Nid aiuto! ~ Non è possibile rimuovere questo adware / virus!

jomm43point67 · #1 14. Gen 2008, 19:29

Nome: Trojan.Win32.Obfuscated.gx Tipo: Trojan Rischio d'impatto: Estremamente alto Falso avviso di errore di sistema critici

**evilfantasy** · #2 14 Gennaio 2008, 21:18

Permette di ottenere un log HJT.

Scarica e rinominare HijackThis (HJT)

Fare doppio clic su HJTInstall.
Fare clic sul Installare pulsante.
Sarà automaticamente posto in HJT C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Su installare, HijackThis dovrebbe aprire per voi.
- Chiudi HijackThis e rinominarlo.
- Vai alla cartella C: \ Program Files \ Trend Micro \HijackThis.exe
- Fai clic destro su HijackThis.exe e selezionare Rinomina.
- Digitare sniper.exe e premere Inserisci.
- Fare clic col tasto destro su sniper.exe e selezionare Invia a > Desktop (creare il collegamento)
Dal desktop aperto HiackThis.
Se si utilizza Windows Vista, assicurarsi di Esegui come amministratore
Fare clic sul Eseguire una scansione del sistema e salvare un file di log pulsante
HijackThis effettua la scansione e poi si aprirà un log in notepad.
Copiare e incollare il log in tuo post.
- Non HijackThis fissare hanno ancora nulla. La maggior parte di ciò che si ritiene essere innocui o addirittura richiesto.

Anche se abbiamo ribattezzato HijackThis di cecchino, si continua a fare riferimento ad esso, come HijackThis o HJT.

Next post aggiungi
Log HijackThis

jomm43point67 · #3 14 Gennaio 2008, 23:55

Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 2:49:52 PM, il 15/01/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe

R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: Scarica tutto con Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlall.htm
O8 - Extra contesto voce di menu: Scarica selezionati con Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlselected.htm
O8 - Extra contesto voce di menu: Scaricare video con Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra contesto voce di menu: Scarica con Free Download Manager - file: / / C: \ Program Files \ Free Download Manager \ dllink.htm
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: Yahoo! Servizi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe

--
Fine del file - 5867 bytes

**evilfantasy** · #4 15. Gen 2008, 00:47

Il log non mostra alcuna a tutti i malware.

Esegui questo post e poi il log.

Si prega di scaricare da SUBS Combofix da uno dei link qui sotto.
(Prova a tutti e tre, se necessario)

IMPORTANTE - Combofix.exe VA essere salvati sul vostro Desktop.

Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc)
Chiudi / disabilitare tutti gli anti virus e anti malware programmi in modo da non interferire con Combofix. <- IMPORTANTE
- Fare clic su questo link per visualizzare un elenco di programmi che dovrebbero essere disattivati. Se la vostra non è elencato e non sapete come disabilitare questa funzione, ti chiedo.
Fare doppio clic su combofix.exe e segui le istruzioni.
- Da tastiera selezionare 1 e premere Inserisci
Una volta terminato, si produrrà un log per voi.
Post che accedi al tuo prossimo risposta.

Non clic combofix della finestra, mentre è in esecuzione.
La scansione sarà disattivare temporaneamente il tuo desktop.
Se interrotto può lasciare il computer bloccato.
Se ciò si verifica, si prega di riavviare per ripristinare il desktop.

**evilfantasy** · #5 15. Gen 2008, 08:52

Thats non tutto il registro.

Se avete bisogno di andare in C: \ combofix.txt e dopo tutto il registro.

jomm43point67 · #6 15. Gen 2008, 09:47

Citazione:

Originalmente inviato da evilfantasy

Thats non tutto il registro.

Se avete bisogno di andare in C: combofix.txt e dopo l'intero registro.

