Hit da XP Antivirus 2008

**RB211** · #1 5a luglio 2008, 08:54

Ciao ragazzi .. ho appena aperto una e-mail e mi ha colpito con un Antivirus XP 2008 virus. Cant sbarazzarsi di esso. Qualsiasi aiuto molto apprezzato ..

**evilfantasy** · #2 5a luglio 2008, 09:13

Inizio QUI

Posta i log quando completo.

**RB211** · #3 5a luglio 2008, 09:34

Sorry mate I dont capire .. cosa vuoi che io faccia con tutto?

**Hybr! D** · #4 5a luglio 2008, 09:44

Prendetevi il tempo per leggerlo e poi eseguire il software e dopo il file di log in modo che possiamo vedere che cosa sta succedendo con il PC.

**RB211** · #5 5a luglio 2008, 11:59

Heres il log:

SUPERAntiSpyware Scan Entra
http://www.superantispyware.com
Generata 07/05/2008 alle 05:20 PM
Applicazione Versione: 4/15/1000
Core Regole Database Version: 3497
Trace Regole Database Version: 1488
Tipo di scansione: Quick Scan
Totale Scan Time: 00:10:14
Memoria oggetti scanditi: 268
Memoria minacce rilevate: 1
Registro di oggetti a scansione: 407
Registro di minacce rilevate: 26
File oggetti scanditi: 6977
File minacce rilevate: 175
Rogue.AntiVirus XP 2008
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Program Files \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008 \ Antivirus XP 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008 \ Come Registrati XP Antivirus 2008.lnk
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008 \ License Agreement.lnk
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008 \ Antivirus XP 2008.lnk Registrati
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008 \ Uninstall.lnk
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Antivirus XP 2008
C: \ AA \ RHCPV6J0EREL \ RHCPV6J0EREL.EXE
Rogue.Dropper / Gen
[lphctv6j0erel] C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
C: \ WINDOWS \ SYSTEM32 \ LPHCTV6J0EREL.EXE
Adware.Tracking Cookie
C: \ Documents and Settings \ Danny \ cookies \ danny @ sys-servizio [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ burstnet [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@media.adrevolver [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ Clickbank [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ advertpro [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@e-2dj6wjnywnc5eeo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@adserver.mediarun [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 192 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adviva [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ehg-mgnlimited.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ sex-video [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@stat.onestat [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adrevenue [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.videhost [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.pugetsoundsoftwar e [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ @ danny pubblicità [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ doppio [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@www.burstnet [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@tracking.summitmedia. co [1]. txt
C: \ Documents and Settings \ Danny \ cookies \ danny@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ tacoda [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ s [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ kontera [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@data.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ questionmarket [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ roiservice [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adbrite [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@counter.hitslink [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@adserving.muppetism [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ cgi-bin [4]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@vhost.oddcast [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@rotator.adjuggler [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@s1.trafficmaxx [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@www.stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.ookla [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ neocounter2 [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ad1.doublepimp [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@te.kontera [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 9167811 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ AdRevolver [3]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ indextools [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ sexyandshocking [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ yadro [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@w00tpublishers.wootme giorno [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@dynamic.media.adrevol ver [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@e-2dj6wfkokkcjcao.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ Zedo [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adecn [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@mobilefun.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@m1.webstats.motigo [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ AdRevolver [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 1068755026 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ specificclick [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ firstchoice [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 2o7 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ TradeDoubler [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.techguy [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adultadworld [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ehg-bestbuy.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ firstchoice [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ehg-twi.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ revsci [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@statse.webtrendslive [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@exchange.ggmedia [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ adlegend [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ cgi-bin [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@shopping.112.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ehg-iwantoneofthose.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.digitalrock.co [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 63701567 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ overture [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ad1.clickhype [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ uno [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ bluestreak [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ statcounter [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ atdmt [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ads.pubmatic [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 247realmedia [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@avgtechnologies.112.2 o7 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ Bravenet [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@heavycom.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@stat.dealtime [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@server.iad.liveperson [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ fastclick [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ treppiede [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ Adtech [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ rafforzare [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@ehg-systemax.hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ stilemedia [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ gostats [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@network-ca.247realmedia [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ AdRotator [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ 1048893890 [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ cgi-bin [3]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@www.clash-media [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny @ indexstats [2]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@test.coremetrics [1]. Txt
C: \ Documents and Settings \ Danny \ cookies \ danny@eas.apm.emediate [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Adtech [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ehg-iwantoneofthose.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@ad.yieldmanager [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@metacafe.122.2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@stat.onestat [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter4.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ doppio [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atdmt [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@as1.falkag [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@hg1.hitbox [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@c1.zedo [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter13.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@counter15.sextracker [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ hitbox [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ AdRevolver [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ AdRevolver [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ Zedo [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ targetnet [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny@adopt.hbmediapro [2]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ 2o7 [1]. Txt
C: \ Documents and Settings \ Danny \ Local Settings \ Temp \ Cookies \ danny @ atwola [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@stats.searchtrack [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ atdmt [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ quindici [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@www.fifteen [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflisidjkko.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Adtech [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@marksandspencer.122 ,2 o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ AdRevolver [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@perf.overture [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ WindowsMedia [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ statcounter [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ conti [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@e-2dj6wflyckcjabo.stats.esomniture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-debenhams.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@paypal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@tracker.roitesting [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Bravenet [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@adopt.euroclick [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indexstats [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@data4.perf.overture [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@bs.serving-sys [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ revsci [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ Mediaplex [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@etype.adbureau [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@112.2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ehg-bskyb.hitbox [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@ads.telegraph.co [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie@statse.webtrendsliv e [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ questionmarket [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ sys-servizio [1]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ TradeDoubler [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ indextools [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ rozzie @ 2o7 [2]. Txt
C: \ Documents and Settings \ Rozzie \ Cookies \ @ rozzie pubblicità [2]. Txt
Rogue.AntiSpywareExpert
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC # NextInstance
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Service
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Legacy
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ConfigFlags
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # Class
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # ClassGUID
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 # DeviceDesc
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control
HKLM \ SYSTEM \ CurrentControlSet \ Enum \ Root \ LEGACY_CBE VTSVC \ 0000 \ Control # ActiveService
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ty pe
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # St arte
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Er rorControl
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Im agePath
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Di splayName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Ob jectName
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc # Op. t
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ Se sicurezza
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ # Se la sicurezza di sicurezza
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En un
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En un # 0
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En un conte #
HKLM \ SYSTEM \ CurrentControlSet \ Services \ CbEvtSvc \ En un NextInstance #
NotHarmful.Sysinternals BLUESCREEN Screen Saver
C: \ WINDOWS \ SYSTEM32 \ BLPHCTV6J0EREL.SCR
Trojan.Unclassified / CBEvtSvc
C: \ WINDOWS \ SYSTEM32 \ CBEVTSVC.EXE
C: \ WINDOWS \ prefetch \ CBEVTSVC.EXE-2F4C36CD.pf
Trojan.Unknown di origine
C: \ WINDOWS \ SYSTEM32 \ PHCTV6J0EREL.BMP

