|
| Precedente :: Successivo |
| Autore |
Messaggio |
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
 Inviato: 24 Dic 2007 21:08 Oggetto: |
 |
|
OK, mettiti anche un firewall per una maggiore protezione. A tal proposito guarda questa discussione.
Buon Natale anche a te... |
|
| Top |
|
 |
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 24 Dic 2007 21:20 Oggetto: |
|
|
| Purtroppo zone alarm non riesco a installarlo, provo a installarne un altro e vedere se va. Ti faccio sapere, grazie mille |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 25 Dic 2007 18:25 Oggetto: |
|
|
| Il pc all'avvio è lento come una tartaruga. Mi si è riformato il file maligno e ora provo a fare come mi hai detto. Ti faccio sapere tutto appena ho concluso. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 25 Dic 2007 21:04 Oggetto: |
|
|
Ho fatto tutto quello che mi hai detto di fare ma c'è ancora 
Avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ehojkjgt
*******************
Script file located at: \??\G:\Documents and Settings\hgsnudko.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at G:\Avenger
*******************
Beginning to process script file:
File G:\WINDOWS\rundll32.exe deleted successfully.
Program G:\fix.reg successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
HJT
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.00.35, on 25/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\WINDOWS\System32\msmsgs.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
G:\WINDOWS\rundll32.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Outpost Firewall] "C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe" /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Fantacalcio Manager 2006 - Top Edition Quick Loader.lnk = C:\Programmi\FCM\FCMLoad.exe
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{390CA4CF-DCB4-49DD-A3FB-5073DEFE96FC}: NameServer = 85.37.17.48 85.38.28.88
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
--
End of file - 6854 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Dic 2007 10:36 Oggetto: |
|
|
Sicuramente c'è qualche chiave di registro o processo automatico che lo riforma. Collegati a Kaspersky online scanner
Quando sta scaricando i file necessari, disattiva momentaneamente l'antivirus ed eventualmente anche il firewall. Non appena inizia la scansione del PC disconnettiti da internet.
Alla fine carica il risultato su www.freefilehosting.net, riportando quì il link che ti viene assegnato. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 26 Dic 2007 18:40 Oggetto: |
|
|
Dopo mille peripezie ecco qui il link:
http://www.freefilehosting.net/download/39g90 |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Dic 2007 19:04 Oggetto: |
|
|
Dovremmo essere ad una svolta.
Avvia Hijackthis e fixa queste righe:
| Citazione: | O4 - HKCU\..\Run: [Microsoft Oftice] G:\WINDOWS\System32\msmsgs.exe
O4 - HKCU\..\Run: [Microsoft Windows Driver] G:\WINDOWS\rundll32.exe |
Elimina manualmente questi file:
backup di Avenger; file dalla quarantena di Norton; Navilog1
utilizza nuovamente avenger con questo script:
| Citazione: | files to delete:
C:\lo.exe
C:\Programmi\MediaLoads\v1\ML.exe
C:\WINDOWS\NDNuninstall5_48.exe
G:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip
G:\Documents and Settings\Bar Ferraris\Documenti\Davide\cracking\msof0104.zip
G:\Documents and Settings\Bar Ferraris\Documenti\Davide\cracking\revel.zip
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl1071937.exe
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl356968.exe
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl4206171.exe
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\Content.IE5\8P6RK96Z\logo[1].jpg
G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\Content.IE5\NNRSP65G\bin[1].exe
G:\Programmi\MediaLoads\v1\ML.exe
G:\WINDOWS\rundll32.exe
G:\WINDOWS\system32\a.exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\898R8FSB\mixit[3].exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\898R8FSB\mmdmm[1].exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\ELQ74NWR\mixit[6].exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\OTOBMNYN\md[1].exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\OTOBMNYN\mixit[1].exe
G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\WZWDO5EF\mixit[2].exe
G:\WINDOWS\system32\i
G:\WINDOWS\system32\msmsgs.exe |
Ripuliamo la cache di internet: Scarica ATF Cleaner
Avvialo e clicca su Select All e poi su Empty selected. Fai la stessa cosa con Firefox o Opera se li hai installati come browser, dal menu principale di ATF Cleaner. Alla fine posta un nuovo log di HJT. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 26 Dic 2007 20:12 Oggetto: |
|
|
Ho fatto tutto quanto. Il pc pare già essere un po' più veloce. Ti posto ora il log di HJT:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19.08.43, on 26/12/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Symantec\LiveUpdate\AUpdate.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\Documents and Settings\Bar Ferraris\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AtiPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O20 - AppInit_DLLs: C:\Programmi\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
--
End of file - 6263 bytes |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Dic 2007 20:36 Oggetto: |
|
|
Non vorrei cantare vittoria, ma pare che quel file antipatico non ci sia più
Posti per favore il log di Avenger? Lo trovi su C:\ (o G:\) Avenger.txt. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 26 Dic 2007 20:59 Oggetto: |
|
|
eccoti accontentato 
Che ne dici?
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\heewgykm
*******************
Script file located at: \??\G:\WINDOWS\System32\nxohcrwk.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at G:\Avenger
*******************
Beginning to process script file:
File C:\lo.exe deleted successfully.
File C:\Programmi\MediaLoads\v1\ML.exe deleted successfully.
File C:\WINDOWS\NDNuninstall5_48.exe deleted successfully.
File G:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy\Recovery\RegistryCleaner.zip deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Documenti\Davide\cracking\msof0104.zip deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Documenti\Davide\cracking\revel.zip deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl1071937.exe deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl356968.exe deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temp\dl4206171.exe deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\Content.IE5\8P6RK96Z\logo[1].jpg deleted successfully.
File G:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\Content.IE5\NNRSP65G\bin[1].exe deleted successfully.
File G:\Programmi\MediaLoads\v1\ML.exe deleted successfully.
File G:\WINDOWS\rundll32.exe deleted successfully.