ComboFix 08-01-15.4 - Jomel 2008-01-15 22:29:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.98 [GMT -8:00]
Running da: C: \ Downloads \ Software \ ComboFix.exe
* Creato un nuovo punto di ripristino
AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!
.
((((((((((((((((((((((((( I file creati dal 2007/12/16 al 2008/01/16 ))))))))))) ))))))))))))))))))))
.
2008-01-15 22:29. 2000-08-31 08:00 51.200 - a ------ C: \ WINDOWS \ NirCmd.exe
2008-01-15 14:46. 2008-01-15 14:46 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-01-15 13:35. 2008-01-15 13:36 <DIR> d -------- C: \ Program Files \ Common Files \ Adobe
2008-01-15 12:08. 2007-10-10 15:55 6.065.664 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll
2008-01-15 12:08. 2007-06-30 19:31 2.455.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dat
2008-01-15 12:08. 2007-06-30 19:36 991.232 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieframe.dll.mui
2008-01-15 12:08. 2007-10-10 15:55 459.264 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeeds.dll
2008-01-15 12:08. 2007-10-10 15:55 383.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieapfltr.dll
2008-01-15 12:08. 2007-10-10 15:55 267.776 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ iertutil.dll
2008-01-15 12:08. 2007-10-10 15:55 63.488 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ icardie.dll
2008-01-15 12:08. 2007-10-10 15:55 52.224 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ msfeedsbs.dll
2008-01-15 12:08. 2007-10-10 02:59 13.824 ----- c --- C: \ WINDOWS \ system32 \ dllcache \ ieudinit.exe
2008-01-15 09:09. 2004-08-03 08:56 221.184 - un ------ C: \ WINDOWS \ system32 \ wmpns.dll
2008-01-15 08:13. 2008-01-15 08:13 <DIR> d -------- C: \ Program Files \ vicino Fraps
2008-01-15 01:15. 2008-01-15 12:49 <DIR> d - h ----- C: \ WINDOWS \ $ $ hf_mig
2008-01-15 01:15. 2006-09-06 17:43 22.752 - a ------ C: \ WINDOWS \ system32 \ spupdsvc.exe
2008-01-15 00:59. 2008-01-15 00:59 <DIR> d -------- C: \ Program Files \ IObit
2008-01-15 00:55. 2008-01-15 00:55 1.167 - un ------ C: \ WINDOWS \ mozver.dat
2008-01-15 00:00. 2008-01-15 00:01 1.074 - un ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-01-14 23:05. 2008-01-14 23:23 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-14 23:04. 2008-01-14 23:04 <DIR> d -------- C: \ Program Files \ Common Files \ Wise Installation Wizard
2008-01-14 22:39. 2008-01-14 23:00 <DIR> d -------- C: \ Program Files \ EsetOnlineScanner
2008-01-14 22:31. 2008-01-14 22:31 <DIR> d -------- C: \ Download
2008-01-13 13:51. 2008-01-13 13:54 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ NCH Swift Sound
2008-01-13 13:51. 2008-01-13 13:52 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ NCH Swift Sound
2008-01-13 13:50. 2008-01-13 17:35 <DIR> d -------- C: \ Program Files \ NCH Swift Sound
2008-01-13 08:30. 2008-01-13 08:30 <DIR> d -------- C: \ Program Files \ HELP
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Program Files \ Free Download Manager
2008-01-13 08:10. 2008-01-15 22:29 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ Free Download Manager
2008-01-13 08:10. 2008-01-13 08:10 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ FreeDownloadManager.ORG
2008-01-12 20:03. 2008-01-12 20:03 <DIR> d -------- C: \ Program Files \ AVI MPEG RM WMV Splitter
2008-01-12 18:38. 2008-01-12 18:39 26 - a ------ C: \ WINDOWS \ system32 \ satsukidecodersettings.ini
2008-01-08 06:45. 2008-01-14 19:34 <DIR> da ------ C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP
2008-01-08 06:44. 2006-05-25 14:52 162.304 - un ------ C: \ WINDOWS \ system32 \ ztvunrar36.dll
2008-01-08 06:44. 2003-02-02 19:06 153.088 - un ------ C: \ WINDOWS \ system32 \ UNRAR3.dll
2008-01-08 06:44. 2005-08-26 00:50 77.312 - a ------ C: \ WINDOWS \ system32 \ ztvunace26.dll
2008-01-08 06:44. 2002-03-06 00:00 75.264 - a ------ C: \ WINDOWS \ system32 \ unacev2.dll
2008-01-08 06:44. 2006-06-19 12:01 69.632 - a ------ C: \ WINDOWS \ system32 \ ztvcabinet.dll
