spywarewarning.mht mi aiutate?

[Kangurone2000]

mammamia, procediamo con ordine

ecco il risultato dell'analisi con virustotal

File dzbryce6.dll ricevuto il 2008.02.18 13:49:23 (CET)
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.2.18.0 2008.02.18 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.17 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.18 -
CAT-QuickHeal 9.50 2008.02.16 -
ClamAV 0.92.1 2008.02.18 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.18 -
Fortinet 3.14.0.0 2008.02.18 -
F-Prot 4.4.2.54 2008.02.17 -
F-Secure 6.70.13260.0 2008.02.18 -
Ikarus T3.1.1.20 2008.02.18 -
Kaspersky 7.0.0.125 2008.02.18 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.18 -
NOD32v2 2882 2008.02.18 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.17 -
Prevx1 V2 2008.02.18 -
Rising 20.32.02.00 2008.02.18 -
Sophos 4.26.0 2008.02.18 -
Sunbelt 3.0.884.0 2008.02.18 -
Symantec 10 2008.02.18 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.17 -
Webwasher-Gateway 6.6.2 2008.02.18 -

Informazioni addizionali
File size: 32256 bytes
MD5: c24e14d236e8a230e7904618f4ef4a18
SHA1: 9be942db543285bf5c332c04a273165270a339eb
PEiD: -







File 3ivxDSAudioDecoder.ax ricevuto il 2008.02.18 13:58:39 (CET)
Antivirus Versione Ultimo aggiornamento Risultato
AhnLab-V3 2008.2.18.0 2008.02.18 -
AntiVir 7.6.0.67 2008.02.18 -
Authentium 4.93.8 2008.02.17 -
Avast 4.7.1098.0 2008.02.18 -
AVG 7.5.0.516 2008.02.18 -
BitDefender 7.2 2008.02.18 -
CAT-QuickHeal 9.50 2008.02.16 -
ClamAV 0.92.1 2008.02.18 -
DrWeb 4.44.0.09170 2008.02.18 -
eSafe 7.0.15.0 2008.02.17 -
eTrust-Vet 31.3.5546 2008.02.18 -
Ewido 4.0 2008.02.18 -
FileAdvisor 1 2008.02.18 -
Fortinet 3.14.0.0 2008.02.18 -
F-Prot 4.4.2.54 2008.02.17 -
F-Secure 6.70.13260.0 2008.02.18 -
Ikarus T3.1.1.20 2008.02.18 -
Kaspersky 7.0.0.125 2008.02.18 -
McAfee 5231 2008.02.15 -
Microsoft 1.3204 2008.02.18 -
NOD32v2 2882 2008.02.18 -
Norman 5.80.02 2008.02.15 -
Panda 9.0.0.4 2008.02.17 -
Prevx1 V2 2008.02.18 -
Rising 20.32.02.00 2008.02.18 -
Sophos 4.26.0 2008.02.18 -
Sunbelt 3.0.884.0 2008.02.18 -
Symantec 10 2008.02.18 -
TheHacker 6.2.9.222 2008.02.16 -
VBA32 3.12.6.1 2008.02.17 -
VirusBuster 4.3.26:9 2008.02.17 -
Webwasher-Gateway 6.6.2 2008.02.18 -

Informazioni addizionali
File size: 360448 bytes
MD5: 6f27a00bd494ef6b8ee6d1a0032490af
SHA1: ba0ddeecc0d19f106a2e0a86c05c6edd238d09c3
PEiD: -



Quindi proseguiamo
Non sono riuscito a disattivare il ripristino configurazione pioiche con windows 2000 professional il percorso da te indicato non era presente e il piu vicino
pannello di controllo / sistema / avanzate
aveva una sezione avvio e ripristino ma con opzioni differenti da quelle indicate
Ho quindi saltato questo step

In modalità provvisoria ho lanciato il primo programma ecco il report

SmitFraudFix v2.290

Scan done at 14.24.00,85, lun 18/02/2008
Run from H:\apps\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows 2000 [Versione 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost
67.15.57.172 auto.search.msn.com #NETVISION
160.128.161.153 bute2ieh.com
98.142.154.12 catolcwxcav.com
164.105.11.128 ukjp9mn2.com
26.61.135.9 vkipqugtsx.com
74.155.15.232 wvdimh98zhq.com
21.43.177.216 zobcslgff.com
217.65.130.117 fullows.com
0.0.0.0 shiptrop.com
7.19.148.180 thumbstring.net
46.227.219.28 wschooler.com
237.198.174.168 addwjf6zoy.com
42.9.237.234 itqoipyqsq.com

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\config.sy_ Deleted
C:\WINNT\system32\ot.ico Deleted
C:\WINNT\system32\ts.ico Deleted
C:\DOCUME~1\ADMINI~1\PREFER~1\Antivirus Test Online.url Deleted
C:\Programmi\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{AA80B141-C181-4C6D-A85C-3C5EE0D4C1B4}: NameServer=85.255.116.153,85.255.112.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{AA80B141-C181-4C6D-A85C-3C5EE0D4C1B4}: NameServer=85.255.116.153,85.255.112.12
HKLM\SYSTEM\CS2\Services\Tcpip\..\{AA80B141-C181-4C6D-A85C-3C5EE0D4C1B4}: NameServer=85.255.116.153,85.255.112.12


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"="lsass.exe"


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

quindi sono passato a pulire manualmente quanto non era stato eliminato e risultava presente nella tua lista

c:/svchost.exe
c:/svchost2.exe
c:/system32/415427707.dat
c:/system32/adsmsextr.exe
c:/system32/96482.exe
c:/system32/415427707
c:/system32/spywarewarning.mht

altri files da te indicati erano gia stati da me eliminati e non risultavano essere presenti


Ora al riavvio la maledetta pagina spywarewarning.mhtl non appare piu (EVVIVA)
quindi il problema sembrerebbe risolto ma domani (ora sto uscendo) ti postero il nuovo report di systemscan

Per ora ti ringrazio infinitamente per il tempo che mi stai dedicando e la competenza delle tue indicazioni.

Ci tengo comunque a inviarti il report systemscan per vedere se il pc puo ritenersi pulito al di la del problema iniziale che sembra risolto

Grazie ancora