File G:\WINDOWS\system32\a.exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\898R8FSB\mixit[3].exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\898R8FSB\mmdmm[1].exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\ELQ74NWR\mixit[6].exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\OTOBMNYN\md[1].exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\OTOBMNYN\mixit[1].exe deleted successfully.
File G:\WINDOWS\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\WZWDO5EF\mixit[2].exe deleted successfully.
File G:\WINDOWS\system32\i deleted successfully.
File G:\WINDOWS\system32\msmsgs.exe deleted successfully.
Completed script processing.
*******************
Finished! Terminate. |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Dic 2007 22:21 Oggetto: |
|
|
OK, Avenger ha fatto il suo lavoro...
Dovremmo aver risolto, ma se riscontri ancora problemi fai un fiscio...
 |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 26 Dic 2007 22:29 Oggetto: |
|
|
Sei stato un mago!! Non so davvero come ringraziarti. Spero di imparare ancora qualche trucchetto comunque, ma di non avere piu troppi problemi 
Grazieeee ancoraaaaaaaaaa!!!
Buone feste e felice anno nuovo!!!!! |
|
| Top |
|
|
Sante62
Dio maturo
Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
|
| Inviato: 26 Dic 2007 22:34 Oggetto: |
|
|
Bene..sono contento che hai risolto.
Buone feste anche a te  |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 01 Feb 2008 19:44 Oggetto: |
|
|
Ciao di nuovo.
Ci risiamo 
Il pc di casa ha di nuovo questo problema però stavolta è molto più grave. Non mi carica più nè antivirus nè firewall e non mi apre il browser di explorer. Mi si collega a internet ma non posso fare assolutamente nulla, infatti sto scrivendo dal mio portatile. L'ho riavviato più volte e una volta mi è perfino partita da sola la schermatina dos di avenger 
Ho preso quindi il log di antivir (almeno lui funziona anche se nn mi elimina i file perchè scaduto), il log di HJT e quel log strano di avenger che mi era partito da solo e li posto qui. Volevo chiedere se farei una pazzia a cancellare manualmente i file segnalati da antivir.
Mi spiace dover sempre disturbare voi per risolvere sti problemi
Comunque ecco i log e grazie:
VirIT eXplorer Lite Log
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 11:30:10
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 75160.
Files Totali: 75160.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
--------------------------------------------------------
07/01/2008 - 12:07:56
[SCANSIONE DEL REGISTRO]
OK
[G:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
G:\QUARANTENA_VIRIT\spool.exe Infetto da Backdoor.RBot.AAK
Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 99344.
Files Totali: 99344.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 13:07:34
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
jktikuqy - System32\drivers\djoyyjnk.sys
OK
--------------------------------------------------------
07/01/2008 - 20:32:34
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
ecroscmo - System32\drivers\ymkjqgod.sys
OK
--------------------------------------------------------
07/01/2008 - 21:46:25
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 21:59:47
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 22:33:27
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
07/01/2008 - 23:14:10
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
08/01/2008 - 08:55:35
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
09/01/2008 - 09:14:03
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
10/01/2008 - 22:02:34
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
11/01/2008 - 09:08:06
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
11/01/2008 - 14:32:35
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
11/01/2008 - 16:03:50
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/01/2008 - 08:41:31
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
uulpuitk - System32\drivers\fngixyyh.sys
dbustrcm - dbustrcm - \??\C:\DOCUME~1\BARFER~1\IMPOST~1\Temp\dbustrcm.sys
OK
--------------------------------------------------------
13/01/2008 - 13:11:33
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
13/01/2008 - 14:02:55
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
14/01/2008 - 09:04:22
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
17/01/2008 - 07:39:11
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
mtfrtufy - System32\drivers\eibxdjxp.sys
OK
--------------------------------------------------------
17/01/2008 - 17:34:12
[SCANSIONE DELLA MEMORIA]
[Hidden Services]
uwcxeilx - System32\drivers\jjfieyhd.sys
OK
--------------------------------------------------------
18/01/2008 - 12:10:10
[SCANSIONE DEL REGISTRO]
OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
21/01/2008 - 08:07:17
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
22/01/2008 - 09:47:47
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
22/01/2008 - 12:15:03
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
24/01/2008 - 08:10:18
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
25/01/2008 - 08:53:06
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/01/2008 - 13:36:53
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/01/2008 - 14:10:59
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/01/2008 - 14:19:19
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
26/01/2008 - 17:56:29
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/01/2008 - 08:52:04
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/01/2008 - 09:09:10
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
27/01/2008 - 13:23:22
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/01/2008 - 12:33:19
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/01/2008 - 17:18:48
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 08:19:07
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 08:29:27
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 11:30:27
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 12:41:27
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 17:16:32
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/01/2008 - 18:59:26
[SCANSIONE DEL REGISTRO]
OK
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\File comuni\System\MSASP32.exe Infetto da Backdoor.SdBot.QB
[D:]
[E:]
[F:]
[G:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
G:\WINDOWS\system32\bd.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\cz.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\dk.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\hp.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\hw.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ip.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jc.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jt.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jy.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ke.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\kf.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\me.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ox.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\rv.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\sj.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\sy.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\th.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\uo.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\up.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\wv.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ww.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\zx.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\zz.exe Infetto da Backdoor.SdBot.QB
Chiavi Registro infette: 0.
Files Infetti: 24.
Files Sospetti: 0.
Files Analizzati: 177056.