2008-01-07 21:59. 2008-01-07 21:59 <DIR> d --- s ---- C: \ Documents and Settings \ Jomel \ UserData
2008-01-06 20:56. 2004-08-03 23:08 26.496 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ Usbstor.sys
2008-01-05 18:55. 2008-01-05 18:55 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ nView_Profiles
2008-01-05 09:16. 2008-01-05 09:16 <DIR> d -------- C: \ Program Files \ K-Lite Codec Pack
2008-01-04 16:13. 2008-01-04 16:13 <DIR> d -------- C: \ Program Files \ ZillaSoft.ws
2008-01-04 16:13. 2004-02-05 13:53 389.120 - un ------ C: \ WINDOWS \ system32 \ actskn43.ocx
2008-01-04 16:13. 2004-01-09 04:54 188.416 - un ------ C: \ WINDOWS \ system32 \ actsplash.ocx
2008-01-04 16:12. 2005-08-27 02:38 1.435.272 - un ------ C: \ WINDOWS \ system32 \ Flash.ocx
2008-01-04 16:12. 2002-03-04 12:27 1.140.472 - un ------ C: \ WINDOWS \ system32 \ IGUltraGrid20.ocx
2008-01-04 16:12. 2000-05-22 04:00 1.066.176 - un ------ C: \ WINDOWS \ system32 \ mscomctl.ocx
2008-01-04 16:12. 2003-11-19 13:59 512.688 - un ------ C: \ WINDOWS \ system32 \ XceedCry.dll
2008-01-04 16:12. 2001-07-28 12:50 265.753 - un ------ C: \ WINDOWS \ system32 \ AS-Exp2.ocx
2008-01-04 16:12. 2004-03-08 23:00 131.856 - un ------ C: \ WINDOWS \ system32 \ MSADODC.ocx
2008-01-04 16:12. 2000-07-14 23:00 118.784 - un ------ C: \ WINDOWS \ system32 \ msstdfmt.dll
2008-01-04 16:12. 2000-07-15 05:00 101.888 - un ------ C: \ WINDOWS \ system32 \ VB6STKIT.DLL
2008-01-04 16:12. 1999-01-26 19:36 11.012 - a ------ C: \ WINDOWS \ system32 \ threadapi.tlb
2007-12-31 20:24. 2007-12-31 20:24 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ Ahead
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ Yahoo!
2007-12-31 17:07. 2007-12-31 17:07 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Yahoo! Companion
2007-12-30 22:27. 2007-12-30 22:27 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ WebCompiler3
2007-12-30 22:00. 2008-01-15 08:21 49 - a ------ C: \ WINDOWS \ NeroDigital.ini
2007-12-30 21:58. 2007-12-30 21:58 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ FDRLab
2007-12-29 20:21. 2007-12-29 20:21 <DIR> d -------- C: \ WINDOWS \ system32 \ QuickTime
2007-12-29 14:40. 2007-12-29 14:40 <DIR> d -------- C: \ Documents and Settings \ Jomel \ incompleta
2007-12-29 14:39. 2008-01-12 19:10 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ LimeWire
2007-12-29 14:39. 2007-09-24 23:31 69.632 - a ------ C: \ WINDOWS \ system32 \ javacpl.cpl
2007-12-29 14:37. 2007-12-29 14:38 <DIR> d -------- C: \ Program Files \ Java
2007-12-29 14:36. 2007-12-29 14:36 <DIR> d -------- C: \ Program Files \ Common Files \ Java
2007-12-29 11:25. 2008-01-01 20:43 <DIR> d -------- C: \ Program Files \ LimeWire
2007-12-28 23:32. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2007-12-28 23:28. 2007-12-29 20:15 <DIR> d -------- C: \ WINDOWS \ Downloaded Installations
2007-12-28 22:36. 2007-12-28 22:36 <DIR> d -------- C: \ Program Files \ uTorrent
2007-12-28 22:36. 2008-01-14 22:12 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ uTorrent
2007-12-28 22:13. 2007-12-28 22:13 <DIR> d -------- C: \ Program Files \ CCleaner
2007-12-28 19:48. 2007-12-28 19:50 <DIR> d -------- C: \ WINDOWS \ nView
2007-12-28 19:48. 2006-10-22 12:22 208.896 - un ------ C: \ WINDOWS \ system32 \ nvudisp.exe
2007-12-28 19:48. 2008-01-15 21:49 88.566 - a ------ C: \ WINDOWS \ system32 \ nvapps.xml
2007-12-28 19:48. 2006-10-22 12:22 17.056 - a ------ C: \ WINDOWS \ system32 \ nvdisp.nvu
2007-12-28 19:47. 2006-10-22 15:06 208.896 - un ------ C: \ WINDOWS \ system32 \ NVUNINST.EXE
2007-12-28 15:05. 2007-12-28 15:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Yahoo!
2007-12-28 14:55. 2007-12-28 15:03 <DIR> d -------- C: \ Program Files \ Yahoo!
2007-12-28 10:39. 2008-01-14 23:05 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ SUPERAntiSpyware.com
2007-12-28 10:39. 2007-12-28 10:39 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com
