Condividi:        

VIRTUMONDE (help)

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

VIRTUMONDE (help)

Postdi ventodelsud » 01/12/07 16:02

Salve a tutti....

ennesimo problemino da sottoporre all'attenzione di Luke57 (il quale saluto e al quale ricordo che già mi ha aiutato in altre occasioni, purtroppo i virus non mi danno tregua)....

Il pc stavolta ha il virus VIRTUMONDE. Ho trovato un altro topic in cui si parlava di esso, ho scaricato Vundofix ed effettuato le varie operazioni di scansione, ma non ha riscontrato nulla per cui il report non lo ha rilasciato.

Posto qui invece il logfile di hijackthis del pc, in attesa di ricevere una risposta su come posso fare per risolvere il problema....

Premetto che ho effettuato scansioni con nod32, e pandapro senza risultato



Logfile of HijackThis v1.99.1
Scan saved at 14.18.15, on 01/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\DSL-200\dslstat.exe
C:\Program Files\D-Link\DSL-200\dslagent.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\Programmi\Logitech\ImageStudio\LogiTray.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Apple Computer\DVD@ccess\DVDAccess.exe
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Antonella\Desktop\HijackThis\HijackThis.exe
C:\Documents and Settings\Antonella\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2EF8CE15-578E-4BB7-965A-313290A197ED} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {64A27D56-5BED-43EB-B7FF-5B3A66298D5E} - C:\WINDOWS\system32\ssttt.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {77681b01-78da-a2cb-fc24-aa2fa735f36b} - {b63f537a-f2aa-42cf-bc2a-ad8710b18677} - C:\WINDOWS\system32\gxdmhwbe.dll (file missing)
O2 - BHO: (no name) - {BABE6B33-94D9-4C19-9B15-6F5FA0314CE7} - C:\WINDOWS\system32\iiiji.dll
O2 - BHO: (no name) - {D969F898-DE74-4392-8270-7292EC46795C} - (no file)
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\D-Link\DSL-200\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\D-Link\DSL-200\dslagent.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [MpegAtomGreatHeart] C:\Documents and Settings\All Users\Dati applicazioni\cornstupidmpegatom\real more.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [64d00183] rundll32.exe "C:\WINDOWS\system32\tcftnwyo.dll",b
O4 - HKCU\..\Run: [Remote Team] C:\DOCUME~1\ANTONE~1\DATIAP~1\DEFAUL~1\boobplus.exe
O4 - HKCU\..\Run: [AntiSpywareBot] C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DVD@ccess.lnk = ?
O4 - Global Startup: LUMIX Simple Viewer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .avi: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .bmp: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .png: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .wav: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast.go.com/v3/setup/act ... ontrol.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://alidicartacolorata.spaces.live.c ... nPUpld.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://alidicartacolorata.spaces.live.c ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://bmm.imgag.com/imgag/cp/install/crusher-it.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - http://a.download.toontown.com/sv1.0.20.19/ttinst.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.com/games/downloads/g ... anager.cab
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C27F8DE7-8589-45B3-A70C-88875BF62691}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: bw+0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {E0A972FE-B589-4D31-B4AA-903CC49AB6C7} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: khfghhf - khfghhf.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe



vi ringrazio anticipatamente
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Sponsor
 

Postdi Luke57 » 01/12/07 16:12

Ciao, scarica questo tool sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus

Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le instruzioni e alla fine verrà generato un log.

Riavvia il pc, riattiva Antivir , collegati e posta questi il log C:\combofix.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 01/12/07 16:29

lukeeeeeee carissimo meno male che ci sei tu prima di tutto grazie x avermi risposto

ma come faccio a disattivare nod32 ? :(
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 01/12/07 16:35

Ciao, di solito si clicca sull'icona con il dx del mouse e si sceglie l'opzione giusta, ma se non ti riesce esegui ugualmente la scansione con combofix.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 01/12/07 16:38

va bene, ci provo, stasera o al massimo domani posto il log. intanto ti ringrazio...per la tua infinita disponibilità.

