|
|||||||
|
|
|
 |
|
|
Strumenti |
12-10-2007, 16:54
|
#1 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
virus variante win32/adware.agent
ciao a tutti
appena avvio il pc, NOD32 mi rileva un virus e non riesco a cancallarlo. Esce scritto su NOD32: FILE: C:\WINDOWS\system32\xxyxutt.dll VIRUS: probabilmente una variante di Win32/Adware.Agent applicazione COMMENTO: questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Evento occorso durante il tentativo di accesso al file da parte di un'applicazione: C:\WINDOWS\Explorer.EXE Purtroppo non si cancella, cosa posso fare? |
|
|
|
12-10-2007, 17:00
|
#2 |
|
Senior Member
Iscritto dal: Aug 2005
Città: Genova
Messaggi: 3397
|
log di hijackthis
|
|
|
|
|
12-10-2007, 17:02
|
#3 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
come si fa?
|
|
|
|
|
12-10-2007, 17:13
|
#4 | |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Quote:
__________________
Disinfettare da disk knight.exe / Icone desktop sparite? / Guida Rimozione Virus MSN Guida "Impossibile installare alcuni aggiornamenti XP / Ultima modifica di Gle89 : 12-10-2007 alle 17:19. |
|
|
|
|
|
12-10-2007, 17:14
|
#5 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Scarica HijackThis da qui: http://www.trendsecure.com/portal/en...HiJackThis.zip
decomprimi il file compresso, lancia l'eseguibile, clicca su Do a sytem scan and save log file, copia e incolla qui il contenuto del file di testo generato.
__________________
Try again and you will be luckier.
|
|
|
|
|
12-10-2007, 17:20
|
#6 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17.18.59, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\vsnpstd.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\VIA\RAID\raid_tool.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\WINDOWS\explorer.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {8156A70A-E462-4170-9BB1-00B41DE7B851} - C:\WINDOWS\system32\mljgf.dll O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ysylgnyl.dll O2 - BHO: (no name) - {9370EFDE-C0DA-42C9-B609-41C87B462011} - C:\WINDOWS\system32\xxyxutt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91 O17 - HKLM\System\CS1\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91 O17 - HKLM\System\CS2\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91 O20 - Winlogon Notify: xxyxutt - C:\WINDOWS\SYSTEM32\xxyxutt.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 6634 bytes |
|
|
|
|
12-10-2007, 17:24
|
#7 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29023
|
Quote:
  fatto questo ora puoi anch e fixarli con hijackthis
|
|
|
|
|
|
12-10-2007, 17:26
|
#8 | |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Adesso, se lo hai attivo, disabilita il ripristino di configurazione di sistema (start – programmi – accessori – utilità di sistema – ripristino di configurazione di sistema).
Ora apri di nuovo HiJackThis con la seconda opzione “do a system scan” e seleziona le voci che ti riporterò qui sotto, mettendo il segno di spunta verde alla sinistra di ogni voce. Alla fine premi “Fix Checked”in fondo e dai la conferma. Chiudi pure HiJackThis. Ecco le voci da fissare: Quote:
ora usa ESET AGVPFIX: clicca qui per il download Non è necessaria l'installazione (è un tool stand-alone); una volta lanciato, individua, rimuove e eventuali Win32/Agent.VP trojan poi fai pulizia con CCLEANER: clicca qui per il download una volta installato, lancia il programma, nel menu di sinistra portati alla voce Opzioni e nella finestra successiva clicca su: ● Impostazioni, e spunta la voce Cancellazione sicura (lenta) poi su: ● Avanzate, togli la spunta alla voce Cancella solo file più vecchi di 48 ore ● alla voce Pulizia, spunta tutte le quelle comprese nella sezione Avanzate ● nel menu a sinistra, clicca sulla voce Pulizia, clicca su tasto Avvia Pulizia per eseguire la scansione ● sempre nel menu a sinistra, clicca sulla voce Problemi, clicca sul tasto Trova problemi ed avvia una scansione; al termine della scansione clicca sulla voce Ripara selezionati e prosegui Alla fine usa la versione NUOVA di HJT scaricandola dalla mia firma e posta un nuovo log |
|
|
|
|
|
12-10-2007, 17:37
|
#9 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Dopo fai girare questi tool
1 http://www.atribune.org/public-beta/VundoFix.exe lancialo metti la spunta su "Run VundoFix as a task" ti darà un messaggio che vundofix si chiuderà e riaprirà in un minuto o meno, quando il programma si riaprirà clicca OK clicca su "Scan for Vundo" quando ha finito di fare la scansione clicca su "Remove vundo" clicca YES alla domanda se vuoi rimuovere i files,quindi inizierà a rimuovere le dll del vundo ,quando ha finito ti dirà che dovrà riavviare il pc clicca OK, posta il log che troverai in C:\vundofix.txt.... 2 http://securityresponse.symantec.com...r/FixVundo.exe 3 http://secured2k.home.comcast.net/to...undoBeGone.exe da modalità provvisoria F8
__________________
Try again and you will be luckier.