Files Totali: 177056.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
30/01/2008 - 08:14:05
[SCANSIONE DEL REGISTRO]
OK
[C:]
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
30/01/2008 - 08:26:59
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
31/01/2008 - 08:32:49
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
01/02/2008 - 14:46:02
[SCANSIONE DEL REGISTRO]
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} Infetto da BHO.Matrix.A
[A:]
BOOT SECTOR: OK
[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe Infetto da Trojan.Win32.Agent.ART
C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe Infetto da Trojan.Win32.Agent.ART
C:\Programmi\File comuni\System\MSASP32.exe Infetto da Backdoor.SdBot.QB
C:\Programmi\QuickTime\bak\qttask.exe Infetto da Trojan.Win32.Agent.ART
[D:]
[E:]
[F:]
[G:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK
G:\Programmi\Grisoft\AVG Free\avgcc.exe Infetto da Trojan.Win32.Agent.ART
G:\VEXPLITE\MONLITE.EXE Infetto da Trojan.Win32.Agent.ART
G:\WINDOWS\system32\bd.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\cz.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\dk.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\hp.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\hr.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\hw.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ig.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ik.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ip.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\iz.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jc.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jt.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\jy.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ke.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\kf.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ln.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\me.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ox.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ph.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\pw.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\py.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\rv.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\sj.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\sy.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\th.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\uf.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\uo.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\up.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\wv.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\ww.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\zu.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\zx.exe Infetto da Backdoor.SdBot.QB
G:\WINDOWS\system32\zz.exe Infetto da Backdoor.SdBot.QB
Chiavi Registro infette: 1.
Files Infetti: 39.
Files Sospetti: 0.
Files Analizzati: 181832.
Files Totali: 181832.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.35.56, on 01/02/2008
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\System\MSASP32.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\bak\outpost.exe
G:\WINDOWS\System32\svchost.exe
G:\VEXPLITE\viritsvc.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\Mixer.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
C:\Programmi\Internet Explorer\iexplore.exe
G:\Documents and Settings\Bar Ferraris\Desktop\utility pc\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Programmi\WinBudget\bin\matrix.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] G:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O20 - AppInit_DLLs: C:\Programmi\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - G:\VEXPLITE\viritsvc.exe
--
End of file - 6651 bytes
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uwcxeilx
*******************
Script file located at: \??\G:\Program Files\upgqmbvf.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at G:\Avenger
*******************
Beginning to process script file:
File C:\Documents and Settings\Bar Ferraris\Impostazioni locali\Temporary Internet Files\Content.IE5\O9M7GDEJ\index[1].php deleted successfully.
File G:\RECYCLER\S-1-5-21-2052111302-1085031214-682003330-1003\Dg8.zip not found!
Deletion of file G:\RECYCLER\S-1-5-21-2052111302-1085031214-682003330-1003\Dg8.zip failed!
Could not process line:
G:\RECYCLER\S-1-5-21-2052111302-1085031214-682003330-1003\Dg8.zip
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 02 Feb 2008 05:52 Oggetto: |
|
|
FindAwf nn riesco a usarlo perchè mi dice che il file di sistema nn è adatto all'esecuzione di applicazioni DOS e Microsoft Windows.
Comunque ho usato combofix ed ecco il log:
ComboFix 08-02.01.6 - Bar Ferraris 2008-02-02 4.35.17.4 - NTFSx86
Eseguito da: G:\Documents and Settings\Bar Ferraris\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\crap.1201869948.old
C:\Programmi\WinBudget\bin\matrix.dat
C:\Programmi\WinBudget\bin\matrix.dll
G:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
G:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
G:\WINDOWS\system32\a.exe
G:\WINDOWS\system32\cr.exe
G:\WINDOWS\system32\ln.exe
G:\WINDOWS\system32\rs.exe
----- BITS: Possible infected sites -----
hxxp://au.download.windowsupdate.com
hxxp://msnsrch.dlservice.microsoft.com
hxxp://toolbar.msn.co
.
((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.
2008-02-01 12:53 . 2008-02-01 15:00 483 --a------ G:\WINDOWS\system32\tj
2008-02-01 12:47 . 2008-02-01 12:48 62,168 --a------ G:\WINDOWS\system32\uf.exe
2008-02-01 12:33 . 2008-02-01 12:33 62,168 --a------ G:\WINDOWS\system32\ph.exe
2008-02-01 12:28 . 2008-02-01 12:28 55,296 --a------ G:\WINDOWS\system32\zu.exe
2008-02-01 12:21 . 2008-02-01 12:21 55,296 --a------ G:\WINDOWS\system32\hr.exe
2008-02-01 12:02 . 2008-02-01 12:02 62,168 --a------ G:\WINDOWS\system32\ik.exe
2008-02-01 12:02 . 2008-02-01 12:03 62,168 --a------ G:\WINDOWS\system32\ig.exe
2008-02-01 02:08 . 2008-02-01 02:08 <DIR> dr------- G:\Documents and Settings\LocalService\Preferiti
2008-01-30 17:13 . 2008-01-30 17:13 62,168 --a------ G:\WINDOWS\system32\pw.exe
2008-01-30 17:10 . 2008-01-30 17:10 55,296 --a------ G:\WINDOWS\system32\iz.exe
2008-01-30 17:01 . 2008-01-30 17:01 62,168 --a------ G:\WINDOWS\system32\py.exe
2008-01-29 18:17 . 2008-01-29 18:17 29,184 -rahs---- G:\WINDOWS\wkssvc.exe
2008-01-29 13:47 . 2008-01-29 13:47 53,760 --ahs---- G:\WINDOWS\system32\mdm.exe
2008-01-29 13:44 . 2008-01-29 13:44 26,112 --a------ G:\WINDOWS\system32\spool.exe
2008-01-26 12:59 . 2008-01-26 13:00 55,296 --a------ G:\WINDOWS\system32\ox.exe
2008-01-26 12:32 . 2008-01-26 12:33 55,296 --a------ G:\WINDOWS\system32\th.exe
2008-01-26 12:27 . 2008-01-26 12:27 55,296 --a------ G:\WINDOWS\system32\jy.exe
2008-01-26 12:00 . 2008-01-26 12:01 55,296 --a------ G:\WINDOWS\system32\bd.exe
2008-01-26 11:58 . 2008-01-26 11:58 62,168 --a------ G:\WINDOWS\system32\sj.exe
2008-01-26 11:50 . 2008-01-26 11:50 55,296 --a------ G:\WINDOWS\system32\hp.exe
2008-01-26 11:34 . 2008-01-26 11:34 62,168 --a------ G:\WINDOWS\system32\up.exe
2008-01-26 11:28 . 2008-01-26 11:28 55,296 --a------ G:\WINDOWS\system32\zz.exe
2008-01-26 11:28 . 2008-01-26 11:28 55,296 --a------ G:\WINDOWS\system32\sy.exe
2008-01-26 11:17 . 2008-01-30 17:21 55,296 --a------ G:\WINDOWS\system32\jt.exe
2008-01-26 11:02 . 2008-01-26 11:02 62,168 --a------ G:\WINDOWS\system32\rv.exe
2008-01-26 10:56 . 2008-01-26 10:56 55,296 --a------ G:\WINDOWS\system32\ke.exe
2008-01-26 10:56 . 2008-01-26 10:56 55,296 --a------ G:\WINDOWS\system32\dk.exe
2008-01-26 10:54 . 2008-01-26 10:54 62,168 --a------ G:\WINDOWS\system32\cz.exe
2008-01-26 10:44 . 2008-01-26 10:44 55,296 --a------ G:\WINDOWS\system32\zx.exe
2008-01-26 10:30 . 2008-01-26 10:30 62,168 --a------ G:\WINDOWS\system32\me.exe
2008-01-26 10:30 . 2008-01-26 10:30 55,296 --a------ G:\WINDOWS\system32\jc.exe
2008-01-26 10:25 . 2008-01-26 10:25 55,296 --a------ G:\WINDOWS\system32\hw.exe
2008-01-26 10:12 . 2008-01-26 10:12 55,296 --a------ G:\WINDOWS\system32\kf.exe
2008-01-26 10:10 . 2008-01-26 10:10 55,296 --a------ G:\WINDOWS\system32\ip.exe
2008-01-26 09:58 . 2008-01-26 09:58 62,168 --a------ G:\WINDOWS\system32\wv.exe
2008-01-26 09:22 . 2008-01-26 09:22 55,296 --a------ G:\WINDOWS\system32\uo.exe
2008-01-26 09:14 . 2008-01-26 09:14 55,296 --a------ G:\WINDOWS\system32\ww.exe
2008-01-19 12:41 . 2008-01-19 12:41 <DIR> d-------- G:\Documents and Settings\Bar Ferraris\Dati applicazioni\GanymedeNet
2008-01-19 12:41 . 2008-01-19 12:41 4 --a------ G:\WINDOWS\system32\proc625010911.bin
2008-01-13 13:53 . 2007-06-08 09:44 8,576 --a------ G:\WINDOWS\system32\drivers\wmjqeixdaeps.sys
2008-01-13 13:27 . 2008-01-13 16:01 <DIR> d-------- G:\WINDOWS\system32\ActiveScan
2008-01-13 13:27 . 2008-01-13 14:06 30,590 --a------ G:\WINDOWS\system32\pavas.ico
2008-01-11 15:53 . 2008-01-11 15:53 <DIR> d--h----- G:\WINDOWS\system32\GroupPolicy
2008-01-07 23:07 . 2008-01-07 23:07 1,086 --a------ G:\ihbvoxmp.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 16:34 --------- d-----w G:\Documents and Settings\Bar Ferraris\Dati applicazioni\AVG7
2008-01-31 13:39 --------- d-----w C:\Programmi\eMule
2008-01-26 07:48 36,480 ----a-w G:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-01-19 19:45 --------- d-----w G:\Documents and Settings\Bar Ferraris\Dati applicazioni\.purple
2008-01-13 13:58 --------- d-----w C:\Programmi\Virgilio Toolbar
2008-01-13 13:56 --------- d-----w C:\Programmi\QuickTime
2008-01-13 13:41 --------- d-----w C:\Programmi\Google
2008-01-13 13:08 --------- d-----w C:\Programmi\DAEMON Tools
2008-01-11 17:37 --------- d-----w G:\Documents and Settings\Bar Ferraris\Dati applicazioni\gtk-2.0
2007-12-28 13:02 --------- d-----w C:\Programmi\Pidgin
2007-12-28 13:02 --------- d-----w C:\Programmi\File comuni\GTK
2007-12-27 06:37 --------- d-----w C:\Programmi\RegCure
2007-12-26 10:15 --------- d-----w G:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2007-12-25 16:50 135 ----a-w G:\fix.reg