(ps: l'orario di questo forum segna un'ora avanti)
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi ventodelsud » 01/12/07 22:40

QUESTO è IL LOG EFFETTUATO UTILIZZANDO COMBOFIX


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Avvio\Programmi.\AntiSpywareBot
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\DataBase.ref
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 16 - 07_05_50 PM_933.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 16 - 07_06_21 PM_697.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 16 - 07_06_47 PM_995.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 17 - 03_00_39 AM_097.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 17 - 03_01_44 AM_050.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 17 - 09_01_28 AM_040.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Log\2007 Nov 17 - 11_26_18 PM_745.log
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\rs.dat
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\CustomScan.stg
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\IgnoreList.stg
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\ScanInfo.stg
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\ScanResults.stg
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\SelectedFolders.stg
C:\Documents and Settings\Antonella\Dati applicazioni\AntiSpywareBot\Settings\Settings.stg
C:\Documents and Settings\Antonella\Preferiti\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\Tasks.\AntiSpywareBot Scheduled Scan.job

.
((((((((((((((((((((((((( Files Creati Da 2007-11-01 al 2007-12-01 )))))))))))))))))))))))))))))))))))
.

2007-11-19 20:13 <DIR> d-------- C:\VundoFix Backups
2007-11-18 10:06 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2007-11-18 01:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-11-17 20:29 <DIR> d-------- C:\Programmi\Enigma Software Group
2007-11-16 19:58 <DIR> d-------- C:\Programmi\a-squared Free
2007-11-16 15:26 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Prevx
2007-11-16 15:19 <DIR> d-------- C:\Temp
2007-11-15 22:56 <DIR> d-------- C:\Programmi\XoftSpySE
2007-11-14 01:54 107,283 --ahs---- C:\WINDOWS\system32\ijiii.ini2
2007-11-13 22:14 1,444,695 --ahs---- C:\WINDOWS\system32\oywntfct.ini
2007-11-13 22:08 669,293 --ahs---- C:\WINDOWS\system32\nkhesnhn.ini
2007-11-13 22:08 88,128 --a------ C:\WINDOWS\system32\nhnsehkn.dll
2007-11-13 18:39 669,233 --ahs---- C:\WINDOWS\system32\rvdnnhkw.ini
2007-11-13 18:39 88,128 --a------ C:\WINDOWS\system32\wkhnndvr.dll
2007-11-13 18:39 80,448 --a------ C:\WINDOWS\system32\teuwdicb.dll
2007-11-13 18:30 590,494 --ahs---- C:\WINDOWS\system32\jiovakrk.ini
2007-11-13 18:23 122,131 --ahs---- C:\WINDOWS\system32\ijiii.ini
2007-11-12 17:02 590,434 --ahs---- C:\WINDOWS\system32\wckyfknu.ini
2007-11-12 16:57 105,976 --ahs---- C:\WINDOWS\system32\ijiii.tmp
2007-11-12 16:57 81,472 --a------ C:\WINDOWS\system32\ilcrcemh.dll
2007-11-12 16:55 124,558 --ahs---- C:\WINDOWS\system32\ijiii.bak2
2007-11-11 22:49 0 --a------ C:\WINDOWS\system32\mcrh.tmp
2007-11-11 21:26 6,470 --ahs---- C:\WINDOWS\system32\ijiii.bak1
2007-11-11 21:25 319,072 --a------ C:\WINDOWS\system32\iiiji.dll
2007-11-11 10:13 584,476 --ahs---- C:\WINDOWS\system32\qapasoii.ini
2007-11-11 10:13 88,128 --a------ C:\WINDOWS\system32\iiosapaq.dll
2007-11-11 10:07 79,936 --a------ C:\WINDOWS\system32\iylevqim.dll
2007-11-10 22:03 101,686 --ahs---- C:\WINDOWS\system32\tttss.bak1
2007-11-10 22:01 103,267 --ahs---- C:\WINDOWS\system32\tttss.ini
2007-11-10 09:33 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-11-10 09:29 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2007-11-10 07:14 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-10 07:14 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-10 07:14 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-10 00:31 <DIR> d-------- C:\Programmi\Microsoft CAPICOM 2.1.0.2
