Ho fatto tutte le operazioni, spero di aver fatto tutto giusto!!!!
QUesto è il reporto di avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\vqcmjiip
*******************
Script file located at: \??\C:\WINDOWS\system32\adwjyjxb.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\Programmi\AskTBar not found!
Deletion of folder C:\Programmi\AskTBar failed!
Could not process line:
C:\Programmi\AskTBar
Status: 0xc0000034
File C:\WINDOWS\system32\xxyxVlMg.dll not found!
Deletion of file C:\WINDOWS\system32\xxyxVlMg.dll failed!
Could not process line:
C:\WINDOWS\system32\xxyxVlMg.dll
Status: 0xc0000034
File C:\WINDOWS\system32\mlJYpooO.dll not found!
Deletion of file C:\WINDOWS\system32\mlJYpooO.dll failed!
Could not process line:
C:\WINDOWS\system32\mlJYpooO.dll
Status: 0xc0000034
File C:\WINDOWS\system32\xxywVnNE.dll not found!
Deletion of file C:\WINDOWS\system32\xxywVnNE.dll failed!
Could not process line:
C:\WINDOWS\system32\xxywVnNE.dll
Status: 0xc0000034
File C:\WINDOWS\system32\cbXQiHXp.dll not found!
Deletion of file C:\WINDOWS\system32\cbXQiHXp.dll failed!
Could not process line:
C:\WINDOWS\system32\cbXQiHXp.dll
Status: 0xc0000034
File C:\WINDOWS\system32\efcATKDv.dll not found!
Deletion of file C:\WINDOWS\system32\efcATKDv.dll failed!
Could not process line:
C:\WINDOWS\system32\efcATKDv.dll
Status: 0xc0000034
File C:\WINDOWS\system32\wvUllJAs.dll not found!
Deletion of file C:\WINDOWS\system32\wvUllJAs.dll failed!
Could not process line:
C:\WINDOWS\system32\wvUllJAs.dll
Status: 0xc0000034
File C:\WINDOWS\system32\ddcYqqOi.dll not found!
Deletion of file C:\WINDOWS\system32\ddcYqqOi.dll failed!
Could not process line:
C:\WINDOWS\system32\ddcYqqOi.dll
Status: 0xc0000034
File C:\WINDOWS\system32\qoMffEXp.dll not found!
Deletion of file C:\WINDOWS\system32\qoMffEXp.dll failed!
Could not process line:
C:\WINDOWS\system32\qoMffEXp.dll
Status: 0xc0000034
File C:\WINDOWS\system32\ENnVwyxx.ini deleted successfully.
File C:\WINDOWS\system32\ENnVwyxx.ini2 deleted successfully.
File C:\WINDOWS\system32\sAJllUvw.ini deleted successfully.
File C:\WINDOWS\system32\sAJllUvw.ini2 deleted successfully.
File C:\WINDOWS\system32\gMlVxyxx.ini deleted successfully.
File C:\WINDOWS\system32\gMlVxyxx.ini2 deleted successfully.
File C:\WINDOWS\system32\vDKTAcfe.ini deleted successfully.
File C:\WINDOWS\system32\vDKTAcfe.ini2 deleted successfully.
File C:\WINDOWS\system32\OoopYJlm.ini2 deleted successfully.
File C:\WINDOWS\system32\OoopYJlm.ini deleted successfully.
File C:\WINDOWS\system32\pXHiQXbc.ini deleted successfully.
File C:\WINDOWS\system32\pXHiQXbc.ini2 deleted successfully.
File C:\WINDOWS\system32\qoMffEXp.dll not found!
Deletion of file C:\WINDOWS\system32\qoMffEXp.dll failed!
Could not process line:
C:\WINDOWS\system32\qoMffEXp.dll
Status: 0xc0000034
File C:\WINDOWS\system32\wdaol.dll deleted successfully.
File C:\WINDOWS\system32\iOqqYcdd.ini deleted successfully.
File C:\WINDOWS\system32\iOqqYcdd.ini2 deleted successfully.
File C:\WINDOWS\system32\ycfOoXyb.ini deleted successfully.
File C:\WINDOWS\system32\ycfOoXyb.ini2 deleted successfully.
File C:\WINDOWS\vsnpstd2.exe2033452306 deleted successfully.
File C:\WINDOWS\vsnpstd2.exe2930990258 deleted successfully.
File C:\WINDOWS\vsnpstd2.exe882835518 deleted successfully.
File C:\WINDOWS\vsnpstd2.exe3549919376 deleted successfully.
File C:\WINDOWS\vsnpstd2.exe3820832747 deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Could not delete registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad|{42445467-183A-C20F-DD27-CF14D224B679}
Deletion of registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ShellServiceObjectDelayLoad|{42445467-183A-C20F-DD27-CF14D224B679} failed!
Status: 0xc0000034
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\ShellExecuteHooks|{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{11635C4A-ECC7-4ED7-A172-FA5D54D3E3EE} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{E006915A-42F5-4FEF-A907-ED9B4E010967} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{A8D83A8E-B7D4-40D9-B0F1-60B4528DB626} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{91BA3F3A-3E16-4D3C-A7C6-D089279D5C24} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{8DBBBC71-E019-4917-8DAF-30954ED315BF} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{6166D6F6-992B-4069-8CF2-4F523205D610} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{51323C91-EE33-4AA3-8925-284255DA0455} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{2B83B087-6BCE-43F7-A6A9-ADB4C51D5543} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{FE063DB1-4EC0-403e-8DD8-394C54984B2C} deleted successfully.
Program C:\Documents and Settings\User\Desktop\sys74772.exe successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
Questo è il report di mbrfix
Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
malicious code @ sector 0x950a600 size 0x1e8 !
copy of MBR has been found in sector 62 !
Questo è il report di system scan
14_05_2008_12_24_report.zip
Rispondi quotando