Ativirus 2009 e invasione di pagine publicitarie
2 partecipanti
Pagina 1 di 1
Ativirus 2009 e invasione di pagine publicitarie
lucky Mar Ott 14, 2008 2:35 pm
ciao al forum,
mi sono appena iscritto perché ho un problema che mi afflige da qualche giorno.
Mentre navigo in internet mi escono un sacco di popup di publicità come casino royale, etc...
Inoltre mi esce anche il messaggio; Attention! If your computer is struck by the virus.
Aiutatemi
mi sono appena iscritto perché ho un problema che mi afflige da qualche giorno.
Mentre navigo in internet mi escono un sacco di popup di publicità come casino royale, etc...
Inoltre mi esce anche il messaggio; Attention! If your computer is struck by the virus.
Aiutatemi
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mar Ott 14, 2008 2:39 pm
Ciao lucky e benvenuuto/a
Antivirus 2009 sta creando non pochi problemi, ma fortunatamente si riesce ad eliminare....
cominciamo cosi:
Postaci un log con Hijackthis
ciao
Antivirus 2009 sta creando non pochi problemi, ma fortunatamente si riesce ad eliminare....
cominciamo cosi:
Postaci un log con Hijackthis
ciao
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mar Ott 14, 2008 2:52 pm
grazie della tempestiva risposta Steve
ho un problema pero,come clicco per scaricare hijackthis sia dal link che mi hai dato che da altri,il pc si blocca e non risponde piu fin quando non termino IEXPLORE da task manager
ho un problema pero,come clicco per scaricare hijackthis sia dal link che mi hai dato che da altri,il pc si blocca e non risponde piu fin quando non termino IEXPLORE da task manager
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mar Ott 14, 2008 2:57 pm
wow ma é fantastico....rispondi a tempo di chat come se fosse un centro assistenza
complimenti e grazie ancora,faccio il log e te lo posto
Steve non riesco ad inserire il log, mi dice che é troppo grande....uffiii
complimenti e grazie ancora,faccio il log e te lo posto
Steve non riesco ad inserire il log, mi dice che é troppo grande....uffiii
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mar Ott 14, 2008 4:42 pm
grazie dei complimenti, 
ma é successo solo perché ero in linea... 
per il log ,caricalo qui
http://filefactory.com/
ma é successo solo perché ero in linea... per il log ,caricalo qui
http://filefactory.com/
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mar Ott 14, 2008 5:09 pm
aiaiaiaiai, siamo messi maluccio.... comunuque fai cosi
scarica AVENGER e come descritto nel link inserisci questo script
Postami il log C:\Avenger.txt
scarica AVENGER e come descritto nel link inserisci questo script
- Codice:
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
files to delete:
C:\WINDOWS\system32\cJjkmUvw.ini
C:\WINDOWS\txgvvrrf
C:\WINDOWS\system32\yoghetbj.dll
C:\WINDOWS\system32\aybyplrc.dll
C:\WINDOWS\system32\tepowl.dll
C:\WINDOWS\system32\drivers\bzyxszxo.sys
C:\WINDOWS\system32\cJjkmUvw.ini
C:\WINDOWS\system32\wvUmkjJc.dll
folders to delete:
C:\~ErdUserProfile.$$$
C:\WINDOWS\Temp
C:\WINDOWS\Tasks
C:\WINDOWS\txgvvrrf
registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | 7c83952a
drivers to delete:
bzyxszxo.sys
Postami il log C:\Avenger.txt
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mar Ott 14, 2008 5:19 pm
eccolo Steve, grazie
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Oct 14 16:13:16 2008
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\cJjkmUvw.ini" deleted successfully.
File "C:\WINDOWS\txgvvrrf" deleted successfully.
File "C:\WINDOWS\system32\yoghetbj.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\aybyplrc.dll" not found!
Deletion of file "C:\WINDOWS\system32\aybyplrc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\tepowl.dll" not found!
Deletion of file "C:\WINDOWS\system32\tepowl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\drivers\bzyxszxo.sys" deleted successfully.
Error: file "C:\WINDOWS\system32\cJjkmUvw.ini" not found!
Deletion of file "C:\WINDOWS\system32\cJjkmUvw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\wvUmkjJc.dll" deleted successfully.
Folder "C:\~ErdUserProfile.$$$" deleted successfully.
