Olimpo Informatico

[MasterDdj]

Link assegnati:

http://www.freefilehosting.net/download/NDQyOQ==

Forum Link: report31.txt

[bdoriano]

Scarica anche ATF-Cleaner.
Avvia ATF-Cleaner
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Avvia avenger e inserisci queste righe:

[MasterDdj]

Ecco il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vmgqgmgd

*******************

Script file located at: \??\C:\yvcxapyj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\drivers\mydlduiz.sys for replacement
Replacement with dummy of file C:\WINDOWS\system32\drivers\mydlduiz.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\mydlduiz.sys
Status: 0xc0000022

File C:\WINDOWS\system32\drivers\twabpqif.sys replaced with dummy successfully.


File C:\WINDOWS\system32\drivers\elprcrjj.sys not found!
Replacement with dummy of file C:\WINDOWS\system32\drivers\elprcrjj.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\elprcrjj.sys
Status: 0xc0000034

File C:\WINDOWS\temp\txggllik.dll replaced with dummy successfully.
File C:\WINDOWS\temp\nkiatkyh.sys replaced with dummy successfully.
File C:\WINDOWS\TEMP\zohzaa.exe replaced with dummy successfully.
File C:\WINDOWS\system32\vtroll.dll replaced with dummy successfully.


Could not open file C:\WINDOWS\system32\mafbmaf.dll.bak for replacement
Replacement with dummy of file C:\WINDOWS\system32\mafbmaf.dll.bak failed!

Could not process line:
C:\WINDOWS\system32\mafbmaf.dll.bak
Status: 0xc0000022



Could not open file C:\WINDOWS\system32\mafbmaf.dll for replacement
Replacement with dummy of file C:\WINDOWS\system32\mafbmaf.dll failed!

Could not process line:
C:\WINDOWS\system32\mafbmaf.dll
Status: 0xc0000022

File C:\Documents and Settings\Utente\Impostazioni locali\Temp\5fwoxho8.exe replaced with dummy successfully.
File C:\Documents and Settings\Utente\Impostazioni locali\Temp\txggllik.dll replaced with dummy successfully.


Could not open file C:\WINDOWS\system32\drivers\mydlduiz.sys for deletion
Deletion of file C:\WINDOWS\system32\drivers\mydlduiz.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\mydlduiz.sys
Status: 0xc0000022

File C:\WINDOWS\system32\drivers\twabpqif.sys deleted successfully.


File C:\WINDOWS\system32\drivers\elprcrjj.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\elprcrjj.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\elprcrjj.sys
Status: 0xc0000034



Could not delete file C:\WINDOWS\temp\txggllik.dll
Deletion of file C:\WINDOWS\temp\txggllik.dll failed!

Could not process line:
C:\WINDOWS\temp\txggllik.dll
Status: 0xc0000035

File C:\WINDOWS\temp\nkiatkyh.sys deleted successfully.
File C:\WINDOWS\TEMP\zohzaa.exe deleted successfully.
File C:\WINDOWS\system32\vtroll.dll deleted successfully.


Could not open file C:\WINDOWS\system32\mafbmaf.dll.bak for deletion
Deletion of file C:\WINDOWS\system32\mafbmaf.dll.bak failed!

Could not process line:
C:\WINDOWS\system32\mafbmaf.dll.bak
Status: 0xc0000022



Could not open file C:\WINDOWS\system32\mafbmaf.dll for deletion
Deletion of file C:\WINDOWS\system32\mafbmaf.dll failed!

Could not process line:
C:\WINDOWS\system32\mafbmaf.dll
Status: 0xc0000022

File C:\Documents and Settings\Utente\Impostazioni locali\Temp\5fwoxho8.exe deleted successfully.
File C:\Documents and Settings\Utente\Impostazioni locali\Temp\txggllik.dll deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.1 deleted successfully.
Folder C:\WINDOWS\Downloaded Program Files\CONFLICT.2 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\controlset002\services\idfqbpnl deleted successfully.
Registry key HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\auctaaxw deleted successfully.


Could not open registry key HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\idfqbpnl for deletion
Deletion of registry key HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\idfqbpnl failed!

Could not process line:
HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\idfqbpnl
Status: 0xc0000022

Registry key HKEY_LOCAL_MACHINE\system\CurrentControlSet\services\wwhqcgyf deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABCDECF0-4B15-11D1-ABED-709549C10000} deleted successfully.


Could not open registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2C447B0-11E6-4E5F-9B60-1BD986E888C8} for deletion
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B2C447B0-11E6-4E5F-9B60-1BD986E888C8} failed!
Status: 0xc0000022

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zohzaa.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[bdoriano]

Non so più che pesci pigliare...

Tentiamo un altro approccio...

Visualizza i files nascosti e di sistema

Scarica killbox e salvalo in una sua cartella.
Eseguilo
Clicca su All files
Seleziona delete on reboot
Clicca sulla cartellina gialla e seleziona i seguenti files (uno alla volta)
C:\WINDOWS\system32\drivers\mydlduiz.sys
C:\WINDOWS\system32\drivers\elprcrjj.sys
C:\WINDOWS\system32\mafbmaf.dll.bak
C:\WINDOWS\system32\mafbmaf.dll
C:\WINDOWS\temp\txggllik.dll
e clicca sul pallino rosso

Vediamo se questo riesce a combinare qualcosa.

[bdoriano]

Visto che ci siamo, ne proviamo un'altro...

Scarica questo e scompattalo in una sua cartella non temporanea e non sul desktop.
Avvia Rootkit_Detective.exe
Clicca Scan
Al termine della scansione clicca Close
Nella stessa cartella troverai il file RootkitDetectiveReport.txt, caricalo su http://www.freefilehosting.net e posta qui il link che ti viene assegnato.

[MasterDdj]

su killbox non mi fa usare l'opzione allfiles,come faccio?

[bdoriano]

Ciao, scusa il ritardo... tra il lavoro e i problemi del forum, mi sono perso via

Scusa, ho invertito l'ordine
Prima, metti il pallino su Delete on reboot e poi clicca su All Files.