HO L' ANTIVIRGEAR!! AIUTATEMI!!!!

[alessandro.aleale]

HO usato lo smitfraudfix in modaità provvisoria e disinstallato l' ultimate defender....ma NIENTE!!! ce l' ho ancora!!

questo è il mio log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.53.15, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Prgrmm\ACDSee32\ACDSee32.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Prgrmm\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Programmi\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotDeletingA9957] command /c del "C:\Programmi\Video ActiveX Access\imsmain.exe_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8919] cmd /c del "C:\Programmi\Video ActiveX Access\imsmain.exe_tobedeleted_old_tobedeleted_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Prgrmm\Spybot\SpybotSD.exe" /autocheck
O4 - HKCU\..\RunOnce: [SpybotDeletingB1049] command /c del "C:\Programmi\Video ActiveX Access\imsmain.exe_tobedeleted_old_tobedeleted_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8600] cmd /c del "C:\Programmi\Video ActiveX Access\imsmain.exe_tobedeleted_old_tobedeleted_old"
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Prgrmm\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Prgrmm\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--
End of file - 3901 bytes

[Luke57]

Ciao, allega un report di hijackthis fatto dalla modalità normale.

[alessandro.aleale]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.23.43, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\Prgrmm\Mozilla Firefox\firefox.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\Prgrmm\ACDSee32\ACDSee32.exe
C:\Programmi\Prgrmm\HiJackThis_v2.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Programmi\Video ActiveX Access\iesbpl.dll (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Prgrmm\Spybot\SpybotSD.exe" /autocheck
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Prgrmm\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Prgrmm\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{423CD134-6E59-45A2-804B-9A525805D925}: NameServer = 85.37.17.11 85.38.28.69
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--
End of file - 3906 bytes

[Luke57]

Ciao, Scarica LSpfix da qui:
http://www.cexx.org/lspfix.zip


Poi scaricA The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe. (applicazioni chiuse e antivirus disattivato)
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:

folders to delete:
C:\Programmi\Video ActiveX Access

Files to delete:
C:\WINDOWS\system32\pluwue.dll


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt

Poi apri hijackthis, cerca e spunta le voci seguenti:
O3 - Toolbar: Protection Bar - {F06E2ABE-3A50-4079-BE25-FC100D9EAA25} - C:\Programmi\Video ActiveX Access\iesbpl.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\laf2.dll
O22 - SharedTaskScheduler: flensburg - {d6ef030a-a235-41ba-9ead-89b6ff542f00} - C:\WINDOWS\system32\pluwue.dll

premi fix checked.


Poi apri lspfix ,nella schermata che appare metti il flag nella casella I know what I’m doing , e sposta utilizzando le doppie freccie il file iaf2.dll nella casella a destra e premi finish.

Inoltre, disistalla da pannello di controllo, insttallazioni\applicazioni , se presenti, qualsiasi riferimento al programma.

[ubidoc]

Ieri pomeriggio mi sono beccato Antivirgear. Dopo inutili ricerche ho trovato (su Google) Superantispywares (gratuito). Ha lavorato per 45 minuti ed alla fine il PC era pulito (ha eliminato anche altri virus che Norton aveva ignorato) Lo consiglio a tutti !

[ubidoc]

Dimenticavo l'indirizzo :www. Superantispywres.com. Scaricate l'edizione free naturalmente. Ciao e smettetela addesso di smanettare il PC manualmente !

[ubidoc]

Dimenticavo l'indirizzo :www. Superantispywares.com. Scaricate l'edizione free naturalmente. Ciao e smettetela addesso di smanettare il PC manualmente !