2007-11-09 14:46 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2007-11-09 14:44 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 12:21 --------- d-----w C:\Programmi\eMule
2007-12-01 07:41 --------- d-----w C:\Programmi\Patrician III - Impero dei Mari
2007-11-24 15:42 --------- d-----w C:\Programmi\vanBasco's Karaoke Player
2007-11-21 18:40 --------- d-----w C:\Programmi\Imperivm - Le Grandi Battaglie di Roma
2007-11-17 18:29 --------- d-----w C:\Programmi\Macrogaming
2007-11-16 17:43 --------- d-----w C:\Programmi\Windows Live
2007-11-13 21:12 --------- d-----w C:\Programmi\MSN Messenger
2007-10-27 12:45 21,052 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-10-27 12:45 15,144 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-10-27 12:45 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-10-26 21:31 --------- d-----w C:\Programmi\Tzar Excalibur e il Re Artù
2007-10-26 21:29 --------- d-----w C:\Programmi\Cryo
2007-10-26 21:21 --------- d-----w C:\Programmi\Activision
2007-10-26 21:13 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-10-23 16:49 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-17 09:56 --------- d-----w C:\Programmi\Ferrero
2007-10-14 14:58 --------- d-----w C:\Programmi\Apple Computer
2007-10-12 18:05 --------- d-----w C:\Programmi\Java
2007-10-07 13:52 --------- d-----w C:\Programmi\Imperivm Civitas
2007-10-01 17:29 --------- d-----w C:\Programmi\PeerGuardian2
2007-01-27 16:25 8 -csh--r C:\WINDOWS\system32\A48D8C89DF.sys
2007-04-15 19:38 56 -csh--r C:\WINDOWS\system32\DF898C8DA4.sys
2007-05-29 18:03 6,580 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{09BB4E84-8982-49AE-AABD-31C8B5B557EF}]
2007-11-11 21:26 319072 --a------ C:\WINDOWS\system32\iiiji.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2EF8CE15-578E-4BB7-965A-313290A197ED}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64A27D56-5BED-43EB-B7FF-5B3A66298D5E}]
C:\WINDOWS\system32\ssttt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b63f537a-f2aa-42cf-bc2a-ad8710b18677}]
C:\WINDOWS\system32\gxdmhwbe.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D969F898-DE74-4392-8270-7292EC46795C}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCamRT.exe"="" []
"Remote Team"="C:\DOCUME~1\ANTONE~1\DATIAP~1\DEFAUL~1\boobplus.exe" []
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DSLSTATEXE"="C:\Program Files\D-Link\DSL-200\dslstat.exe" [2005-12-12 08:44]
"DSLAGENTEXE"="C:\Program Files\D-Link\DSL-200\dslagent.exe" [2005-08-25 10:47]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-04-02 10:14]
"ISUSPM Startup"="C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"MpegAtomGreatHeart"="C:\Documents and Settings\All Users\Dati applicazioni\cornstupidmpegatom\real more.exe" []
"LVCOMS"="C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 17:54]
"LogitechImageStudioTray"="C:\Programmi\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 18:31]
"LogitechGalleryRepair"="C:\Programmi\Logitech\ImageStudio\ISStart.exe" [2002-12-10 18:32]
"64d00183"="C:\WINDOWS\system32\tcftnwyo.dll" []

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-01-09 18:05:17]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
DVD@ccess.lnk - C:\Programmi\Apple Computer\DVD@ccess\DVDAccess.exe [2007-10-14 15:58:57]
LUMIX Simple Viewer.lnk - C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2006-06-29 20:15:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfghhf]
khfghhf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\iiiji.dll