2007-12-28 09:13. 2007-12-28 09:13 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ NVIDIA
2007-12-27 21:37. 2008-01-08 11:43 <DIR> d -------- C: \ Program Files \ EA SPORTS
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ Support
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ principale
2007-12-27 21:05. 2007-12-29 21:36 <DIR> d -------- C: \ Program Files \ Macromedia
2007-12-27 21:05. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ IE
2007-12-27 21:03. 2006-09-29 20:42 <DIR> d -------- C: \ Program Files \ DirectX
2007-12-27 19:59. 2008-01-10 22:39 <DIR> d -------- C: \ Documents and Settings \ Jomel \ Dati applicazioni \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Dati applicazioni \ AVG7
2007-12-27 19:58. 2007-12-27 19:58 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Grisoft
2007-12-27 19:58. 2008-01-07 22:53 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ avg7
2007-12-27 19:58. 2007-12-27 19:58 499.712 - un ------ C: \ WINDOWS \ system32 \ msvcp71.dll
2007-12-27 19:58. 2007-12-27 19:58 348.160 - un ------ C: \ WINDOWS \ system32 \ msvcr71.dll
2007-12-27 18:48. 2007-12-27 18:48 <DIR> d -------- C: \ NVIDIA
2007-12-27 18:44. 2004-08-03 23:10 10.880 - a ------ C: \ WINDOWS \ system32 \ drivers \ NdisIP.sys
2007-12-27 18:44. 2004-08-03 23:10 10.880 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ ndisip.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - un ------ C: \ WINDOWS \ system32 \ drivers \ MSTEE.sys
2007-12-27 18:44. 2004-08-03 22:58 5.504 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ mstee.sys
2007-12-27 18:37. 2001-11-22 20:08 712.704 - a - c --- C: \ WINDOWS \ system32 \ dllcache \ a3d.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-15 07:17 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Spybot - Search & Destroy
2007-12-28 01:28 --------- d ----- w C: \ Program Files \ Microsoft FrontPage
2007-12-04 10:33 682.496 ---- aw C: \ WINDOWS \ system32 \ divx.dll
2007-11-30 07:30 3.596.288 ---- aw C: \ WINDOWS \ system32 \ qt-dx331.dll
2007-11-30 07:28 81.920 ---- aw C: \ WINDOWS \ system32 \ dpl100.dll
2007-11-21 18:23 81.920 ---- aw C: \ WINDOWS \ system32 \ frapsvid.dll
2007-11-07 09:26 721.920 ---- aw C: \ WINDOWS \ system32 \ Lsasrv.dll
2007-10-29 22:43 1.287.680 ---- aw C: \ WINDOWS \ system32 \ Quartz.dll
2007-10-28 01:40 227.328 ---- aw C: \ WINDOWS \ system32 \ wmasf.dll
2007-10-22 11:39 267.272 ---- aw C: \ WINDOWS \ system32 \ xactengine2_10.dll
2007-10-22 11:37 17.928 ---- aw C: \ WINDOWS \ system32 \ X3DAudio1_2.dll
2007-10-17 17:23 10.752 ---- aw C: \ WINDOWS \ system32 \ WhoisCL.exe
2001-11-23 04:08 712.704 ---- ar C: \ WINDOWS \ inf \ ALTRI \ AUDIO3D.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004-10-13 08:24 1694208]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-03 08:56 15360]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2004-07-07 17:28 155648]
"Cmaudio" = "cmicnfg.cpl" []
"AVG7_CC" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2007-12-27 19:58 579072]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz" = "nwiz.exe" [2006-10-22 12:22 1622016 C: \ WINDOWS \ system32 \ nwiz.exe]
"NvMediaCenter" = "C: \ WINDOWS \ system32 \ NvMcTray. Dll" [2006-10-22 12:22 86016]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2007-12-27 19:58 219136]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Policies \ Explorer]
"NoResolveSearch" = 1 (0x1)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
R2 SetupNT; SetupNT; C: \ WINDOWS \ system32 \ SetupNT.sys [2000-10-25 04:27]
* * Servizio di nuova costituzione - PROCEXP90
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 22:31:35
5/1/2600 Windows Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
scansione di file nascosti ...
scansione completata con successo
i file nascosti: 0
************************************************** ************************
.
Completamento orario: 2008-01-15 22:32:38
.
2008-01-15 20:49:48 --- EOF ---