Malwarebytes' Anti-Malware 1,19
Database versione: 924
5/1/2600 Windows Service Pack 3
19:22:42 05/07/2008
mbam-log-7-5-2008 (19-22-42). txt
Tipo di scansione: Scansione completa (C: \ | D: \ | E: \ |)
Oggetti scandita: 113635
Tempo trascorso: 42 minuti (s), 4 secondi (s)
Processi di memoria infetti: 0
Moduli di memoria infetti: 0
Chiavi di registro infetti: 1
Valori del registro infetti: 0
I dati del Registro di oggetti infetti: 2
Cartelle infette: 0
File infetti: 4
Processi di memoria infetti:
(N. oggetti dannosi individuati)
Moduli di memoria infetti:
(N. oggetti dannosi individuati)
Chiavi di registro infette:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Software Notifier (Rogue.Multiple) -> quarantena ed eliminato con successo.
Valori del registro infetti:
(N. oggetti dannosi individuati)
I dati del Registro di oggetti infetti:
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> quarantena ed eliminato con successo.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Policies \ System \ NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> quarantena ed eliminato con successo.
Cartelle infette:
(N. oggetti dannosi individuati)
I file infetti:
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000029.exe (Trojan.Downloader) -> quarantena ed eliminato con successo.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP2 \ A0000047.dll (Rogue.AntivirusXP2008) -> quarantena ed eliminato con successo.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000262.exe (Trojan.Downloader) -> quarantena ed eliminato con successo.
C: \ System Volume Information \ (_Restore CB12E2D1-8CFA-4FCC-A08D-7A3A985B54E4) \ RP4 \ A0000485.dll (Rogue.AntivirusXP2008) -> quarantena ed eliminato con successo.