2007-12-25 16:21 --------- d-----w C:\Programmi\PDFCreator Toolbar
2007-12-25 16:21 --------- d-----w C:\Programmi\PDF-Creator 2
2007-12-24 19:27 --------- d-----w C:\Programmi\File comuni\Agnitum Shared
2007-12-24 19:27 --------- d-----w C:\Programmi\Agnitum
2007-12-22 20:48 --------- d---a-w G:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-21 20:26 --------- d-----w C:\Programmi\a-squared Free
2007-12-19 16:36 --------- d-----w C:\Programmi\DivX
2007-12-15 10:15 9,344 ----a-w G:\WINDOWS\system32\drivers\NSDriver.sys
2007-12-15 10:15 8,320 ----a-w G:\WINDOWS\system32\drivers\AWRTRD.sys
2007-12-11 19:46 524,288 ----a-w G:\WINDOWS\system32\DivXsm.exe
2007-12-11 19:46 3,596,288 ----a-w G:\WINDOWS\system32\qt-dx331.dll
2007-12-11 19:45 200,704 ----a-w G:\WINDOWS\system32\ssldivx.dll
2007-12-11 19:45 1,044,480 ----a-w G:\WINDOWS\system32\libdivx.dll
2007-12-11 19:44 823,296 ----a-w G:\WINDOWS\system32\divx_xx0c.dll
2007-12-11 19:44 823,296 ----a-w G:\WINDOWS\system32\divx_xx07.dll
2007-12-11 19:44 81,920 ----a-w G:\WINDOWS\system32\dpl100.dll
2007-12-11 19:44 802,816 ----a-w G:\WINDOWS\system32\divx_xx11.dll
2007-12-11 19:44 682,496 ----a-w G:\WINDOWS\system32\DivX.dll
2007-12-11 19:44 593,920 ----a-w G:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 ----a-w G:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 ----a-w G:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 ----a-w G:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 ----a-w G:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 ----a-w G:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 196,608 ----a-w G:\WINDOWS\system32\dtu100.dll
2007-12-11 19:44 156,992 ----a-w G:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 ----a-w G:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-26 20:39 11,060,978 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_11_22_15_33_24_full.dmp.zip
2007-11-22 10:39 90,633 ----a-w G:\WINDOWS\4B0.tmp
2007-11-21 17:10 90,633 ----a-w G:\WINDOWS\196.tmp
2007-11-20 12:12 90,633 ----a-w G:\WINDOWS\194.tmp
2007-11-18 08:22 90,633 ----a-w G:\WINDOWS\192.tmp
2007-11-17 07:41 90,633 ----a-w G:\WINDOWS\190.tmp
2007-11-15 16:06 90,633 ----a-w G:\WINDOWS\18E.tmp
2007-11-14 08:19 90,633 ----a-w G:\WINDOWS\18C.tmp
2007-11-13 17:22 90,633 ----a-w G:\WINDOWS\18A.tmp
2007-11-12 07:30 90,633 ----a-w G:\WINDOWS\2D1.tmp
2007-11-11 12:51 98,304 ----a-w G:\WINDOWS\system32\pdfmona.dll
2007-11-11 12:51 50,364 ----a-w G:\WINDOWS\system32\pdf995mon.dll
2007-11-11 07:55 90,633 ----a-w G:\WINDOWS\26A.tmp
2007-11-10 10:50 90,633 ----a-w G:\WINDOWS\188.tmp
2007-11-09 18:49 72,192 ----a-w G:\WINDOWS\cadkasdeinst01e.exe
2007-11-09 08:38 90,633 ----a-w G:\WINDOWS\31C.tmp
2007-11-08 17:30 90,633 ----a-w G:\WINDOWS\2A9.tmp
2007-11-07 07:18 90,633 ----a-w G:\WINDOWS\24C.tmp
2007-11-05 12:40 90,633 ----a-w G:\WINDOWS\185.tmp
2007-11-04 17:33 90,633 ----a-w G:\WINDOWS\183.tmp
2007-11-03 08:00 90,633 ----a-w G:\WINDOWS\181.tmp
2007-11-02 17:26 90,633 ----a-w G:\WINDOWS\17F.tmp
2007-10-04 12:20 36,885 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_10_02_16_55_45_small.dmp.zip
2007-08-24 06:32 38,146 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_24_08_15_44_small.dmp.zip
2007-08-17 16:33 36,224 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_17_18_27_28_small.dmp.zip
2007-08-04 05:34 36,390 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_08_02_15_57_22_small.dmp.zip
2007-07-12 12:40 36,471 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_12_14_32_27_small.dmp.zip
2007-07-11 10:58 42,078 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_07_11_12_52_14_small.dmp.zip
2007-05-12 09:15 39,621 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_05_12_11_06_29_small.dmp.zip
2007-04-05 08:43 39,883 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_04_05_10_35_39_small.dmp.zip
2007-03-29 15:57 38,721 ----a-w G:\WINDOWS\Internet Logs\zlclient_2nd_2007_03_27_12_07_06_small.dmp.zip
2005-06-11 19:05 487,424 ----a-w G:\WINDOWS\Internet Logs\xDB22.tmp
2005-06-11 19:05 18,944 ----a-w G:\WINDOWS\Internet Logs\xDB23.tmp
2005-06-11 17:06 53,248 ----a-w G:\WINDOWS\Internet Logs\xDB21.tmp
2005-06-11 17:06 487,424 ----a-w G:\WINDOWS\Internet Logs\xDB20.tmp
2005-06-09 18:12 438,784 ----a-w G:\WINDOWS\Internet Logs\xDB1E.tmp
2005-06-09 18:12 16,896 ----a-w G:\WINDOWS\Internet Logs\xDB1F.tmp
2005-06-09 17:54 73,216 ----a-w G:\WINDOWS\Internet Logs\xDB1D.tmp
2005-06-09 17:54 438,784 ----a-w G:\WINDOWS\Internet Logs\xDB1C.tmp
2005-06-09 09:51 440,832 ----a-w G:\WINDOWS\Internet Logs\xDB1A.tmp
2005-06-09 09:50 209,408 ----a-w G:\WINDOWS\Internet Logs\xDB1B.tmp
2005-06-05 09:12 27,136 ----a-w G:\WINDOWS\Internet Logs\xDB18.tmp
2005-06-05 09:12 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB19.tmp
2005-06-05 08:55 769,536 ----a-w G:\WINDOWS\Internet Logs\xDB15.tmp
2005-06-05 08:55 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB17.tmp
2005-06-05 06:27 769,536 ----a-w G:\WINDOWS\Internet Logs\xDB13.tmp