**evilfantasy** · #7 15 Gennaio 2008, 10:12

Per prima cosa vai a questo tutorial e installare la console di ripristino di emergenza.

----------

Scaricare FixIEDef da ShadowPuterDude sul desktop.
Fare doppio clic su FixIEDef.exe
- se si esegue Vista, fare clic su OK sulla FixIEDef è in esecuzione come amministratore popup

AVVERTENZA: FixIEDef uccidere tutte le copie del Internet Explorer e Explorer che sono in esecuzione, durante la rimozione del file "maligno". Le icone e menu di avvio sul desktop non sarà visibile mentre FixIEDef è eliminare i file "maligno". Ciò è necessario per rimuovere le parti di infezione che altrimenti non possono essere rimosse.

FixIEDef tornerà tutto alla normalità, quando ha finito il processo di rimozione.

Fare clic sul pulsante Esci una volta FixIEDef visualizza il messaggio Finito tutto.
Collegare il FixIEDef.log per il tuo prossimo messaggio. Il registro sarà sul tuo desktop.

----------

Esegui una nuova scansione HijackThis e postare il log.

----------

Next post aggiungi
Accedi FixIEDef
Nuovo log HijackThis

jomm43point67 · #8 15 Gennaio 2008, 17:21

************************************************** ******************************
* *
Entra FixIEDef * *
* * Versione 1.0.0.875
* *
************************************************** ******************************
Creato a 08:12:02 su Mercoledì, 16 gennaio 2008
Sistema Operativo: Windows XP
Service Pack Level: Service Pack 2
Sistema langauge: Inglese
Processore: X86
-------------------------------------------------- ------------------------------
! I file che sono stati eliminati!
N. dannosi file trovati
-------------------------------------------------- ------------------------------
! Elenchi che sono stati rimossi!
N. dannosi directory per essere rimosso
-------------------------------------------------- ------------------------------
! Voci del Registro di sistema che sono stati rimossi!
HKEY_CLASSES_ROOT \ toprates.Video
HKEY_CLASSES_ROOT \ AppID \ toprates.dll
HKEY_CLASSES_ROOT \ AppID \ (038F228B-EED3-4A87-A565-F88FC99EBA91)
HKEY_CLASSES_ROOT \ Interface \ (48D78BE5-CFB9-4B66-9AC4-96D4CF21DE06)
HKEY_CLASSES_ROOT \ TypeLib \ (74D46BBA-5638-473a-83B6-97E7804A7411)
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ DateTime
================================================== ==============================
Tutti Fatto:)
ShadowPuterDude
Navigare in tutta sicurezza!




