Olimpo Informatico

[ER_MEGLIO]

Stesso problema di molti: il CID.
Vi allego il Log di HJT fatto pochi minuti fa... Devo dire che ho controllato sul sito ufficiale le voci a rischio, ed ho visto che sono abbastanza, infatti credo di non avere solo il problema CID, ma anche qualcun altro... Però prima vorrei togliere questo fastidio, poi magari pensiamo ad eliminare il resto.

Questo il Log:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18.59.54, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Installazione\DAEMON Tools\daemon.exe
F:\Sandro\Applicazioni\[APP] - Topometro.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
F:\Installazione\Azureus\Azureus.exe
C:\windows\explorer.exe
F:\Sandro\Applicazioni\File estratti\HiJackThis 2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB60FE2-F5E8-444F-93E3-2C983C4324C2} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {3ABED1A3-6E01-46DB-85E5-DEC655B727D0} - C:\windows\system32\mevyymfd.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\windows\system32\jfmgljre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\WINDOWS\system32\jkkhheb.dll
O2 - BHO: (no name) - {A65ED676-CBDB-DB43-D31C-4EB08FE60E4D} - (no file)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Installazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TopoMetro] F:\Sandro\Applicazioni\[APP] - Topometro.exe
O4 - HKLM\..\Run: [j8211436] rundll32 C:\windows\system32\j8211436.dll sook
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\windows\system32\mhstvqjv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 6636 bytes





... So già che questi due:
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
...sono infetti, provo a fixarli e vanno via, però non appena faccio di nuovo il HJT rispuntano come se niente fosse.

[bdoriano]

Per cominciare, scarica VundoFix e avvialo. Segui i passaggi e posta qui il log che ti verrà generato.

[ER_MEGLIO]

Ho fatto tutti i passaggi... Ha anche riavviato il pc due volte e dopo ho rifatto il HJT... Qui il Log:



Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.41.11, on 14/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\SYSTEM32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\windows\system32\svchost.exe
C:\windows\SYSTEM32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\RunDll32.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
F:\Installazione\DAEMON Tools\daemon.exe
F:\Sandro\Applicazioni\[APP] - Topometro.exe
C:\windows\system32\rundll32.exe
C:\windows\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
F:\Sandro\Applicazioni\File estratti\HiJackThis 2\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3ABED1A3-6E01-46DB-85E5-DEC655B727D0} - C:\windows\system32\mevyymfd.dll (file missing)
O2 - BHO: (no name) - {54E0CA07-BD9E-416B-AECC-58C3B3DDC3A4} - C:\WINDOWS\system32\pmnlj.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\windows\system32\jfmgljre.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D7EF71F-92F4-4E1E-93DE-E21436E4C815} - C:\windows\SYSTEM32\jkkhheb.dll
O2 - BHO: (no name) - {A65ED676-CBDB-DB43-D31C-4EB08FE60E4D} - (no file)
O4 - HKLM\..\Run: [Collegamento alla pagina delle proprietà di High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "F:\Installazione\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [TopoMetro] F:\Sandro\Applicazioni\[APP] - Topometro.exe
O4 - HKLM\..\Run: [j8211436] rundll32 C:\windows\system32\j8211436.dll sook
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\windows\system32\mhstvqjv.dll",realset
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digisoft AntiDialer.lnk = F:\Installazione\Digisoft AntiDialer\AntiDialer.exe
O4 - Global Startup: DSLMON.lnk = C:\Programmi\Telecom Italia Media\Fast 800-840 Tin.it\dslmon.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CS1\Services\Tcpip\..\{046D0617-D40E-43EF-ADC4-39FE6C43D747}: NameServer = 85.37.17.50 85.38.28.76
O20 - Winlogon Notify: jkkhheb - C:\windows\SYSTEM32\jkkhheb.dll
O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe

--
End of file - 6702 bytes

[Orange]

puoi mettere qui il log di VundoFix?

che antivirus stai usando?

[ER_MEGLIO]

[ER_MEGLIO]

Forse dici questo???

C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.dll
C:\WINDOWS\system32\pmnlj.dll

[Orange]

[ER_MEGLIO]

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 9.33.45 14/06/2007

Listing files found while scanning....