JavaRa 1,08 rimozione Log.Report segue dopo la linea .------------------------------------ Il processo di rimozione JavaRa è stata avviata il sabato lug 05 19:49:54 2008
Trovato e rimosso: C: \ Program Files \ Java \ jre1.6.0_05Found e rimossi: SOFTWARE \ JavaSoft \ Java Runtime Environment \ 1.4Found e rimossi: SOFTWARE \ Classes \ JavaWebStart.isInstalled.1.5.0.0F ound e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_02Found e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_04Found e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_06Found e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_09Found e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_10Found e rimossi: Software \ JavaSoft \ Java2D \ 1.5.0_11Found e rimossi: SOFTWARE \ Classes \ JavaPlugin.150_02Found e rimossi: SOFTWARE \ Classes \ JavaPlugin.150_04Found e rimossi: SOFTWARE \ Classes \ JavaPlugin.150_06Found e rimossi: SOFTWARE \ Classes \ JavaPlugin.150_09Found e rimossi: SOFTWARE \ Classes \ JavaPlugin.150_10--------------------------------- --- Finito di segnalazione.

Grazie ragazzi

**evilfantasy** · #6 5a luglio 2008, 12:01

Serve il log HijackThis ora.

**RB211** · #7 5a luglio 2008, 12:25

Oops dispiace. Eccolo:

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato in 20:24:21, a 05/07/2008
Piattaforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Programmi \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Programmi \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Uniti Avvisi \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearch.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file mancanti)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file mancanti)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Programmi \ SPAMfighter \ SFAgent.exe" aggiornamento ritardo 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Unito Avvisi] C: \ Program Files \ Uniti Avvisi \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra contesto voce di menu: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra contesto voce di menu: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / search.html
O8 - Extra contesto voce di menu: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll / search.htm
O8 - Extra menu contestuale voce: Link a ritroso - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra contesto voce di menu: Versione cache della pagina - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra contesto voce di menu: Apri in una nuova scheda di fondo - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra contesto voce di menu: Apri in una nuova scheda piano - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra contesto voce di menu: Pagine simili - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra contesto voce di menu: Traduci in italiano - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra pulsante: Medion-Regno Unito - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
Ø16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
Ø16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
Ø16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
Ø16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
Ø16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
Ø16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Programmi \ SPAMfighter \ sfus.exe
--
Fine del file - 10438 bytes

**evilfantasy** · #8 5a luglio 2008, 12:32

Ancora un po 'di lavoro da fare.

Scaricare SDFix.exe e salvarlo sul desktop.

Fare doppio clic SDFix.exe e si estrarre i file in% systemdrive%
(Unità che contiene la directory di Windows, di solito C: \ SDFix)

Ora riavviare il computer in Safe Mode facendo quanto segue:

Riavviare il computer
Dopo aver sentito il computer una volta durante il segnale acustico di avvio, ma prima di Windows viene visualizzata l'icona, toccare il tasto F8 continuamente;
Invece di caricamento di Windows, come normale, il menu Opzioni avanzate dovrebbe apparire;
Selezionare la prima opzione, per l'esecuzione di Windows in modalità provvisoria, quindi premere Inserisci.
Scegli il tuo conto abituale.
Apri la cartella SDFix estratti e fare doppio clic RunThis.bat per avviare lo script.
Tipo + + digitare Y per avviare il processo di pulizia.
Essa consente di eliminare ogni Servizi di Troia e le voci di registro che si trova quindi richiesto di premere un tasto qualsiasi per riavviare il sistema.
Premere un tasto qualsiasi e si riavvia il PC.
Quando il PC si riavvia il Fixtool sarà nuovamente e completare il processo di rimozione, quindi, Finito, Premere un tasto qualsiasi per terminare lo script e caricare le icone sul desktop.
Una volta che il desktop icone caricare il SDFix relazione si aprirà sullo schermo e salvare nella cartella SDFix Report.txt
(Report.txt anche essere copiati negli Appunti).
Infine, copia e incolla il contenuto del file di risultati Report.txt con un nuovo Log HijackThis nella prossima risposta.