Logfile di Trend Micro HijackThis v2.0.2
Scan salvato a 8:13:36 AM, il 16/01/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
C: \ WINDOWS \ system32 \ nvsvc32.exe
C: \ WINDOWS \ Explorer.EXE
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ PROGRA ~ 1 \ FREEDO ~ 1 \ fdm.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ sniper.exe
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: & Yahoo! Toolbar Helper - (02478D38-C3F9-4efb-9B51-7695ECA05670) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O2 - BHO: FDMIECookiesBHO Class - (CC59E0F9-7E43-44FA-9FAA-8377850BF205) - C: \ Program Files \ Free Download Manager \ iefdm2.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ PROGRA ~ 1 \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [Cmaudio] Rundll32 cmicnfg.cpl, CMICtrlWnd
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [nwiz] nwiz.exe / install
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ WINDOWS \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SERVIZIO LOCALE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'NETWORK SERVICE')
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AVG7_Run] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe / RunOnce (User 'Default user')
O8 - Extra contesto voce di menu: Scarica tutto con Free Download Manager -- file: / / C: \ Programmi Files \ Free Download Manager \ dlall.htm
O8 - Extra contesto voce di menu: Scarica selezionati con Free Download Manager -- file: / / C: \ Programmi Files \ Free Download Manager \ dlselected.htm
O8 - Extra contesto voce di menu: Scaricare video con Free Download Manager -- file: / / C: \ Programmi Files \ Free Download Manager \ dlfvideo.htm
O8 - Extra contesto voce di menu: Scarica con Free Download Manager -- file: / / C: \ Programmi Files \ Free Download Manager \ dllink.htm
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: Yahoo! Servizi - (5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897) - C: \ Program Files \ Yahoo! \ Common \ yiesrvc.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (56762DEC-6B0D-4AB4-A8AD-989993B5D08B) (OnlineScanner Control) -- http://www.eset.eu/buxus/docs/OnlineScanner.cab
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgemc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ WINDOWS \ system32 \ nvsvc32.exe
--
Fine del file - 5838 bytes

**evilfantasy** · #9 15 Gennaio 2008, 17:32

Java è di lasciare la vostra data di sistema vulnerabile.
Vecchie versioni di Java sono vulnerabilità che il malware può essere utilizzato per infettare il sistema.

Vai>> http://java.sun.com/javase/downloads/index.jsp
Il Sun Java scorrere fino alla pagina di download 4. Java Runtime Environment (JRE) 6 Update 4 per installare la nuova versione.
Avanti andare ad aggiungere / rimuovere i programmi e rimuovere tutte le versioni precedenti.
Non disinstallare Java (JRE) 6 Update 4.
Poi vai in C: \ Program Files \Java e cancellare il vecchio cartelle.
Assicurarsi di mantenere jre1.6.0_04

Il registro guarda bene ora.

Come è il computer ora?

jomm43point67 · #10 15 Gennaio 2008, 23:16

wow! finalmente! smantellati i 4-adware trojan!

Un grande grazie a voi signore!
di potenza in più!

questo sito è così cool! _m /

Threads simili
Filo	Thread Starter	Forum	Risposte	Ultimo Post
In grado di rimuovere virus	avz10	Virus, Spyware e sicurezza	1	15 ottobre 2009 09:09
Virus Iexplore.exe Please Help Me Rimuovi	dmx434343	Virus, Spyware e sicurezza	9	1 mar 2009 12:19
Adware.NetPumper - Spyware / Malware / Virus?	hopthwoks	Virus, Spyware e sicurezza	2	9 Feb 2009 20:37
AVG cant rimuovere virus	TomIsFat	Virus, Spyware e sicurezza	6	30 dic 2007 16:11

Thread Tools
Visualizza Versione stampabile Invia questa pagina