C:\windows\system32\adqeiylx.dll
C:\windows\system32\ayhmnvmc.dll
C:\windows\system32\bcrroxct.exe
C:\windows\system32\budlvysa.dll
C:\windows\system32\bxmclwhb.dll
C:\windows\system32\bykdrkaw.dll
C:\windows\system32\cfayvhtb.dll
C:\windows\system32\commphao.dll
C:\windows\system32\dfdjbigu.exe
C:\windows\system32\edxfxlyf.dll
C:\windows\system32\egmbggek.exe
C:\windows\system32\erfyowpd.dll
C:\windows\system32\etpvshju.dll
C:\windows\system32\gqdkajey.dll
C:\windows\system32\gswfyavc.dll
C:\windows\system32\hiddvwui.dll
C:\windows\system32\hiepdjxj.dll
C:\windows\system32\hocbqgex.dll
C:\windows\system32\iknyrjvo.dll
C:\windows\system32\ikpixwgb.dll
C:\windows\system32\iujwtmpa.dll
C:\windows\system32\j8211436.dll
C:\WINDOWS\system32\jkkhheb.dll
C:\windows\system32\jkklj.dll
C:\windows\system32\jlkkj.ini
C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.tmp
C:\windows\system32\khfffge.dll
C:\windows\system32\kkwjntyg.dll
C:\windows\system32\lrokhkui.dll
C:\windows\system32\mevyymfd.dll
C:\windows\system32\nyikksbg.dll
C:\windows\system32\obcoafqy.ini
C:\windows\system32\osdmtbis.dll
C:\WINDOWS\system32\pmnlj.dll
C:\windows\system32\prutv.ini
C:\windows\system32\pxpixjtt.dll
C:\windows\system32\qcmefbdy.dll
C:\windows\system32\qhavddwy.dll
C:\windows\system32\qhlkoefi.dll
C:\windows\system32\ququvvon.dll
C:\windows\system32\qynsiirq.dll
C:\windows\system32\rhbovley.dll
C:\windows\system32\rihoppxe.dll
C:\windows\system32\rpvkhcqk.dll
C:\windows\system32\sciscswn.dll
C:\windows\system32\sjkjwems.dll
C:\windows\system32\spmewwns.dll
C:\windows\system32\sujpybhk.dll
C:\windows\system32\ttjxipxp.ini
C:\windows\system32\twelgaor.dll
C:\windows\system32\uhlaiosq.dll
C:\windows\system32\vflsrkuf.dll
C:\windows\system32\vturp.dll
C:\windows\system32\wbjafyyu.dll
C:\windows\system32\wbqtxtxw.exe
C:\windows\system32\wobgbtnu.dll
C:\windows\system32\xclypbui.dll
C:\windows\system32\yqfaocbo.dll
C:\windows\system32\yujmfdky.dll

Beginning removal...

Attempting to delete C:\windows\system32\adqeiylx.dll
C:\windows\system32\adqeiylx.dll Has been deleted!

Attempting to delete C:\windows\system32\ayhmnvmc.dll
C:\windows\system32\ayhmnvmc.dll Has been deleted!

Attempting to delete C:\windows\system32\bcrroxct.exe
C:\windows\system32\bcrroxct.exe Has been deleted!

Attempting to delete C:\windows\system32\budlvysa.dll
C:\windows\system32\budlvysa.dll Has been deleted!

Attempting to delete C:\windows\system32\bxmclwhb.dll
C:\windows\system32\bxmclwhb.dll Has been deleted!

Attempting to delete C:\windows\system32\bykdrkaw.dll
C:\windows\system32\bykdrkaw.dll Has been deleted!

Attempting to delete C:\windows\system32\cfayvhtb.dll
C:\windows\system32\cfayvhtb.dll Has been deleted!

Attempting to delete C:\windows\system32\commphao.dll
C:\windows\system32\commphao.dll Has been deleted!

Attempting to delete C:\windows\system32\dfdjbigu.exe
C:\windows\system32\dfdjbigu.exe Has been deleted!

Attempting to delete C:\windows\system32\edxfxlyf.dll
C:\windows\system32\edxfxlyf.dll Has been deleted!

Attempting to delete C:\windows\system32\egmbggek.exe
C:\windows\system32\egmbggek.exe Has been deleted!

Attempting to delete C:\windows\system32\erfyowpd.dll
C:\windows\system32\erfyowpd.dll Has been deleted!

Attempting to delete C:\windows\system32\etpvshju.dll
C:\windows\system32\etpvshju.dll Has been deleted!

Attempting to delete C:\windows\system32\gqdkajey.dll
C:\windows\system32\gqdkajey.dll Has been deleted!

