virus variante win32/adware.agent

[fox18]

ciao a tutti
appena avvio il pc, NOD32 mi rileva un virus e non riesco a cancallarlo.
Esce scritto su NOD32:
FILE:
C:\WINDOWS\system32\xxyxutt.dll
VIRUS:
probabilmente una variante di Win32/Adware.Agent applicazione
COMMENTO:
questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Evento occorso durante il tentativo di accesso al file da parte di un'applicazione: C:\WINDOWS\Explorer.EXE
Purtroppo non si cancella, cosa posso fare?

[Bugs Bunny]

log di hijackthis

[fox18]

come si fa?

[Gle89]

Quote:

Originariamente inviato da fox18

come si fa?

scarica HiJackThis dalla mia firma (qua sotto) mettilo in una cartella sul desktop o in programmi. Aprilo e premi la prima opzione "do a system scan and save log" aspetta che ti dia il file .txt (blocco note) e copia e incolla INTERAMENTE qui.

[Chill-Out]

Scarica HijackThis da qui: http://www.trendsecure.com/portal/en...HiJackThis.zip
decomprimi il file compresso, lancia l'eseguibile, clicca su Do a sytem scan and save log file, copia e incolla qui il contenuto del file di testo generato.

[fox18]

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.18.59, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8156A70A-E462-4170-9BB1-00B41DE7B851} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ysylgnyl.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\xxyxutt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CS2\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91
O20 - Winlogon Notify: xxyxutt - C:\WINDOWS\SYSTEM32\xxyxutt.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6634 bytes

[juninho85]

Quote:

Originariamente inviato da fox18

O2 - BHO: (no name) - {8156A70A-E462-4170-9BB1-00B41DE7B851} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ysylgnyl.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\xxyxutt.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow
O20 - Winlogon Notify: xxyxutt - C:\WINDOWS\SYSTEM32\xxyxutt.dll

se potresti zippare questi file e inviarmeli via mail te ne sarei molto grato

fatto questo ora puoi anch e fixarli con hijackthis

[Gle89]

Adesso, se lo hai attivo, disabilita il ripristino di configurazione di sistema (start – programmi – accessori – utilità di sistema – ripristino di configurazione di sistema).
Ora apri di nuovo HiJackThis con la seconda opzione “do a system scan” e seleziona le voci che ti riporterò qui sotto, mettendo il segno di spunta verde alla sinistra di ogni voce. Alla fine premi “Fix Checked”in fondo e dai la conferma. Chiudi pure HiJackThis.

Ecco le voci da fissare:

Quote:

O2 - BHO: (no name) - {8156A70A-E462-4170-9BB1-00B41DE7B851} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ysylgnyl.dll
O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\xxyxutt.dll
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow
O20 - Winlogon Notify: xxyxutt - C:\WINDOWS\SYSTEM32\xxyxutt.dll

Ora devi cercare in C:\WINDOWS\system32\xirwmeex.dll",sitypnow questa voce e cancellarla. (prima però passala a juihno)


ora usa ESET AGVPFIX: clicca qui per il download
Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua, rimuove e eventuali Win32/Agent.VP trojan

poi fai pulizia con CCLEANER: clicca qui per il download
una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su:
● Impostazioni, e spunta la voce Cancellazione sicura (lenta)
poi su:
● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore
● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate
● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione
● sempre nel menu a sinistra, clicca sulla voce Problemi, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui

Alla fine usa la versione NUOVA di HJT scaricandola dalla mia firma e posta un nuovo log

[Chill-Out]

Dopo fai girare questi tool
1 http://www.atribune.org/public-beta/VundoFix.exe
lancialo metti la spunta su "Run VundoFix as a task" ti darà un messaggio che vundofix si chiuderà e riaprirà in un minuto o meno, quando il programma si riaprirà clicca OK clicca su "Scan for Vundo" quando ha finito di fare la scansione clicca su "Remove vundo" clicca YES alla domanda se vuoi rimuovere i files,quindi inizierà a rimuovere le dll del vundo ,quando ha finito ti dirà che dovrà riavviare il pc clicca OK, posta il log che troverai in C:\vundofix.txt....
2 http://securityresponse.symantec.com...r/FixVundo.exe
3 http://secured2k.home.comcast.net/to...undoBeGone.exe da modalità provvisoria F8