|
|
|
|
|
12-10-2007, 17:39
|
#10 |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 29023
|
esatto...forse senza tanti ravanamenti è meglio eseguire il vundofix senza passare per hijackthis
|
|
|
|
|
12-10-2007, 17:45
|
#11 | |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Quote:
|
|
|
|
|
|
12-10-2007, 18:00
|
#12 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Poi sempre con calma, quindi dopo aver laciato i tool per rimuovere Vundo fai girare questo:
ELISTARTA TOOL http://www.zonavirus.com/datos/desca...8/elistara.asp scorri, fino in fondo, la pagina Web che si aprirà e clicca su Descargar ELISTARTA per scaricare il Tool (per comodità, posizionalo su Desktop) Esegui ELISTARTA TOOL: ● alla prima domanda, rispondi SI ● alla seconda, rispondi SI ● alla terza rispondi NO ● si apre la finestra di scansione, clicca su Explorar ● terminata la scansione, chiudi il Tool e provvedi a riavviare il sistema ● verrà rilasciato un log dal nome infosat.txt in C: (clicca su Risorse del Computer, poi su Disco Locale C: e trovi il log e lo alleghi alla discussione) Annotazione dopo aver rilanciato Internet Explorer, potrebbe rendersi necessario reimpostare la propria pagina Web predefinita
__________________
Try again and you will be luckier.
|
|
|
|
|
12-10-2007, 18:06
|
#13 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
questo è il nuovo log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18.05.28, on 12/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\slserv.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\WINDOWS\vsnpstd.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\VIA\RAID\raid_tool.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [TQ566808] "F:\Setup.exe" O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91 O17 - HKLM\System\CS1\Services\Tcpip\..\{4983B07C-C30F-4602-8126-7A3995B6D7A9}: NameServer = 85.37.17.49 85.38.28.91 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 5354 bytes |
|
|
|
|
12-10-2007, 18:14
|
#14 |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
come ti ho già detto prima devi fixare di nuovo questa voce:
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\abpmwvpo.dll",sitypnow e cercare il percorso in neretto e cancellarlo (possibilmente da modalità provvisoria) per il resto è apposto... prosegui con le istruzioni date da Chill-Out
|
|
|
|
|
12-10-2007, 18:48
|
#15 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
Fri Oct 12 18:32:29 2007
EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Acción Directa): Key Eliminada [WinLogon\Notify\XXYXUTT] -> C:\WINDOWS\SYSTEM32\xxyxutt.dll [WinLogon\Notify\XXYXUTT] Acceso Denegado al fichero C:\WINDOWS\SYSTEM32\XXYXUTT.DLL Por favor, envienos una muestra del fichero que podra copiar arrancando en Consola de Recuperación. C:\WINDOWS\SYSTEM32\XXYXUTT.DLL --> Acceso Denegado. C:\WINDOWS\SYSTEM32\XXYXUTT.DLL --> Acceso Denegado. Eliminada Class, "{9370EFDE-C0DA-42C9-B609-41C87B462011}" -> C:\WINDOWS\system32\xxyxutt.dll Linea Eliminada del HOSTS --> 127.0.0.1 localmachine # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 bin.errorprotector.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 br.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 br.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 br.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 cdn.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 cdn.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 cdn.winsoftware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 de.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 de.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.cdn.winsoftware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.systemdoctor.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.winantispyware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.windrivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 download.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 dynamique.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 errorprotector.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 es.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 fr.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 fr.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 go.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 go.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 go.winantispyware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 go.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 hk.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 instlog.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 instlog.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 jsp.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 kb.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 kb.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 nl.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 se.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 secure.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 secure.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispam.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantispy.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 secure.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 support.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 trial.updates.winsoftware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 ulog.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 utils.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 utils.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 utils.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 winantispyware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 winfixer2006.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 winsoftware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.drivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.errorprotector.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.errorsafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.systemdoctor.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.utils.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.win-anti-virus-pro.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.win-virus-pro.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispam.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispy.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winantispyware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winantivirus.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winantiviruspro.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivecleaner.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.windrivesafe.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winfixer2006.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 www.winsoftware.com ## added by CiD Linea Eliminada del HOSTS --> 127.0.0.1 2005-search.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 600pics.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 absolutepics.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 barteros.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 best4all.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 brazauskas.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 bundleware.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 centralgate.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 cyber-search.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ddh24.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 dnv-counter.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 download.accessmedia.tv # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 download.jupitersatellites.