2005-06-05 06:27 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB14.tmp
2005-06-04 20:53 769,536 ----a-w G:\WINDOWS\Internet Logs\xDB11.tmp
2005-06-04 20:53 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB12.tmp
2005-06-04 20:47 769,536 ----a-w G:\WINDOWS\Internet Logs\xDBF.tmp
2005-06-04 20:47 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB10.tmp
2005-06-04 19:39 769,536 ----a-w G:\WINDOWS\Internet Logs\xDBD.tmp
2005-06-04 19:39 12,800 ----a-w G:\WINDOWS\Internet Logs\xDBE.tmp
2005-06-04 19:33 769,536 ----a-w G:\WINDOWS\Internet Logs\xDBB.tmp
2005-06-04 19:33 12,800 ----a-w G:\WINDOWS\Internet Logs\xDBC.tmp
2005-06-04 12:21 769,536 ----a-w G:\WINDOWS\Internet Logs\xDB9.tmp
2005-06-04 12:21 12,800 ----a-w G:\WINDOWS\Internet Logs\xDBA.tmp
2005-06-04 11:46 769,536 ----a-w G:\WINDOWS\Internet Logs\xDB7.tmp
2005-06-04 11:46 12,800 ----a-w G:\WINDOWS\Internet Logs\xDB8.tmp
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="G:\WINDOWS\System32\ctfmon.exe" [2001-08-31 11:00 13312]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2001-12-07 16:24 1216512 G:\WINDOWS\mixer.exe]
"HydarVisionDesktopManager"="" []
"QuickTime Task"="C:\Programmi\QuickTime\bak\bak\qttask.exe" [2003-05-02 08:57 77824]
"AVG7_CC"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-01-31 16:58 14348]
"Outpost Firewall"="C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe" [2008-01-31 16:58 14348]
"OutpostFeedBack"="C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe" [2008-01-31 16:58 14348]
"VIRIT LITE MONITOR"="G:\VEXPLITE\MONLITE.EXE" [2008-01-31 16:58 14348]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2001-08-31 11:00 13312]
"AVG7_Run"="G:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-31 08:34 219136]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 20:07 171448]
G:\Documents and Settings\Bar Ferraris\Menu Avvio\Programmi\Esecuzione automatica\
Registrazione Corel.lnk - C:\Programmi\Corel\Graphics9\Register\Remind32.exe [2002-08-09 10:00:14 67584]
G:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 18:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Programmi\Agnitum\Outpost Firewall 1.0\wl_hook.dll
R0 BsStor;InCD Storage Helper Driver;G:\WINDOWS\System32\DRIVERS\bsstor.sys [2002-08-09 10:07]
R0 VIRAGTLT;VIRAGTLT;G:\WINDOWS\System32\drivers\VIRAGTLT.SYS [2008-01-26 08:48]
R1 VFILT;Outpost Firewall Kernel Driver;C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS [2006-03-30 10:53]
S3 Linux.DLL;Outpost Firewall PlugIn (Linux.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\Linux.DLL [2006-03-30 10:53]
S3 ARP.DLL;Outpost Firewall PlugIn (ARP.DLL);C:\Programmi\Agnitum\Outpost Firewall 1.0\kernel\ARP.DLL [2006-03-30 10:53]
S3 CONTENT.DLL;Outpost Firewall PlugIn (CONTENT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL [2006-03-30 10:53]
S3 DNSCACHE.DLL;Outpost Firewall PlugIn (DNSCACHE.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL [2006-03-30 10:53]
S3 FTPFILT.DLL;Outpost Firewall PlugIn (FTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL [2006-03-30 10:53]
S3 HTMLFILT.DLL;Outpost Firewall PlugIn (HTMLFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL [2006-03-30 10:53]
S3 HTTPFILT.DLL;Outpost Firewall PlugIn (HTTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL [2006-03-30 10:53]
S3 IMAPFILT.DLL;Outpost Firewall PlugIn (IMAPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL [2006-03-30 10:53]
S3 MAILFILT.DLL;Outpost Firewall PlugIn (MAILFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL [2006-03-30 10:53]
S3 NNTPFILT.DLL;Outpost Firewall PlugIn (NNTPFILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL [2006-03-30 10:53]
S3 POP3FILT.DLL;Outpost Firewall PlugIn (POP3FILT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL [2006-03-30 10:53]
S3 PROTECT.DLL;Outpost Firewall PlugIn (PROTECT.DLL);C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL [2006-03-30 10:53]
S3 s3m;s3m;G:\WINDOWS\System32\DRIVERS\s3m.sys [2001-08-17 19:50]
S3 SECRET.DLL;Outpost Firewall PlugIn (SECRET.DLL);C:\Programmi\Agnitum\Outpost Firewall 1.0\kernel\SECRET.DLL [2006-03-30 10:53]
S4 BsUDF;InCD UDF Driver;G:\WINDOWS\System32\drivers\BsUDF.sys [2002-08-09 10:07]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\WINDOWS\inf\unregmp2.exe /ShowWMP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-02 03:18:54 G:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Programmi\RegCure\RegCure.exe
"2007-12-27 06:40:19 G:\WINDOWS\Tasks\RegCure.job"
- C:\Programmi\RegCure\RegCure.exe
"2008-02-02 03:18:52 G:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 04:43:01
Windows 5.1.2600 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
Scansione files nascosti ...
Scansione completata con successo
Files nascosti: 0
**************************************************************************
.
Ora fine scansione: 2008-02-02 4.47.33
ComboFix-quarantined-files.txt 2008-02-02 03:47:17
ComboFix2.txt 2008-01-07 13:16:58
ComboFix3.txt 2008-01-07 21:12:58
ComboFix4.txt 2007-12-23 16:33:19
.