[juninho85]

esatto...forse senza tanti ravanamenti è meglio eseguire il vundofix senza passare per hijackthis

[Gle89]

Quote:

Originariamente inviato da juninho85

esatto...forse senza tanti ravanamenti è meglio eseguire il vundofix senza passare per hijackthis

col calma gli avrei fatto fare anche vundofix, il pc è bene tenerlo pulito

[Chill-Out]

Poi sempre con calma, quindi dopo aver laciato i tool per rimuovere Vundo fai girare questo:
ELISTARTA TOOL
http://www.zonavirus.com/datos/desca...8/elistara.asp
scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA per scaricare il Tool (per comodità, posizionalo su Desktop)
Esegui ELISTARTA TOOL:
● alla prima domanda, rispondi SI
● alla seconda, rispondi SI
● alla terza rispondi NO
● si apre la finestra di scansione, clicca su Explorar
● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema
● verrà rilasciato un log dal nome infosat.txt in C: (clicca su Risorse del Computer, poi su Disco Locale C: e trovi il log e lo alleghi alla discussione)
Annotazione
dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita

[fox18]

questo è il nuovo log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.05.28, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\vsnpstd.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe"
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91
O17 - HKLM\System\CS1\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5354 bytes

[Gle89]

come ti ho già detto prima devi fixare di nuovo questa voce:
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow

e cercare il percorso in neretto e cancellarlo (possibilmente da modalità provvisoria)

per il resto è apposto... prosegui con le istruzioni date da Chill-Out

[fox18]

Fri Oct 12 18:32:29 2007
EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Acción Directa):
Key Eliminada [WinLogon\Notify\XXYXUTT] -> C:\WINDOWS\SYSTEM32\xxyxutt.dll
[WinLogon\Notify\XXYXUTT]
Acceso Denegado al fichero
C:\WINDOWS\SYSTEM32\XXYXUTT.DLL
Por favor, envienos una muestra del fichero
que podra copiar arrancando en Consola de Recuperación.
C:\WINDOWS\SYSTEM32\XXYXUTT.DLL --> Acceso Denegado.
C:\WINDOWS\SYSTEM32\XXYXUTT.DLL --> Acceso Denegado.
Eliminada Class, "{9370EFDE-C0DA-42C9-B609-41C87B462011}" -> C:\WINDOWS\system32\xxyxutt.dll
Linea Eliminada del HOSTS --> 127.0.0.1 localmachine # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 www.winsoftware.com ## added by CiD
Linea Eliminada del HOSTS --> 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 barteros.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 brazauskas.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 centralgate.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 cyber-search.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ddh24.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 dnv-counter.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 download.accessmedia.tv # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 download.jupitersatellites.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 exeloads.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 forlink.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 freevideo24.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 get-access.host.sk # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 go-pic.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 greatgoodsex.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 its.justcount.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 krovalidajop.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 l.mezzicodec.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 mmm.elitemediagroup.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 morteen.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 moviecsodecs.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ms-counter.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 msmn.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 musah.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 netincap.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 newsh.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 niuqennaois.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 nnew-adult.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 on-search.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 picslab.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 prevedtraf.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 promo.dollarrevenue.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 search4www.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 search-biz.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 sexyfaceplace.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 snow410.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 software.topinstalls.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 teadis.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 traff5all.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 uniq-soft.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 wearehosters.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.600pics.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.abetterstart.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.all-tgp.org # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.axmediaproject.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.burnsrecyclinginc.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.jtreeproperties.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.lattefresco.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.lust-mature.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.msnwm.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.onli-ne.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.onlyhotlinks.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.picshunter.us # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.picslab.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.procounter.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.sex-pics.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.spamcatchero.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.traff4ppc.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.ufixer.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.voghp.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.wearehosters.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.ysbweb.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.zgallery.us # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ybbwxlxytz.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 yepjnddqpq.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 yougoodheer.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 ysbweb.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 z-advertise.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 zchxsikpgz.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.on-search.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.msmn.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.teen-fantazi.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.bailefunk.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 vivisexy.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.zonebest.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 0websearch.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.sp2admin.biz # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.heretofind.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 www.teenygirlshome.com # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
Linea Eliminada del HOSTS --> 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
No detectado Parche MS06-001 de Microsoft instalado. (WMF)
Eliminadas las Paginas de Inicio y de Busqueda del IE
Eliminados Ficheros Temporales del IE