Folder "C:\WINDOWS\Temp" deleted successfully.
Folder "C:\WINDOWS\Tasks" deleted successfully.
Error: folder "C:\WINDOWS\txgvvrrf" not found!
Deletion of folder "C:\WINDOWS\txgvvrrf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\bzyxszxo.sys" not found!
Deletion of driver "bzyxszxo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7c83952a" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////
Platform: Windows XP (build 2600, Service Pack 2)
Tue Oct 14 16:13:16 2008
//////////////////////////////////////////
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "C:\WINDOWS\system32\cJjkmUvw.ini" deleted successfully.
File "C:\WINDOWS\txgvvrrf" deleted successfully.
File "C:\WINDOWS\system32\yoghetbj.dll" deleted successfully.
Error: file "C:\WINDOWS\system32\aybyplrc.dll" not found!
Deletion of file "C:\WINDOWS\system32\aybyplrc.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "C:\WINDOWS\system32\tepowl.dll" not found!
Deletion of file "C:\WINDOWS\system32\tepowl.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\drivers\bzyxszxo.sys" deleted successfully.
Error: file "C:\WINDOWS\system32\cJjkmUvw.ini" not found!
Deletion of file "C:\WINDOWS\system32\cJjkmUvw.ini" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "C:\WINDOWS\system32\wvUmkjJc.dll" deleted successfully.
Folder "C:\~ErdUserProfile.$$$" deleted successfully.
Folder "C:\WINDOWS\Temp" deleted successfully.
Folder "C:\WINDOWS\Tasks" deleted successfully.
Error: folder "C:\WINDOWS\txgvvrrf" not found!
Deletion of folder "C:\WINDOWS\txgvvrrf" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\bzyxszxo.sys" not found!
Deletion of driver "bzyxszxo.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Registry value "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs" replaced with dummy successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|7c83952a" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mar Ott 14, 2008 5:31 pm
bene , lo script ha fatto il suo lavoro....
adesso vedi se riesci a fare un log hijackthis, e inoltre fai uno scan con MalwareByte's
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
ciao
adesso vedi se riesci a fare un log hijackthis, e inoltre fai uno scan con MalwareByte's
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html?part=dl-10804572&subj=dl&tag=button
ciao
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mar Ott 14, 2008 7:17 pm
ecco malwarebytes
Malwarebytes' Anti-Malware 1.28
Versione del database: 1268
Windows 5.1.2600 Service Pack 2
14/10/2008 18:15:30
mbam-log-2008-10-14 (18-15-27).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 45382
Tempo trascorso: 5 minute(s), 35 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 8
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 42
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
C:\WINDOWS\system32\vryzqm.dll (Trojan.Vundo) -> No action taken.
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10fd9665-7613-4a91-a07a-93252e0ebb10} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{10fd9665-7613-4a91-a07a-93252e0ebb10} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{471ba7bb-24fc-4d26-bcb6-3571f4df174c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{471ba7bb-24fc-4d26-bcb6-3571f4df174c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\WINDOWS\system32\vryzqm.dll (Trojan.Vundo.H) -> No action taken.
C:\Avenger\bzyxszxo.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\xp\Local Settings\Temporary Internet Files\Content.IE5\GHY3WD2V\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\aybyplrc.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bvexltdf.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\duixngmp.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fcujgtml.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jatuts.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jtgdnmhf.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kveqmann.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ldloxngp.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbhltdvv.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qdlpknks.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rlnyxg.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqquvm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tepowl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tsvmgudm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\txgojceu.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtyrwvbw.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xctvnyfb.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP10\A0001437.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP10\A0001439.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002485.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002486.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002487.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002488.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002490.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002491.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002494.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002495.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002497.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002615.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002616.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002617.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002618.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002619.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002620.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002621.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002623.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP17\A0002690.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP17\A0002691.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wsvorlxv.dll (Trojan.Vundo) -> No action taken.
Malwarebytes' Anti-Malware 1.28
Versione del database: 1268
Windows 5.1.2600 Service Pack 2
14/10/2008 18:15:30
mbam-log-2008-10-14 (18-15-27).txt
Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 45382
Tempo trascorso: 5 minute(s), 35 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 8
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 42
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
C:\WINDOWS\system32\vryzqm.dll (Trojan.Vundo) -> No action taken.
Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10fd9665-7613-4a91-a07a-93252e0ebb10} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{10fd9665-7613-4a91-a07a-93252e0ebb10} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{471ba7bb-24fc-4d26-bcb6-3571f4df174c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{471ba7bb-24fc-4d26-bcb6-3571f4df174c} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
Valori di registro infetti:
(Nessun elemento malevolo rilevato)
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
(Nessun elemento malevolo rilevato)
File infetti:
C:\WINDOWS\system32\vryzqm.dll (Trojan.Vundo.H) -> No action taken.
C:\Avenger\bzyxszxo.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\xp\Local Settings\Temporary Internet Files\Content.IE5\GHY3WD2V\nd82m0[1] (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\aybyplrc.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\bvexltdf.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\duixngmp.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\fcujgtml.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jatuts.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\jtgdnmhf.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kveqmann.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\ldloxngp.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbhltdvv.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\qdlpknks.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rlnyxg.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqquvm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tepowl.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tsvmgudm.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\txgojceu.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\vtyrwvbw.dll.vir (Trojan.Vundo) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\xctvnyfb.dll.vir (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP10\A0001437.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP10\A0001439.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002485.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002486.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002487.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002488.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002490.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002491.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002494.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002495.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP11\A0002497.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002615.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002616.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002617.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002618.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002619.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002620.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002621.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP15\A0002623.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP17\A0002690.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{0EF2430B-7D83-43EC-B530-4FF7ADBA2903}\RP17\A0002691.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wsvorlxv.dll (Trojan.Vundo) -> No action taken.
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mar Ott 14, 2008 8:29 pm
elimina quanto trovato da MBA e postami il log hijackthis.... penso che siamo agli sgoccioli
hai ancora popup?
hai ancora popup?
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mer Ott 15, 2008 8:45 am
buongiorno steve
il pc é ritornato come prima, niente piu popup e finiestre varie.Ti posto il log hijackthis per un ultimo controllo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:07, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\xp\Bureau\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4291 bytes
il pc é ritornato come prima, niente piu popup e finiestre varie.Ti posto il log hijackthis per un ultimo controllo
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 07:46:07, on 15/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\xp\Bureau\HiJackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\IPSBHO.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\coIEPlg.dll
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
--
End of file - 4291 bytes
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mer Ott 15, 2008 11:00 am
ok,log pulito
fai cosi;
aggiorna il sistema con il SP3
a questo punto eliminiamo tutto quello che hai usato per la pulizia, scarica OtMoveIt2
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (non necessita installazione)
avvialo con un doppio click e clicca su "cleanup"
conferma l'operazione, e se ti viene chiesto il riavvio acconsenti
se non hai piu problemi, sei apposto....
fai cosi;
aggiorna il sistema con il SP3
a questo punto eliminiamo tutto quello che hai usato per la pulizia, scarica OtMoveIt2
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (non necessita installazione)
avvialo con un doppio click e clicca su "cleanup"
conferma l'operazione, e se ti viene chiesto il riavvio acconsenti
se non hai piu problemi, sei apposto....
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Re: Ativirus 2009 e invasione di pagine publicitarie
lucky Mer Ott 15, 2008 12:10 pm
SEI UN GRANDEEEE STEVEEEE 
problema risolto e devo dire ottima anche la mossa otmoveit per eliminare tutti i tool usati
grazie ancora tanto tanto
problema risolto e devo dire ottima anche la mossa otmoveit per eliminare tutti i tool usati
grazie ancora tanto tanto
lucky- Numero di messaggi : 8
Data d'iscrizione : 14.10.08
Re: Ativirus 2009 e invasione di pagine publicitarie
Steve75 Mer Ott 15, 2008 4:37 pm
di niente figurati....a disposizione
Steve75- Admin
- Numero di messaggi : 614
Data d'iscrizione : 11.05.08 -
Contenuto sponsorizzato
Argomenti simili» Ancora pagine internet non richieste
» lentezza nel caricamento di pagine di internet explorer
» Cattura screen-shot di pagine web on-line
» log hijackthis - pagine internet che si aprono da sole
» lentezza nel caricamento di pagine di internet explorer
» Cattura screen-shot di pagine web on-line
» log hijackthis - pagine internet che si aprono da sole
Pagina 1 di 1
Permessi in questa sezione del forum:
Non puoi rispondere agli argomenti in questo forum.|
|
|