Condividi:        

Cavallo di troia!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Cavallo di troia!!!

Postdi smells » 22/06/07 20:39

Ragazzi ho beccato 4 Cavalli di troia..avg me li rileva ma nn riesce ad eliminarli? ho provato anche in mod provvisoria ma niente da fare..cm faccio? grazie...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Sponsor
 

Postdi Fabri » 22/06/07 23:14

Sicuramente se li ha rilevati te li avrà messi anche in quarentena ,e li non dovrebbero esserci grossi problemi ,probabilmente con i prossimi aggiornamenti,te li eliminerà,BYE.
Fabri
Utente Senior
 
Post: 710
Iscritto il: 02/04/03 16:02

Postdi hydra » 23/06/07 12:11

Non è un problema software, c'è la sezione apposita per queste cose.
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

Postdi smells » 23/06/07 16:00

è aggiornato all'ultima versione e li ho pure messi in quarantena..ma ad ogni riavvio di windows e come se nn avessi fatto niente e avg mi avverte della presenza di qst virus in continuazione..come faccio?
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 24/06/07 21:14

x favore qualcuno mi aiuti...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 24/06/07 21:16

ho fatto pure un logfile..Logfile of HijackThis v1.99.1
Scan saved at 22.15.44, on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\katanga\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {077B4A57-E5E1-4323-92AA-EE949F19E930} - c:\windows\system32\gjjvcprt.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8E23B2D6-0676-41EB-891F-36967B772234} - c:\windows\system32\haaahaa.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [TonsMixFindAmok] C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [support deaf] C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://smells1.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8552446703
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C3AD0-E4E4-4D4A-9233-F0CC12EE366F}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: egdptnfr - C:\WINDOWS\SYSTEM32\haaahaa.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi BilloKenobi » 25/06/07 08:42

in effetti hai due o tre problemi

prima di cominciare con la pulizia però carica questi file su http://www.virustotal.com e riportaci il risultato delle scansioni

C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi smells » 25/06/07 11:05

ciao...nn riesco a caricarli..se vado su sfoglia nn mi trova quegli indirizzi..cmq a me avg mi rileva cm virus quel ''aahahh.dll''
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi BilloKenobi » 25/06/07 11:57

sì infatti era una delle cose che volevo farti eliminare ;)

scarica

The Avenger --- http://swandog46.geekstogo.com/avenger.zip

Ora estrai e avvia Avenger.exe

disattiva antivirus, firewall, eventuali moduli hips

Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:

files to delete:
C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
c:\windows\system32\gjjvcprt.dll
c:\windows\system32\haaahaa.dll

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077B4A57-E5E1-4323-92AA-EE949F19E930}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TonsMixFindAmok
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|support deaf


Dopo di che, clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Il programma rilascia un log con le operazioni eseguite.

Allegami il log di Avenger (che si trova in C:\avenger.txt) con l´esito dello script.

poi fai un giro con VundoFix
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi smells » 26/06/07 21:23

Innanzitutto grazie mille x l'aiuto..sei stato davvero molto chiaro..:) grazie davvero...il log è questo..spero di aver fatto bene :)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pxfulrcw

*******************

Script file located at: \??\C:\Program Files\hvratkss.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe not found!
Deletion of file C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe
Status: 0xc0000034



File C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe not found!
Deletion of file C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe failed!

Could not process line:
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
Status: 0xc0000034



File c:\windows\system32\gjjvcprt.dll not found!
Deletion of file c:\windows\system32\gjjvcprt.dll failed!

Could not process line:
c:\windows\system32\gjjvcprt.dll
Status: 0xc0000034



Could not open file c:\windows\system32\haaahaa.dll for deletion
Deletion of file c:\windows\system32\haaahaa.dll failed!

Could not process line:
c:\windows\system32\haaahaa.dll
Status: 0xc0000022



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077B4A57-E5E1-4323-92AA-EE949F19E930} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077B4A57-E5E1-4323-92AA-EE949F19E930} failed!
Status: 0xc0000034



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} failed!
Status: 0xc0000022



Could not open registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr failed!
Status: 0xc0000022

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TonsMixFindAmok deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|support deaf
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|support deaf failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 26/06/07 21:28

ps...ho scannarizzato cn il programmino ke mi hai indigato..ma nn mi ha trovato niente di niente..
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi BilloKenobi » 26/06/07 22:26

posta un nuovo log aggiornato.

ps, ma avevi già eseguito una procedura di rimozione con altri strumenti, o in altri forum???
Begun the Clone War has

Sì sì, mi hanno fatto redattore --- SuspectFile
BilloKenobi
Utente Senior
 
Post: 348
Iscritto il: 08/07/06 11:05

Postdi smells » 27/06/07 18:47

Logfile of HijackThis v1.99.1
Scan saved at 19.46.30, on 27/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\Grisoft\AVG7\avginet.exe
C:\WINDOWS\SoftwareDistribution\Download\5904dbd1ee5c2421f7d39af63a702326\update\update.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\katanga\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8E23B2D6-0676-41EB-891F-36967B772234} - c:\windows\system32\haaahaa.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [support deaf] C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://smells1.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8552446703
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C3AD0-E4E4-4D4A-9233-F0CC12EE366F}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: egdptnfr - C:\WINDOWS\SYSTEM32\haaahaa.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
ps...no non ho fatto niente di simile..
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 27/06/07 21:20

scusa forse era qst il log ke ti serviva...Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\efaiaion

*******************

Script file located at: \??\C:\jhxgprrj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe not found!
Deletion of file C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe failed!