2008-01-11 13:21:31 --- E O F --- |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 02 Feb 2008 22:29 Oggetto: |
|
|
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
G:\WINDOWS\system32\tj
G:\WINDOWS\system32\uf.exe
G:\WINDOWS\system32\ph.exe
G:\WINDOWS\system32\zu.exe
G:\WINDOWS\system32\hr.exe
G:\WINDOWS\system32\ik.exe
G:\WINDOWS\system32\ig.exe
G:\WINDOWS\system32\pw.exe
G:\WINDOWS\system32\iz.exe
G:\WINDOWS\system32\py.exe
G:\WINDOWS\wkssvc.exe
G:\WINDOWS\system32\mdm.exe
G:\WINDOWS\system32\spool.exe
G:\WINDOWS\system32\ox.exe
G:\WINDOWS\system32\th.exe
G:\WINDOWS\system32\jy.exe
G:\WINDOWS\system32\bd.exe
G:\WINDOWS\system32\sj.exe
G:\WINDOWS\system32\hp.exe
G:\WINDOWS\system32\up.exe
G:\WINDOWS\system32\zz.exe
G:\WINDOWS\system32\sy.exe
G:\WINDOWS\system32\jt.exe
G:\WINDOWS\system32\rv.exe
G:\WINDOWS\system32\ke.exe
G:\WINDOWS\system32\dk.exe
G:\WINDOWS\system32\cz.exe
G:\WINDOWS\system32\zx.exe
G:\WINDOWS\system32\me.exe
G:\WINDOWS\system32\jc.exe
G:\WINDOWS\system32\hw.exe
G:\WINDOWS\system32\kf.exe
G:\WINDOWS\system32\ip.exe
G:\WINDOWS\system32\wv.exe
G:\WINDOWS\system32\uo.exe
G:\WINDOWS\system32\ww.exe
G:\WINDOWS\system32\drivers\wmjqeixdaeps.sys |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Poi, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 07 Feb 2008 22:58 Oggetto: |
|
|
Ho installato nod32 che mi ha eliminato alcuni file, gli altri li ho eliminati con avenger (quelli che non ha trovato erano già stati eliminati con nod).
Devo ancora collegarmi a BitDefender e Kaspersky, intanto ti posto i log.
Eccoli:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\iiiuesps
*******************
Script file located at: \??\G:\WINDOWS\mjnrtcjp.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at G:\Avenger
*******************
Beginning to process script file:
File G:\WINDOWS\system32\tj deleted successfully.
File G:\WINDOWS\system32\uf.exe not found!
Deletion of file G:\WINDOWS\system32\uf.exe failed!
Could not process line:
G:\WINDOWS\system32\uf.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ph.exe not found!
Deletion of file G:\WINDOWS\system32\ph.exe failed!
Could not process line:
G:\WINDOWS\system32\ph.exe
Status: 0xc0000034
File G:\WINDOWS\system32\zu.exe not found!
Deletion of file G:\WINDOWS\system32\zu.exe failed!
Could not process line:
G:\WINDOWS\system32\zu.exe
Status: 0xc0000034
File G:\WINDOWS\system32\hr.exe not found!
Deletion of file G:\WINDOWS\system32\hr.exe failed!
Could not process line:
G:\WINDOWS\system32\hr.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ik.exe not found!
Deletion of file G:\WINDOWS\system32\ik.exe failed!
Could not process line:
G:\WINDOWS\system32\ik.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ig.exe not found!
Deletion of file G:\WINDOWS\system32\ig.exe failed!
Could not process line:
G:\WINDOWS\system32\ig.exe
Status: 0xc0000034
File G:\WINDOWS\system32\pw.exe not found!
Deletion of file G:\WINDOWS\system32\pw.exe failed!
Could not process line:
G:\WINDOWS\system32\pw.exe
Status: 0xc0000034
File G:\WINDOWS\system32\iz.exe not found!
Deletion of file G:\WINDOWS\system32\iz.exe failed!
Could not process line:
G:\WINDOWS\system32\iz.exe
Status: 0xc0000034
File G:\WINDOWS\system32\py.exe not found!
Deletion of file G:\WINDOWS\system32\py.exe failed!
Could not process line:
G:\WINDOWS\system32\py.exe
Status: 0xc0000034
File G:\WINDOWS\wkssvc.exe not found!
Deletion of file G:\WINDOWS\wkssvc.exe failed!
Could not process line:
G:\WINDOWS\wkssvc.exe
Status: 0xc0000034
File G:\WINDOWS\system32\mdm.exe deleted successfully.
File G:\WINDOWS\system32\spool.exe not found!
Deletion of file G:\WINDOWS\system32\spool.exe failed!
Could not process line:
G:\WINDOWS\system32\spool.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ox.exe not found!
Deletion of file G:\WINDOWS\system32\ox.exe failed!
Could not process line:
G:\WINDOWS\system32\ox.exe
Status: 0xc0000034
File G:\WINDOWS\system32\th.exe not found!
Deletion of file G:\WINDOWS\system32\th.exe failed!
Could not process line:
G:\WINDOWS\system32\th.exe
Status: 0xc0000034
File G:\WINDOWS\system32\jy.exe not found!
Deletion of file G:\WINDOWS\system32\jy.exe failed!
Could not process line:
G:\WINDOWS\system32\jy.exe
Status: 0xc0000034
File G:\WINDOWS\system32\bd.exe not found!
Deletion of file G:\WINDOWS\system32\bd.exe failed!
Could not process line:
G:\WINDOWS\system32\bd.exe
Status: 0xc0000034
File G:\WINDOWS\system32\sj.exe not found!
Deletion of file G:\WINDOWS\system32\sj.exe failed!
Could not process line:
G:\WINDOWS\system32\sj.exe
Status: 0xc0000034
File G:\WINDOWS\system32\hp.exe not found!
Deletion of file G:\WINDOWS\system32\hp.exe failed!
Could not process line:
G:\WINDOWS\system32\hp.exe
Status: 0xc0000034
File G:\WINDOWS\system32\up.exe not found!
Deletion of file G:\WINDOWS\system32\up.exe failed!
Could not process line:
G:\WINDOWS\system32\up.exe
Status: 0xc0000034
File G:\WINDOWS\system32\zz.exe not found!
Deletion of file G:\WINDOWS\system32\zz.exe failed!
Could not process line:
G:\WINDOWS\system32\zz.exe
Status: 0xc0000034
File G:\WINDOWS\system32\sy.exe not found!
Deletion of file G:\WINDOWS\system32\sy.exe failed!
Could not process line:
G:\WINDOWS\system32\sy.exe
Status: 0xc0000034
File G:\WINDOWS\system32\jt.exe not found!