SDFix Se non funziona o si dà errori, segui il link per le istruzioni sulla gestione SDFix. Come usare SDFix

----------

Next post aggiungere
SDFix Accedi
UN NUOVO log HijackThis

**RB211** · #9 5a luglio 2008, 13:34

OK Next log

SDFix: Version 1,201
Gestito da Danny su 05/07/2008 alle 21:08
Microsoft Windows XP [Versione 5/1/2600]
Running From: C: \ Canzoni \ SDFix
Verifica Servizi :

Ripristino dei valori di default di sicurezza
Ripristino di file Hosts predefinito
Riavvio

Verifica File :
N. Trojan Files Found

Rimozione di file temporanei
ADS Check :

Verifica finale :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-05 21:21:39
5/1/2600 Windows Service Pack 3 NTFS
scansione processi nascosti ...
la scansione del sistema e nascosto servizi alveare ...
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Accenture es \ BTHPORT \ Parameters \ Keys \ 000c55050b1d]
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet003 \ Services \ B THPORT \ Parameters \ Keys \ 000c55050b1d]
voci di registro nascosti scansione ...
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Prefetcher]
"TracesProcessed" = dword: 000000aa
"TracesSuccessful" = dword: 00000005
scansione di file nascosti ...
scansione completata con successo
processi nascosti: 0
hidden services: 0
i file nascosti: 0

Rimanendo Servizi :

Autorizzato Application Key Export:
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ profilo standard \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InoRpc.exe: *: Enabled: eTrust Antivirus - Server RPC "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ InocIT.exe: *: Enabled: eTrust Antivirus - Locale Scanner "
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Realmon.exe: *: Enabled: eTrust Antivirus - monitorare in tempo reale "
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" = "C: \ Program Files \ \ Messenger \ \ msmsgs.exe: *: Enabled: Windows Messenger"
"C: \ Program Files \ \ Uniti Avvisi \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Uniti Avvisi \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ ICQ \ \ Icq.exe" = "C: \ Program Files \ \ ICQ \ \ Icq.exe: *: Enabled: ICQ"
"C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe" = "C: \ Program Files \ \ CA \ eTrust Antivirus \ \ Shellscn.exe: *: Enabled: Shellscn"
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" = "C: \ Program Files \ \ iTunes \ \ iTunes.exe: *: Enabled: iTunes"
"C: \ \ StubInstaller.exe" = "C: \ \ StubInstaller.exe: *: E nabled: LimeWire sciamato installatore"
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" = "C: \ Program Files \ \ LimeWire \ \ LimeWire.exe: *: Enabled: LimeWire"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe" = "C: \ Program Files \ \ BitTorrent_DNA \ \ dna.exe: *: Enabled: BitTorren t DNA"
"C: \ Program Files \ \ DNA \ \ btdna.exe" = "C: \ Program Files \ \ DNA \ \ btdna.exe: *: Enabled: DNA"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servizi es \ sharedaccess \ parameters \ firewallpolicy \ domainpr ofilo \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ sistema m32 \ \ sessmgr.exe: *: Enabled: @ Xpsp2res.dll, -22019"
"C: \ Program Files \ \ Uniti Avvisi \ \ UnitedAlerts.exe" = "C: \ Program Files \ \ Uniti Avvisi \ \ UnitedAlerts.exe"
"C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe" = "C: \ Program Files \ \ MSN Messenger \ \ msnmsgr.exe: *: Enabled: MSN Messenger 7.5"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Enabled: @ xpsp3res.dll, -20000"
File rimanenti :