*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'
"2007-12-01 21:00:10 C:\WINDOWS\Tasks\AC60E1FD91E79575.job"
- c:\docume~1\antone~1\datiap~1\defaul~1\curbstupidface.exe
"2007-12-01 20:15:20 C:\WINDOWS\Tasks\XoftSpySE 2.job"
"2007-11-17 07:57:54 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Programmi\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 21:58:18
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-12-01 22:03:55
.
--- E O F ---







COSA DEVO FARE ORA ? :(
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 01/12/07 23:45

Ciao, scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip
lo salvi in una cartella, scompatti il file .zip. individua avenger.exe, lo avvii.

Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


Files to delete:
C:\WINDOWS\system32\ijiii.ini2
C:\WINDOWS\system32\oywntfct.ini
C:\WINDOWS\system32\nkhesnhn.ini
C:\WINDOWS\system32\nhnsehkn.dll
C:\WINDOWS\system32\rvdnnhkw.ini
C:\WINDOWS\system32\wkhnndvr.dll
C:\WINDOWS\system32\teuwdicb.dll
C:\WINDOWS\system32\jiovakrk.ini
C:\WINDOWS\system32\ijiii.ini
C:\WINDOWS\system32\wckyfknu.ini
C:\WINDOWS\system32\ijiii.tmp
C:\WINDOWS\system32\ilcrcemh.dll
C:\WINDOWS\system32\ijiii.bak2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ijiii.bak1
C:\WINDOWS\system32\iiiji.dll
C:\WINDOWS\system32\qapasoii.ini
C:\WINDOWS\system32\iiosapaq.dll
C:\WINDOWS\system32\iylevqim.dll
C:\WINDOWS\system32\tttss.bak1
C:\WINDOWS\system32\tttss.ini
C:\WINDOWS\Tasks\AC60E1FD91E79575.job
C:\WINDOWS\system32\tcftnwyo.dll
C:\WINDOWS\system32\khfghhf.dll


folders to delete:
C:\Windows\Temp

registry keys to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{09BB4E84-8982-49AE-AABD-31C8B5B557EF}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{2EF8CE15-578E-4BB7-965A-313290A197ED}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{64A27D56-5BED-43EB-B7FF-5B3A66298D5E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{b63f537a-f2aa-42cf-bc2a-ad8710b18677}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{D969F898-DE74-4392-8270-7292EC46795C}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfghhf

registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | 64d00183



Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt

Esegui una nuova scansione con vundofix.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 02/12/07 08:46

Buongiorno Luke e buona domenica...
ho effettuato le operazioni che mi hai suggerito e i risultati sono questi....

qui c'è il log di Avenger :


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fscgabxy

*******************

Script file located at: \??\C:\sxbpumou.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\ijiii.ini2 deleted successfully.
File C:\WINDOWS\system32\oywntfct.ini deleted successfully.
File C:\WINDOWS\system32\nkhesnhn.ini deleted successfully.
File C:\WINDOWS\system32\nhnsehkn.dll deleted successfully.
File C:\WINDOWS\system32\rvdnnhkw.ini deleted successfully.
File C:\WINDOWS\system32\wkhnndvr.dll deleted successfully.
File C:\WINDOWS\system32\teuwdicb.dll deleted successfully.
File C:\WINDOWS\system32\jiovakrk.ini deleted successfully.
File C:\WINDOWS\system32\ijiii.ini deleted successfully.
File C:\WINDOWS\system32\wckyfknu.ini deleted successfully.
File C:\WINDOWS\system32\ijiii.tmp deleted successfully.
File C:\WINDOWS\system32\ilcrcemh.dll deleted successfully.
File C:\WINDOWS\system32\ijiii.bak2 deleted successfully.
File C:\WINDOWS\system32\mcrh.tmp deleted successfully.
File C:\WINDOWS\system32\ijiii.bak1 deleted successfully.
File C:\WINDOWS\system32\iiiji.dll deleted successfully.
File C:\WINDOWS\system32\qapasoii.ini deleted successfully.
File C:\WINDOWS\system32\iiosapaq.dll deleted successfully.
File C:\WINDOWS\system32\iylevqim.dll deleted successfully.
File C:\WINDOWS\system32\tttss.bak1 deleted successfully.
File C:\WINDOWS\system32\tttss.ini deleted successfully.
File C:\WINDOWS\Tasks\AC60E1FD91E79575.job deleted successfully.