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 exeloads.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 forlink.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 freevideo24.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 game4all.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 get-access.host.sk # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 go-pic.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 greatgoodsex.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 heretofind.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 it.online-more.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 its.justcount.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 krovalidajop.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 l.mezzicodec.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 lust-mature.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 mmm.elitemediagroup.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 morteen.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 moviecsodecs.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ms-counter.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 msmn.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 musah.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 netincap.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 newsh.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 niuqennaois.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 nnew-adult.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 on-search.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 picshunter.us # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 picslab.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 prevedtraf.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 promo.dollarrevenue.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 rogalik.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 search4www.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 search-biz.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 searchforit.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 sexyfaceplace.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 snow410.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 software.topinstalls.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 teadis.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 teen-biz.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 traff5all.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 traffbest.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ukstories.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 uniq-soft.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 wearehosters.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.600pics.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.abetterstart.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.all-tgp.org # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.axmediaproject.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.best4all.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.burnsrecyclinginc.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.hqthumbz.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.jtreeproperties.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.lattefresco.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.lust-mature.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.mikos.paraisoasiatico.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.msnwm.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.newsh.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.onli-ne.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.onlyhotlinks.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.picshunter.us # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.picslab.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.procounter.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.sex-pics.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.spamcatchero.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.traff4ppc.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.ufixer.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.voghp.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.wearehosters.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.ysbweb.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.zgallery.us # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ybbwxlxytz.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 yepjnddqpq.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 yougoodheer.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 ysbweb.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 z-advertise.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 zchxsikpgz.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 zgallery.us # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.searchforit.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 zonebest.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.nude-teens-bodies.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.bundleware.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.on-search.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.msmn.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.search4www.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.teen-biz.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 searchx.cc # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.all-websearch.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 more-pages.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 surubanet.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.teen-fantazi.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 flavinha.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.bailefunk.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 dedmazai.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 vivisexy.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.zonebest.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 0websearch.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.sp2admin.biz # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.heretofind.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 www.teenygirlshome.com # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla*** Linea Eliminada del HOSTS --> 127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla*** No detectado Parche MS06-001 de Microsoft instalado. (WMF) Eliminadas las Paginas de Inicio y de Busqueda del IE Eliminados Ficheros Temporales del IE Fri Oct 12 18:34:15 2007 EliStartPage v14.82 (c)2007 S.G.H. / Satinfo S.L. -------------------------------------------------- Lista de Acciones (por Exploración): Explorando Unidad C:\ C:\Games\Supreme\HMG_LEGACY.DLL --> Eliminado, SrchRedir C:\Programmi\File comuni\Microsoft Shared\Database Replication\WZCNFLCT.EXE --> Eliminado, AutoRun.IZ No Detectada Utilidad "ELINOTIF.DLL" (Necesaria para la Limpieza) |
|
|
|
|
12-10-2007, 18:50
|
#16 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
nonostante tutto mi esce ancora il virus se che nel commento mi dice:
Questo file può essere cancellato. Assicurati di aver salvato i tuoi dati prima di cancellarlo. Evento occorso durante il tentativo di accesso al file da parte di un'applicazione: \??\C:\WINDOWS\system32\winlogon.exe. |
|
|
|
|
12-10-2007, 18:52
|
#17 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
EliStart ha fatto il suo dovere, ma devi far girare i tool al post 9
http://www.hwupgrade.it/forum/showpo...75&postcount=9
__________________
Try again and you will be luckier.