I file con gli attributi Nascosto :
Mercoledì 26 gennaio 2005 4.704 A.SH. --- "C: \ WINDOWS \ system32 \ KGyGaAvL.sys"
Mercoledì 13 luglio 2005 4.348 .. SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Sabato 5 luglio 2008 0 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ Cache \ Indiv01.tmp"
Lunedì 13 giugno 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar15.tmp"
Lunedì 13 giugno 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ Mar9.tmp"
Lunedì 13 giugno 2005 7.420 A.. H. --- "C: \ Documents and Settings \ Rozzie \ Local Settings \ Temp \ MarA.tmp"
Sabato 5 luglio 2008 96 A.. H. --- "C: \ Documents and Settings \ All Users \ Dati applicazioni \ avg8 (2) \ scanlogs \ srmcheck.tmp"
Mercoledì 13 luglio 2005 4.348 ... H. --- "C: \ Documents and Settings \ Danny \ Documenti \ Musica \ Backup licenza \ drmv1key.bak"
Mercoledì 25 gennaio 2006 20 A.. H. --- "C: \ Documents and Settings \ Danny \ Documenti \ Musica \ Backup licenza \ drmv1lic.bak"
Mercoledì 13 luglio 2005 312 A.SH. --- "C: \ Documents and Settings \ Danny \ Documenti \ Musica \ Backup licenza \ drmv2key.bak"
Finito!

e

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato in 21:33:52, a 05/07/2008
Piattaforma: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
C: \ Programmi \ SPAMfighter \ sfus.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ AGRSMMSG.exe
C: \ WINDOWS \ System32 \ OSD.EXE
C: \ WINDOWS \ system32 \ SB.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe
C: \ Program Files \ QuickTime \ qttask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Programmi \ SPAMfighter \ SFAgent.exe
C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Uniti Avvisi \ UnitedAlerts.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ DNA \ btdna.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ sistray.exe
C: \ WINDOWS \ system32 \ msiexec.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearch.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearchIndexer.exe
C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearchFilter.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://news.bbc.co.uk/sport1/hi/football/default.stm
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.toysrus.co.uk/
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://www.toysrus.co.uk/
R3 - URLSearchHook: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file mancanti)
O2 - BHO: AcroIEHlprObj Class - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Adobe \ Acrobat 6.0 \ Reader \ ActiveX \ AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin per Internet Explorer - (3049C3E9-B461-4BC5-8870-4C09146192CA) - C: \ Program Files \ Real \ RealPlayer \ rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ Programmi \ Google \ googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.0.1225.9868 \ s wg.dll
O2 - BHO: MSN Search Toolbar Helper - (BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll
O3 - Toolbar: ICQ Toolbar - (855F3B16-6D32-4fe6-8A56-BBB695989046) - C: \ Program Files \ ICQToolbar \ toolbaru.dll (file mancanti)
O3 - Toolbar: MSN Search Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ Programmi \ Google \ googletoolbar3.dll
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [OSD]% SystemRoot% \ System32 \ OSD.EXE
O4 - HKLM \ .. \ Run: [SB] C: \ WINDOWS \ system32 \ SB.exe
O4 - HKLM \ .. \ Run: [SynTPLpr] C: \ Program Files \ Synaptics \ SynTP \ SynTPLpr.exe
O4 - HKLM \ .. \ Run: [SynTPEnh] C: \ Program Files \ Synaptics \ SynTP \ SynTPEnh.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Realtime Monitor] C: \ PROGRA ~ 1 \ CA \ eTrust ~ 1 \ realmon.exe-s
O4 - HKLM \ .. \ Run: [UserFaultCheck]% systemroot% \ system32 \ dumprep 0-u
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SiSPower] Rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [mmtask] "C: \ Program Files \ MUSICMATCH \ MUSICMATCH Jukebox \ mmtask.exe"
O4 - HKLM \ .. \ Run: [SPAMfighter Agent] "C: \ Programmi \ SPAMfighter \ SFAgent.exe" aggiornamento ritardo 60
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,, BluetoothAuthenticationAgent
O4 - HKLM \ .. \ Run: [SMrhcpv6j0erel] C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ jusched.exe"
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [Unito Avvisi] C: \ Program Files \ Uniti Avvisi \ UnitedAlerts.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [BitTorrent DNA] "C: \ Program Files \ DNA \ btdna.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C: \ WINDOWS \ system32 \ sistray.exe
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ MSN Toolbar Suite \ DS \ 02.05.0001.1119 \ it-it \ bin \ WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O8 - Extra contesto voce di menu: & Google Search - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsearch.html
O8 - Extra contesto voce di menu: & ICQ Toolbar Search - res: / / C: \ Program Files \ ICQToolbar \ toolbaru.dll / search.html
O8 - Extra contesto voce di menu: & MSN Search - res: / / C: \ Program Files \ MSN Toolbar Suite \ TB \ 02.05.0000.1082 \ it-it \ msntb.dll / search.htm
O8 - Extra menu contestuale voce: Link a ritroso - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra contesto voce di menu: Versione cache della pagina - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmcache.html
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 3 \ Office10 \ EXCEL.EXE/3000
O8 - Extra contesto voce di menu: Apri in una nuova scheda di fondo - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/229? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra contesto voce di menu: Apri in una nuova scheda piano - res: / / C: \ Program Files \ MSN Toolbar Suite \ TAB \ 02.05.0001.1119 \ en-gb \ msntabres.dll/230? 4f61d6b2c8414b81896dc6b3a393b615
O8 - Extra contesto voce di menu: Pagine simili - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmsimilar.html
O8 - Extra contesto voce di menu: Traduci in italiano - res: / / C: \ Program Files \ Google \ GoogleToolbar1.dll/cmtrans.html
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_06 \ bin \ ssv.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra pulsante: Medion-Regno Unito - (CE67CBC2-5CCB-4FC4-BA83-51AE4878170C) -- http://www.medion.co.uk (file missing) (HKCU)
Ø16 - DPF: RaptisoftGameLoader -- http://www.miniclip.com/hamsterball/...gameloader.cab
Ø16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?Link...04&clcid=0x409
Ø16 - DPF: (1803B9EF-9905-4F34-AFC4-05D1BAB28801) (RegUserCfgUI Class) -- http://us.dl1.yimg.com/download.yaho...1/yregucfg.cab
Ø16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1106745510172
Ø16 - DPF: (6E32070A-766D-4EE6-879c-DC1FA91D2FC3) (MUWebControl Class) -- http://www.update.microsoft.com/micr...?1215253028000
Ø16 - DPF: (B38870E4-7ECB-40DA-8C6A-595F0A5519FF) (MsnMessengerSetupDownloadControl Class) -- http://messenger.msn.com/download/Ms...Downloader.cab
Ø16 - DPF: (BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B) (Zylom Games Player) -- http://game07.zylom.com/activex/zylomgamesplayer.cab
Ø16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C: \ Program Files \ CA \ eTrust Antivirus \ InoTask.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C: \ Programmi \ SPAMfighter \ sfus.exe
--
Fine del file - 10422 bytes