File C:\WINDOWS\system32\tcftnwyo.dll not found!
Deletion of file C:\WINDOWS\system32\tcftnwyo.dll failed!

Could not process line:
C:\WINDOWS\system32\tcftnwyo.dll
Status: 0xc0000034



File C:\WINDOWS\system32\khfghhf.dll not found!
Deletion of file C:\WINDOWS\system32\khfghhf.dll failed!

Could not process line:
C:\WINDOWS\system32\khfghhf.dll
Status: 0xc0000034

Folder C:\Windows\Temp deleted successfully.


Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{09BB4E84-8982-49AE-AABD-31C8B5B557EF} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{09BB4E84-8982-49AE-AABD-31C8B5B557EF} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{2EF8CE15-578E-4BB7-965A-313290A197ED} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{2EF8CE15-578E-4BB7-965A-313290A197ED} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{64A27D56-5BED-43EB-B7FF-5B3A66298D5E} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{64A27D56-5BED-43EB-B7FF-5B3A66298D5E} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{b63f537a-f2aa-42cf-bc2a-ad8710b18677} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{b63f537a-f2aa-42cf-bc2a-ad8710b18677} failed!
Status: 0xc0000034



Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{D969F898-DE74-4392-8270-7292EC46795C} not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows \CurrentVersion\Explorer\Browser Helper Objects\{D969F898-DE74-4392-8270-7292EC46795C} failed!
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\khfghhf deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|64d00183 deleted successfully.

Completed script processing.

*******************

Finished! Terminate.





poi ho rifatto la scansione con Vundo fix e mi ha dato questo log


VundoFix V6.6.2

Checking Java version...

Sun Java not detected
Scan started at 0.55.25 02/12/2007

Listing files found while scanning....

No infected files were found.


Beginning removal...




da notare però che il vundo fix non mi aveva trovato nulla nemmeno nella prima scansione che avevo fatto....


adesso? :( attendo con ansia tue nuove....
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 02/12/07 10:39

Ciao, vediamo che cosa c'è rimasto:
scarica systemscan
http://www.suspectfile.com/systemscan
aprilo ed assicurati che tutte le opzioni siano spuntate, clicca su "Scan Now" al termine della scansione verrà rilasciato in C:\suspectfile un file con estensione .zip (data+ora.zip)
Poi vai su
http://www.easy-share.com/

carica il file (premi sfoglia per individuarlo e poi upload per caricarlo) e nella tua prossima risposta scrivi l'URL per scaricarlo (il primo link che ti sarà fornito).
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi ventodelsud » 02/12/07 16:07

carissimo Luke credo di non avere più il problema di virtumonde, i messaggi pubblicitari non appaiono più e la velocità del pc è ritornata quella di prima.

mi piacerebbe evitare quest'ultima operazione, posso? o è indispensabile ?

comunque grazie per ogni cosa e per ogni tuo intervento sempre provvidenziale ! sei bravissimo.....se non ci fossi bisognerebbe inventarti !!!

un grande grazie a te e a questo splendido forum
ventodelsud
Utente Junior
 
Post: 91
Iscritto il: 26/04/06 09:20

Postdi Luke57 » 02/12/07 16:15

OK ;)
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "VIRTUMONDE (help)":

Virus Virtumonde.....
Autore: Zanzy
Forum: Sicurezza e Privacy
Risposte: 33
virtumonde
Autore: monk
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 80 ospiti