Fri Oct 12 18:34:15 2007
EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L.
--------------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Games\Supreme\HMG_LEGACY.DLL --> Eliminado, SrchRedir
C:\Programmi\File comuni\Microsoft Shared\Database Replication\WZCNFLCT.EXE --> Eliminado, AutoRun.IZ
No Detectada Utilidad "ELINOTIF.DLL" (Necesaria para la Limpieza)

[fox18]

nonostante tutto mi esce ancora il virus se che nel commento mi dice:
Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Evento occorso durante il tentativo di accesso al file da parte di un'applicazione: \??\C:\WINDOWS\system32\winlogon.exe.

[Chill-Out]

EliStart ha fatto il suo dovere, ma devi far girare i tool al post 9
http://www.hwupgrade.it/forum/showpo...75&postcount=9

[fox18]

questo è vundofix.txt:

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 16.00.42 12/10/2007

Listing files found while scanning....

C:\windows\system32\fgjlm.bak1
C:\windows\system32\fgjlm.bak2
C:\windows\system32\fgjlm.ini
C:\windows\system32\fgjlm.ini2
C:\windows\system32\fgjlm.tmp
C:\windows\system32\mljgf.dll
C:\WINDOWS\system32\qihuixyr.dll
C:\windows\system32\sbuqnuie.dll
C:\WINDOWS\system32\wovuetkj.dll

Beginning removal...

Attempting to delete C:\windows\system32\fgjlm.bak1
C:\windows\system32\fgjlm.bak1 Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.bak2
C:\windows\system32\fgjlm.bak2 Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.ini
C:\windows\system32\fgjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.ini2
C:\windows\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.tmp
C:\windows\system32\fgjlm.tmp Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qihuixyr.dll
C:\WINDOWS\system32\qihuixyr.dll Could not be deleted.

Attempting to delete C:\windows\system32\sbuqnuie.dll
C:\windows\system32\sbuqnuie.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wovuetkj.dll
C:\WINDOWS\system32\wovuetkj.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fgjlm.ini
C:\windows\system32\fgjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.ini2
C:\windows\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\qihuixyr.dll
C:\WINDOWS\system32\qihuixyr.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 16.09.37 12/10/2007

Listing files found while scanning....

C:\windows\system32\fgjlm.ini
C:\windows\system32\mljgf.dll
C:\WINDOWS\system32\ysylgnyl.dll

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 18.08.22 12/10/2007

Listing files found while scanning....

C:\WINDOWS\system32\abpmwvpo.dll
C:\windows\system32\fgjlm.ini
C:\windows\system32\mljgf.dll
C:\WINDOWS\system32\opvwmpba.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\abpmwvpo.dll
C:\WINDOWS\system32\abpmwvpo.dll Could not be deleted.

Attempting to delete C:\windows\system32\fgjlm.ini
C:\windows\system32\fgjlm.ini Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opvwmpba.ini
C:\WINDOWS\system32\opvwmpba.ini Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 18.52.12 12/10/2007

Listing files found while scanning....

C:\windows\system32\fgjlm.ini
C:\windows\system32\fgjlm.tmp
C:\windows\system32\mljgf.dll

VundoFix V6.5.9

Checking Java version...

Sun Java not detected
Scan started at 19.04.10 12/10/2007

Listing files found while scanning....

C:\windows\system32\fgjlm.ini2
C:\windows\system32\fgjlm.tmp
C:\windows\system32\mljgf.dll

Beginning removal...

Attempting to delete C:\windows\system32\fgjlm.ini2
C:\windows\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\windows\system32\fgjlm.tmp
C:\windows\system32\fgjlm.tmp Has been deleted!

Attempting to delete C:\windows\system32\mljgf.dll
C:\windows\system32\mljgf.dll Could not be deleted.

Performing Repairs to the registry.
Done!

[fox18]

per i punti 2 e 3 al post 9 cosa devo fare?

[Chill-Out]

Quote:

Originariamente inviato da fox18

per i punti 2 e 3 al post 9 cosa devo fare?

Punto 2 - scarichi il file lanci l'eseguibile
Punto 3 - scarichi il file lanci l'eseguibile ma da modalità provvisoria F8
al termine riposta log di HijackThis