Deletion of file G:\WINDOWS\system32\jt.exe failed!
Could not process line:
G:\WINDOWS\system32\jt.exe
Status: 0xc0000034
File G:\WINDOWS\system32\rv.exe not found!
Deletion of file G:\WINDOWS\system32\rv.exe failed!
Could not process line:
G:\WINDOWS\system32\rv.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ke.exe not found!
Deletion of file G:\WINDOWS\system32\ke.exe failed!
Could not process line:
G:\WINDOWS\system32\ke.exe
Status: 0xc0000034
File G:\WINDOWS\system32\dk.exe not found!
Deletion of file G:\WINDOWS\system32\dk.exe failed!
Could not process line:
G:\WINDOWS\system32\dk.exe
Status: 0xc0000034
File G:\WINDOWS\system32\cz.exe not found!
Deletion of file G:\WINDOWS\system32\cz.exe failed!
Could not process line:
G:\WINDOWS\system32\cz.exe
Status: 0xc0000034
File G:\WINDOWS\system32\zx.exe not found!
Deletion of file G:\WINDOWS\system32\zx.exe failed!
Could not process line:
G:\WINDOWS\system32\zx.exe
Status: 0xc0000034
File G:\WINDOWS\system32\me.exe not found!
Deletion of file G:\WINDOWS\system32\me.exe failed!
Could not process line:
G:\WINDOWS\system32\me.exe
Status: 0xc0000034
File G:\WINDOWS\system32\jc.exe not found!
Deletion of file G:\WINDOWS\system32\jc.exe failed!
Could not process line:
G:\WINDOWS\system32\jc.exe
Status: 0xc0000034
File G:\WINDOWS\system32\hw.exe not found!
Deletion of file G:\WINDOWS\system32\hw.exe failed!
Could not process line:
G:\WINDOWS\system32\hw.exe
Status: 0xc0000034
File G:\WINDOWS\system32\kf.exe not found!
Deletion of file G:\WINDOWS\system32\kf.exe failed!
Could not process line:
G:\WINDOWS\system32\kf.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ip.exe not found!
Deletion of file G:\WINDOWS\system32\ip.exe failed!
Could not process line:
G:\WINDOWS\system32\ip.exe
Status: 0xc0000034
File G:\WINDOWS\system32\wv.exe not found!
Deletion of file G:\WINDOWS\system32\wv.exe failed!
Could not process line:
G:\WINDOWS\system32\wv.exe
Status: 0xc0000034
File G:\WINDOWS\system32\uo.exe not found!
Deletion of file G:\WINDOWS\system32\uo.exe failed!
Could not process line:
G:\WINDOWS\system32\uo.exe
Status: 0xc0000034
File G:\WINDOWS\system32\ww.exe not found!
Deletion of file G:\WINDOWS\system32\ww.exe failed!
Could not process line:
G:\WINDOWS\system32\ww.exe
Status: 0xc0000034
File G:\WINDOWS\system32\drivers\wmjqeixdaeps.sys deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.53.13, on 07/02/2008
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\Eset\nod32kui.exe
G:\WINDOWS\System32\swchost.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
G:\WINDOWS\system32\notepad.exe
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Documents and Settings\Bar Ferraris\Desktop\utility pc\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows MSN2 XP] G:\WINDOWS\System32\swchost.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows MSN2 XP] G:\WINDOWS\System32\swchost.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O20 - AppInit_DLLs: C:\Programmi\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)
--
End of file - 6086 bytes |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 07 Feb 2008 23:15 Oggetto: |
|
|
Apri il notepad, e copia/incolla questo codice
| Citazione: | Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows MSN2 XP"=-
"Windows Networking Monitoring"=- |
poi salva il file col nome di fix.reg in C:\ (IMPORTANTE!)
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
| Citazione: | Files to delete:
G:\WINDOWS\System32\swchost.exe
G:\WINDOWS\System32\mdm.exe
Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Windows MSN2 XP
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Windows Networking Monitoring
Programs to launch on reboot:
C:\fix.reg |
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
Jon Snow
Eroe
Registrato: 23/12/07 00:37
Messaggi: 50
|
| Inviato: 08 Feb 2008 13:59 Oggetto: |
 |
|
Ho fatto come mi hai detto ma al riavvio non mi ha salvato nulla nel report di avenger 
Comunque ecco i file di bitdefender e kaspersky, oltre a un log aggiornato di HJT.
bitDefenderReport.html
scanKaspersky2.html
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.48.34, on 08/02/2008
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\System32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
c:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
G:\WINDOWS\Mixer.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Eset\nod32kui.exe
G:\WINDOWS\System32\swchost.exe
G:\WINDOWS\System32\mdm.exe
G:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
G:\WINDOWS\System32\svchost.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Corel\Graphics9\Register\Remind32.exe
G:\WINDOWS\System32\WgaTray.exe
G:\WINDOWS\System32\wuauclt.exe
G:\Documents and Settings\Bar Ferraris\Desktop\utility pc\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dbsarticles.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - G:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virgilio Toolbar - {D3403F28-7D39-435F-A8CB-45016C29E48E} - C:\Programmi\Virgilio Toolbar\VirgilioBand.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Windows MSN2 XP] G:\WINDOWS\System32\swchost.exe
O4 - HKLM\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Windows MSN2 XP] G:\WINDOWS\System32\swchost.exe
O4 - HKCU\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Networking Monitoring] G:\WINDOWS\System32\mdm.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registrazione Corel.lnk = C:\Programmi\Corel\Graphics9\Register\Remind32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5190/mcfscan.cab
O20 - AppInit_DLLs: C:\Programmi\Agnitum\Outpost Firewall 1.0\wl_hook.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - G:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - G:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Advance Service Process - Unknown owner - C:\Programmi\File comuni\System\MSASP32.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)
--
End of file - 6480 bytes |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