**evilfantasy** · #10 5a luglio 2008, 13:38

Ho bisogno di avere più informazioni su un paio di file. Posta i link qui a quando i risultati completi.

Scan Suspicious File (s)

Visita Virustotal
(Se più di un file a scansione esigenze devono essere svolto separatamente e log inviati per ognuno)

Copia il percorso del file nella casella sottostante Codice:

Codice:

C: \ Program Files \ rhcpv6j0erel \ rhcpv6j0erel.exe

Al caricamento del sito, fare clic una volta all'interno della finestra accanto a Sfoglia.
Stampa Ctrl + V sulla tastiera (sia allo stesso tempo) per incollare il percorso del file nella finestra.
Fare clic su Avanti Invio File
- Il file potrebbe essere entrato in una coda che di solito richiede meno di un minuto per cancellare.
Ciò eseguire una scansione su più diversi motori di scansione antivirus.
Importante: Attendere che tutti i motori di scansione per essere completato.
Copia e Incolla il collegamento con i risultati nella prossima risposta.

Ora fare lo stesso con questo file.

Codice:

C: \ Program Files \ Uniti Avvisi \ UnitedAlerts.exe

Threads simili
Filo	Thread Starter	Forum	Risposte	Ultimo Post
Kaspersky Antivirus 2009, Eset NOD32 Antivirus, McAfee VirusScan Enterprise	runoades	Virus, Spyware e sicurezza	2	3 dic 2008 13:54
AntiVirus XP 2008!	ParsleyAigh	Virus, Spyware e sicurezza	53	2008 Sep 3. 16:28
WinPatrol 2008	evilfantasy	Virus, Spyware e sicurezza	0	25 apr 2008 16:03
Wooohhhhhooooooooo !!!!!!!!!!! 2008 !!!!!!!!	cheesewheels99	Off Topic Discussione	4	7 gen 2008 07:52
Miglior Antivirus	Vlad	Virus, Spyware e sicurezza	29	10 Ott 2007 12:47

Thread Tools
Visualizza Versione stampabile Invia questa pagina