Could not process line:
C:\Documents and Settings\All Users\Dati applicazioni\memo hold tons mix\okay nurb.exe
Status: 0xc0000034



File C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe not found!
Deletion of file C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe failed!

Could not process line:
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
Status: 0xc0000034



File c:\windows\system32\gjjvcprt.dll not found!
Deletion of file c:\windows\system32\gjjvcprt.dll failed!

Could not process line:
c:\windows\system32\gjjvcprt.dll
Status: 0xc0000034



Could not open file c:\windows\system32\haaahaa.dll for deletion
Deletion of file c:\windows\system32\haaahaa.dll failed!

Could not process line:
c:\windows\system32\haaahaa.dll
Status: 0xc0000022



Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077B4A57-E5E1-4323-92AA-EE949F19E930} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{077B4A57-E5E1-4323-92AA-EE949F19E930} failed!
Status: 0xc0000034



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} failed!
Status: 0xc0000022



Could not open registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr failed!
Status: 0xc0000022



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TonsMixFindAmok
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|TonsMixFindAmok failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|support deaf
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|support deaf failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 30/06/07 10:37

X favore...qlcn ke mi aiuti :(
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 30/06/07 12:37

smells ha scritto:X favore...qlcn ke mi aiuti :(

Ciao, questa roba qui la conosci?:
C:\WINDOWS\SoftwareDistribution\Download\5904dbd1ee5c2421f7d39af63a702326\update\update.exe

Prova a riutilizzare Avenger con questo script (disattiva antivirus e chiudi tutte le applicazioni quando esegui la procedura):

registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234}
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr

files to delete:
c:\windows\system32\haaahaa.dll
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe



Poi apri il registro di sistema:
start>esegui>regedit (lo digiti nello spazio)>OK
Cliccando sul segno + accanto alle singole voci, ti porti su questa voce:
HKEY_CURRENT_USER
Software
Microsoft
Windows
CurrentVersion
Run
click su Run e sulla parte destra della finestra se trovi
support deaf
click tasto dx su di essa e scegli elimina.

Posta il report di avenger + nuovo log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 30/06/07 19:30

ciao..grazie dell'aiuto..ho fatto tt qll ke mi hai detto...ecco i risultati..Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wkjdvgiu

*******************

Script file located at: \??\C:\Documents and Settings\xuljrwcv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file c:\windows\system32\haaahaa.dll for deletion
Deletion of file c:\windows\system32\haaahaa.dll failed!

Could not process line:
c:\windows\system32\haaahaa.dll
Status: 0xc0000022



File C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe not found!
Deletion of file C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe failed!

Could not process line:
C:\DOCUME~1\katanga\DATIAP~1\SIXTHT~1\Inside Each.exe
Status: 0xc0000034



Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E23B2D6-0676-41EB-891F-36967B772234} failed!
Status: 0xc0000022



Could not open registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\egdptnfr failed!
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 20.29.39, on 30/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\eMule\emule.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\katanga\Desktop\Download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {8E23B2D6-0676-41EB-891F-36967B772234} - c:\windows\system32\haaahaa.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [eSnips] "C:\Programmi\eSnips\ClientGW.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BitTorrent] "C:\Programmi\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://smells1.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8552446703
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE6C3AD0-E4E4-4D4A-9233-F0CC12EE366F}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: egdptnfr - C:\WINDOWS\SYSTEM32\haaahaa.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi smells » 02/07/07 15:19

ma perchè mi abbandonate tutti? è irrisolvibile? posso sapere almeno questo? grazie...
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Postdi Luke57 » 02/07/07 16:01

smells ha scritto:ma perchè mi abbandonate tutti? è irrisolvibile? posso sapere almeno questo? grazie...

Ciao, c'è un qualcosa che impedisce l'eliminazione delle voci indicate nello script di avenger, prima volta che mi capita.
Vai qui:
http://www.suspectfile.com/systemscan
scarica systemscan, strumento di diagnosi. Mettilo sul desktop, con le applicazioni e programmi chiusi, lo avvi, spunti tutte le voci, premi scan now. Al termine della scansione, vai in C:\suspectfile, individui una cartella .zip . Siccome il report è molto lungo, la carichi in questo sito:
http://www.send-file.com/
e in un prossimo post, inserisci il link perchè lo possa vedere.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi smells » 02/07/07 19:11

ciao..purtroppo non mi fa scaricare il file..nonostante ho tolto il firewall e ho consentito il popup!..un altra idea? grazie mille x l'aiuto e la pazienza..
smells
Utente Junior
 
Post: 85
Iscritto il: 02/03/07 20:45

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "Cavallo di troia!!!":


Chi c’è in linea

Visitano il forum: Nessuno e 100 ospiti