Attempting to delete C:\windows\system32\gswfyavc.dll
C:\windows\system32\gswfyavc.dll Has been deleted!

Attempting to delete C:\windows\system32\hiddvwui.dll
C:\windows\system32\hiddvwui.dll Has been deleted!

Attempting to delete C:\windows\system32\hiepdjxj.dll
C:\windows\system32\hiepdjxj.dll Has been deleted!

Attempting to delete C:\windows\system32\hocbqgex.dll
C:\windows\system32\hocbqgex.dll Has been deleted!

Attempting to delete C:\windows\system32\iknyrjvo.dll
C:\windows\system32\iknyrjvo.dll Has been deleted!

Attempting to delete C:\windows\system32\ikpixwgb.dll
C:\windows\system32\ikpixwgb.dll Has been deleted!

Attempting to delete C:\windows\system32\iujwtmpa.dll
C:\windows\system32\iujwtmpa.dll Has been deleted!

Attempting to delete C:\windows\system32\j8211436.dll
C:\windows\system32\j8211436.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jkkhheb.dll
C:\WINDOWS\system32\jkkhheb.dll Could not be deleted.

Attempting to delete C:\windows\system32\jkklj.dll
C:\windows\system32\jkklj.dll Has been deleted!

Attempting to delete C:\windows\system32\jlkkj.ini
C:\windows\system32\jlkkj.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.bak1
C:\WINDOWS\system32\jlnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.bak2
C:\WINDOWS\system32\jlnmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.tmp
C:\WINDOWS\system32\jlnmp.tmp Has been deleted!

Attempting to delete C:\windows\system32\khfffge.dll
C:\windows\system32\khfffge.dll Has been deleted!

Attempting to delete C:\windows\system32\kkwjntyg.dll
C:\windows\system32\kkwjntyg.dll Has been deleted!

Attempting to delete C:\windows\system32\lrokhkui.dll
C:\windows\system32\lrokhkui.dll Has been deleted!

Attempting to delete C:\windows\system32\mevyymfd.dll
C:\windows\system32\mevyymfd.dll Could not be deleted.

Attempting to delete C:\windows\system32\nyikksbg.dll
C:\windows\system32\nyikksbg.dll Has been deleted!

Attempting to delete C:\windows\system32\obcoafqy.ini
C:\windows\system32\obcoafqy.ini Has been deleted!

Attempting to delete C:\windows\system32\osdmtbis.dll
C:\windows\system32\osdmtbis.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Attempting to delete C:\windows\system32\prutv.ini
C:\windows\system32\prutv.ini Has been deleted!

Attempting to delete C:\windows\system32\pxpixjtt.dll
C:\windows\system32\pxpixjtt.dll Has been deleted!

Attempting to delete C:\windows\system32\qcmefbdy.dll
C:\windows\system32\qcmefbdy.dll Has been deleted!

Attempting to delete C:\windows\system32\qhavddwy.dll
C:\windows\system32\qhavddwy.dll Has been deleted!

Attempting to delete C:\windows\system32\qhlkoefi.dll
C:\windows\system32\qhlkoefi.dll Has been deleted!

Attempting to delete C:\windows\system32\ququvvon.dll
C:\windows\system32\ququvvon.dll Has been deleted!

Attempting to delete C:\windows\system32\qynsiirq.dll
C:\windows\system32\qynsiirq.dll Has been deleted!

Attempting to delete C:\windows\system32\rhbovley.dll
C:\windows\system32\rhbovley.dll Has been deleted!

Attempting to delete C:\windows\system32\rihoppxe.dll
C:\windows\system32\rihoppxe.dll Has been deleted!

Attempting to delete C:\windows\system32\rpvkhcqk.dll
C:\windows\system32\rpvkhcqk.dll Has been deleted!

Attempting to delete C:\windows\system32\sciscswn.dll
C:\windows\system32\sciscswn.dll Has been deleted!

Attempting to delete C:\windows\system32\sjkjwems.dll
C:\windows\system32\sjkjwems.dll Has been deleted!

Attempting to delete C:\windows\system32\spmewwns.dll
C:\windows\system32\spmewwns.dll Has been deleted!

Attempting to delete C:\windows\system32\sujpybhk.dll
C:\windows\system32\sujpybhk.dll Has been deleted!

Attempting to delete C:\windows\system32\ttjxipxp.ini
C:\windows\system32\ttjxipxp.ini Has been deleted!

Attempting to delete C:\windows\system32\twelgaor.dll
C:\windows\system32\twelgaor.dll Has been deleted!

