ini Has been deleted!
Attempting to delete C:\windows\system32\twelgaor.dll
C:\windows\system32\twelgaor.dll Has been deleted!
Attempting to delete C:\windows\system32\uhlaiosq.dll
C:\windows\system32\uhlaiosq.dll Has been deleted!
Attempting to delete C:\windows\system32\vflsrkuf.dll
C:\windows\system32\vflsrkuf.dll Has been deleted!
Attempting to delete C:\windows\system32\vturp.dll
C:\windows\system32\vturp.dll Has been deleted!
Attempting to delete C:\windows\system32\wbjafyyu.dll
C:\windows\system32\wbjafyyu.dll Has been deleted!
Attempting to delete C:\windows\system32\wbqtxtxw.exe
C:\windows\system32\wbqtxtxw.exe Has been deleted!
Attempting to delete C:\windows\system32\wobgbtnu.dll
C:\windows\system32\wobgbtnu.dll Has been deleted!
Attempting to delete C:\windows\system32\xclypbui.dll
C:\windows\system32\xclypbui.dll Has been deleted!
Attempting to delete C:\windows\system32\yqfaocbo.dll
C:\windows\system32\yqfaocbo.dll Has been deleted!
Attempting to delete C:\windows\system32\yujmfdky.dll
C:\windows\system32\yujmfdky.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\windows\system32\j8211436.dll
C:\windows\system32\j8211436.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jkkhheb.dll
C:\WINDOWS\system32\jkkhheb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2 Has been deleted!
Attempting to delete C:\windows\system32\mevyymfd.dll
C:\windows\system32\mevyymfd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
Performing Repairs to the registry.
Done!
Beginning removal...
VundoFix V6.5.0
Checking Java version...
Sun Java not detected
Scan started at 9.43.52 14/06/2007
Listing files found while scanning....
C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll
Beginning removal...
Attempting to delete C:\windows\system32\jkkhheb.dll
C:\windows\system32\jkkhheb.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.
Performing Repairs to the registry.
Done!
VundoFix V6.5.0
Checking Java version...
Sun Java not detected
Scan started at 12.34.49 14/06/2007
Listing files found while scanning....
C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll
Ce ne più di uno... Tutto quelli che ho fatti stamattina!! |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 14 Giu 2007 18:14 Oggetto: |
|
|
E quanti ne hai fatti?
Posta qui l'ultimo della serie e un log aggiornato di hijackthis. |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 16 Giu 2007 11:49 Oggetto: |
|
|
Ragazzi torno da un altro pc per dirvi che quello su cui mi serviva aiuto ha alzato definitivamente bandiera bianca... E a giorni lo dovrò formattare... Mi dispiace, ma davvero non c'è più nulla da fare! ... Ringrazio coloro che avevano cercato di darmi un mano a rimetterlo in sesto!
Ps: Non so come, ma è scomparsa la connessione ad internet e non me la fa neanche re-impostare... |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 16 Giu 2007 12:27 Oggetto: |
|
|
Peccato!
Si poteva tentare un altro approccio.
Se vuoi fare un ultimo tentativo:
da un pc con internet funzionante scarica questo tool e scompattalo in una sua cartella
avvia il tool
File --> On-line automatic update --> Start (per aggiornarlo)
Comprimi la cartella contenente il tool e le relative sottocartelle.
Salva il file zippato su chiavetta o cd.
spostati sul pc azzoppato.
Decomprimi il file zippato in una sua cartella
Avvia AVZ.exe
File --> Standard scripts
metti la spunta su Healing/Quarantine and Advanced System Investigation
clicca Execute selected scripts
conferma la tua scelta.
Viene creato il file virusinfo_syscure.zip che trovi nella sottocartella LOGS dove hai scompattato il tool.
copia il log su chiavetta e spostati sul pc con la connessione attiva
carica il log su http://www.freefilehosting.net/ e qui metti solo il link per poterlo scaricare. |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 16 Giu 2007 17:29 Oggetto: |
|
|
Bdoriano grazie mille per i tuoi aiuti, ma ormai penso non ci sia più nulla da fare... Devo formattare, anche perchè è da un bel pò che ho quel pc e non l'ho mai formattato... Ogni tanto ci vuole!!  |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 19 Giu 2007 22:06 Oggetto: |
|
|
ER_MEGLIO ha scritto: | Ragazzi torno da un altro pc per dirvi che quello su cui mi serviva aiuto ha alzato definitivamente bandiera bianca... E a giorni lo dovrò formattare... Mi dispiace, ma davvero non c'è più nulla da fare! ... Ringrazio coloro che avevano cercato di darmi un mano a rimetterlo in sesto!
Ps: Non so come, ma è scomparsa la connessione ad internet e non me la fa neanche re-impostare... |
Questo problema l'ho risolto... Ora ne ho un altro...
Allora ogni volta che avvio il pc mi esce un messaggio di errore che mi dice che il file C:\windows\system32\j8211436.dll non si può avviare perchè non lo trova...o una cosa simile... come faccio a riavere questo file che ho eliminato con vundofix??? |
|
Top |
|
 |
Orange Dio maturo

Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 19 Giu 2007 22:25 Oggetto: |
|
|
Citazione: | come faccio a riavere questo file che ho eliminato con vundofix??? | io invece vorrei sapere, come fai ad avere questo file se hai formattato il PC...
metti qui il tuo log HJT |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 19 Giu 2007 22:31 Oggetto: |
|
|
Orange ha scritto: | Citazione: | come faccio a riavere questo file che ho eliminato con vundofix??? | io invece vorrei sapere, come fai ad avere questo file se hai formattato il PC...
metti qui il tuo log HJT |
No, appunto... Ho risolto e quindi non ho formattato... |
|
Top |
|
 |
bdoriano Amministratore


Registrato: 02/04/07 12:05 Messaggi: 14391 Residenza: 3° pianeta del sistema solare...
|
Inviato: 20 Giu 2007 04:07 Oggetto: |
|
|
Allora ci serve il log aggiornato di hijackthis.
E, visto che ci sei...
Scarica questo e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.
Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato. |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 20 Giu 2007 16:20 Oggetto: |
|
|
bdoriano ha scritto: | Allora ci serve il log aggiornato di hijackthis.
E, visto che ci sei...
Scarica questo e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.
Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato. |
Allora prima di fare tutto ti posto il Log di Hjt:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.17.14, on 20/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Installazione\DAEMON Tools\daemon.exe
C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.563\topometro.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
F:\Sandro\Applicazioni\File estratti\HiJackThis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ABED1A3-6E01-46DB-85E5-DEC655B727D0} - C:\windows\system32\mevyymfd.dll (file missing)
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\windows\system32\jfmgljre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\windows\SYSTEM32\jkkhheb.dll (file missing)
O2 - BHO: (no name) - {A65ED676-CBDB-DB43-D31C-4EB08FE60E4D} - (no file)
O2 - BHO: (no name) - {EA6EACEF-3AB0-4E17-82B2-D91E564B9E7E} - C:\WINDOWS\system32\pmnlj.dll (file missing)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Installazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TopoMetro] C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.563\topometro.exe
O4 - HKLM\..\Run: [j8211436] rundll32 C:\windows\system32\j8211436.dll sook
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\windows\system32\mhstvqjv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O20 - Winlogon Notify: jkkhheb - jkkhheb.dll (file missing)
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
--
End of file - 6601 bytes
...Ora faccio il resto e posto nuovamente!! |
|
Top |
|
 |
ER_MEGLIO Mortale devoto

Registrato: 13/06/07 18:51 Messaggi: 14
|
Inviato: 20 Giu 2007 16:34 Oggetto: |
|
|
...Ho fatto il resto:
bdoriano ha scritto: | Allora ci serve il log aggiornato di hijackthis.
E, visto che ci sei...
Scarica questo e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato. |
Questo è il 1° link: http://www.freefilehosting.net/download/MjI2NjM1
bdoriano ha scritto: | Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato. |
Questo è il 2°: http://www.freefilehosting.net/download/MjI2NjQy |
|
Top |
|
 |
Orange Dio maturo

Registrato: 18/02/07 13:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 20 Giu 2007 18:07 Oggetto: |
|
|
ma non avevi detto che hai risolto...?
scarica Avenger e scompattalo sul desktop
avvialo seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si aprirà View/edit script copia/incolla seguente
Citazione: | Files to delete:
C:\windows\system32\mevyymfd.dll
C:\windows\system32\jfmgljre.dll
C:\windows\SYSTEM32\jkkhheb.dll
C:\WINDOWS\system32\pmnlj.dll
C:\windows\system32\j8211436.dll
C:\windows\system32\mhstvqjv.dll
C:\DOCUME~1\Utente\IMPOST~1\Temp\Rar$EX00.563\topometro.exe
Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3ABED1A3-6E01-46DB-85E5-DEC655B727D0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5ADF3862-9E2E-4ad3-86F7-4510E6550CD0}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D7EF71F-92F4-4E1E-93DE-E21436E4C815}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA6EACEF-3AB0-4E17-82B2-D91E564B9E7E}
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | j8211436rundll32
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | GPLv3rundll32.exe |
clicca Done
poi l'icona con il semaforo
rispondi Yes
il PC dovrebbe riavviarsi (altrimenti fallo tu)
metti qui il log di Avenger e uno di HiJack |
|
Top |
|
 |
|