|
|
|
|
|
12-10-2007, 19:19
|
#18 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
questo è vundofix.txt:
VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 16.00.42 12/10/2007 Listing files found while scanning.... C:\windows\system32\fgjlm.bak1 C:\windows\system32\fgjlm.bak2 C:\windows\system32\fgjlm.ini C:\windows\system32\fgjlm.ini2 C:\windows\system32\fgjlm.tmp C:\windows\system32\mljgf.dll C:\WINDOWS\system32\qihuixyr.dll C:\windows\system32\sbuqnuie.dll C:\WINDOWS\system32\wovuetkj.dll Beginning removal... Attempting to delete C:\windows\system32\fgjlm.bak1 C:\windows\system32\fgjlm.bak1 Has been deleted! Attempting to delete C:\windows\system32\fgjlm.bak2 C:\windows\system32\fgjlm.bak2 Has been deleted! Attempting to delete C:\windows\system32\fgjlm.ini C:\windows\system32\fgjlm.ini Has been deleted! Attempting to delete C:\windows\system32\fgjlm.ini2 C:\windows\system32\fgjlm.ini2 Has been deleted! Attempting to delete C:\windows\system32\fgjlm.tmp C:\windows\system32\fgjlm.tmp Has been deleted! Attempting to delete C:\windows\system32\mljgf.dll C:\windows\system32\mljgf.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qihuixyr.dll C:\WINDOWS\system32\qihuixyr.dll Could not be deleted. Attempting to delete C:\windows\system32\sbuqnuie.dll C:\windows\system32\sbuqnuie.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\wovuetkj.dll C:\WINDOWS\system32\wovuetkj.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\fgjlm.ini C:\windows\system32\fgjlm.ini Has been deleted! Attempting to delete C:\windows\system32\fgjlm.ini2 C:\windows\system32\fgjlm.ini2 Has been deleted! Attempting to delete C:\windows\system32\mljgf.dll C:\windows\system32\mljgf.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\qihuixyr.dll C:\WINDOWS\system32\qihuixyr.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 16.09.37 12/10/2007 Listing files found while scanning.... C:\windows\system32\fgjlm.ini C:\windows\system32\mljgf.dll C:\WINDOWS\system32\ysylgnyl.dll VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 18.08.22 12/10/2007 Listing files found while scanning.... C:\WINDOWS\system32\abpmwvpo.dll C:\windows\system32\fgjlm.ini C:\windows\system32\mljgf.dll C:\WINDOWS\system32\opvwmpba.ini Beginning removal... Attempting to delete C:\WINDOWS\system32\abpmwvpo.dll C:\WINDOWS\system32\abpmwvpo.dll Could not be deleted. Attempting to delete C:\windows\system32\fgjlm.ini C:\windows\system32\fgjlm.ini Has been deleted! Attempting to delete C:\windows\system32\mljgf.dll C:\windows\system32\mljgf.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\opvwmpba.ini C:\WINDOWS\system32\opvwmpba.ini Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 18.52.12 12/10/2007 Listing files found while scanning.... C:\windows\system32\fgjlm.ini C:\windows\system32\fgjlm.tmp C:\windows\system32\mljgf.dll VundoFix V6.5.9 Checking Java version... Sun Java not detected Scan started at 19.04.10 12/10/2007 Listing files found while scanning.... C:\windows\system32\fgjlm.ini2 C:\windows\system32\fgjlm.tmp C:\windows\system32\mljgf.dll Beginning removal... Attempting to delete C:\windows\system32\fgjlm.ini2 C:\windows\system32\fgjlm.ini2 Has been deleted! Attempting to delete C:\windows\system32\fgjlm.tmp C:\windows\system32\fgjlm.tmp Has been deleted! Attempting to delete C:\windows\system32\mljgf.dll C:\windows\system32\mljgf.dll Could not be deleted. Performing Repairs to the registry. Done! |
|
|
|
|
12-10-2007, 19:21
|
#19 |
|
Member
Iscritto dal: Oct 2007
Messaggi: 108
|
per i punti 2 e 3 al post 9 cosa devo fare?
|
|
|
|
|
12-10-2007, 19:24
|
#20 | |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Quote:
Punto 3 - scarichi il file lanci l'eseguibile ma da modalità provvisoria F8 al termine riposta log di HijackThis
__________________
Try again and you will be luckier.
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:30.