Attempting to delete C:\windows\system32\uhlaiosq.dll
C:\windows\system32\uhlaiosq.dll Has been deleted!

Attempting to delete C:\windows\system32\vflsrkuf.dll
C:\windows\system32\vflsrkuf.dll Has been deleted!

Attempting to delete C:\windows\system32\vturp.dll
C:\windows\system32\vturp.dll Has been deleted!

Attempting to delete C:\windows\system32\wbjafyyu.dll
C:\windows\system32\wbjafyyu.dll Has been deleted!

Attempting to delete C:\windows\system32\wbqtxtxw.exe
C:\windows\system32\wbqtxtxw.exe Has been deleted!

Attempting to delete C:\windows\system32\wobgbtnu.dll
C:\windows\system32\wobgbtnu.dll Has been deleted!

Attempting to delete C:\windows\system32\xclypbui.dll
C:\windows\system32\xclypbui.dll Has been deleted!

Attempting to delete C:\windows\system32\yqfaocbo.dll
C:\windows\system32\yqfaocbo.dll Has been deleted!

Attempting to delete C:\windows\system32\yujmfdky.dll
C:\windows\system32\yujmfdky.dll Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\j8211436.dll
C:\windows\system32\j8211436.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkhheb.dll
C:\WINDOWS\system32\jkkhheb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\jlnmp.ini2
C:\WINDOWS\system32\jlnmp.ini2 Has been deleted!

Attempting to delete C:\windows\system32\mevyymfd.dll
C:\windows\system32\mevyymfd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 9.43.52 14/06/2007

Listing files found while scanning....

C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll

Beginning removal...

Attempting to delete C:\windows\system32\jkkhheb.dll
C:\windows\system32\jkkhheb.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\jlnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnlj.dll
C:\WINDOWS\system32\pmnlj.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Sun Java not detected
Scan started at 12.34.49 14/06/2007

Listing files found while scanning....

C:\windows\system32\jkkhheb.dll
C:\WINDOWS\system32\jlnmp.ini
C:\WINDOWS\system32\pmnlj.dll


Ce ne più di uno... Tutto quelli che ho fatti stamattina!!

[bdoriano]

E quanti ne hai fatti?
Posta qui l'ultimo della serie e un log aggiornato di hijackthis.

[ER_MEGLIO]

Ragazzi torno da un altro pc per dirvi che quello su cui mi serviva aiuto ha alzato definitivamente bandiera bianca... E a giorni lo dovrò formattare... Mi dispiace, ma davvero non c'è più nulla da fare! ... Ringrazio coloro che avevano cercato di darmi un mano a rimetterlo in sesto!

Ps: Non so come, ma è scomparsa la connessione ad internet e non me la fa neanche re-impostare...

[bdoriano]

Peccato!

Si poteva tentare un altro approccio.

Se vuoi fare un ultimo tentativo:
da un pc con internet funzionante scarica questo tool e scompattalo in una sua cartella
avvia il tool
File --> On-line automatic update --> Start (per aggiornarlo)

Comprimi la cartella contenente il tool e le relative sottocartelle.
Salva il file zippato su chiavetta o cd.
spostati sul pc azzoppato.
Decomprimi il file zippato in una sua cartella

Avvia AVZ.exe
File --> Standard scripts
metti la spunta su Healing/Quarantine and Advanced System Investigation
clicca Execute selected scripts
conferma la tua scelta.
Viene creato il file virusinfo_syscure.zip che trovi nella sottocartella LOGS dove hai scompattato il tool.

copia il log su chiavetta e spostati sul pc con la connessione attiva
carica il log su http://www.freefilehosting.net/ e qui metti solo il link per poterlo scaricare.

[ER_MEGLIO]

Bdoriano grazie mille per i tuoi aiuti, ma ormai penso non ci sia più nulla da fare... Devo formattare, anche perchè è da un bel pò che ho quel pc e non l'ho mai formattato... Ogni tanto ci vuole!!

[ER_MEGLIO]

[Orange]

[ER_MEGLIO]

[bdoriano]

Allora ci serve il log aggiornato di hijackthis.

E, visto che ci sei...

Scarica questo e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.

Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.

[ER_MEGLIO]

[ER_MEGLIO]

...Ho fatto il resto:

[Orange]

ma non avevi detto che hai risolto...?

scarica Avenger e scompattalo sul desktop
avvialo seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si aprirà View/edit script copia/incolla seguente