Jump to content

Receving invalid handle when login after a scan


Recommended Posts

My machine start and i see my desktop only if i boot after f8 last know configuration(vista sp1)

But only first time is ok

In each logon i recevice with all user messages "handle is invalid "

Here log og malwarebytes who seem ok

I think that something of bad is appened then i scan and remove twice with malware

and i have problem

Malwarebytes' Anti-Malware 1.20

Versione del database: 948

Windows 6.0.6001 Service Pack 1

19.06.08 14/07/2008

mbam-log-7-14-2008 (19-06-07).txt

Tipo di scansione: Scansione rapida

Elementi scansionati: 49104

Tempo trascorso: 9 minute(s), 35 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 2

Chiavi di registro infette: 9

Valori di registro infetti: 7

Elementi dato del registro infetti: 2

Cartelle infette: 0

File infetti: 10

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

C:\Windows\System32\mlJBQJbX.dll (Trojan.Vundo) -> Unloaded module successfully.

C:\Windows\System32\awtUmLbB.dll (Trojan.Vundo) -> Unloaded module successfully.

Chiavi di registro infette:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b488306-1982-4a57-aec4-a01870387120} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{7b488306-1982-4a57-aec4-a01870387120} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsSecurity1.209.4 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{5412b93f-2c96-4b96-91e0-96156fa023be} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bm5796bdc3 (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{5412b93f-2c96-4b96-91e0-96156fa023be} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbqjbx -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\mljbqjbx -> Quarantined and deleted successfully.

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

C:\Windows\System32\mlJBQJbX.dll (Trojan.Vundo) -> Delete on reboot.

C:\Windows\System32\XbJQBJlm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\XbJQBJlm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\ccxhvc8.bat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\XXCHVC8.BAT (Trojan.Agent) -> Quarantined and deleted successfully.

C:\win-bash.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Windows\System32\awtUmLbB.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\mvejlmgx.dll (Trojan.Agent) -> Delete on reboot.

C:\Windows\System32\yayxYOGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.20

Versione del database: 948

Windows 6.0.6001 Service Pack 1

18.41.52 14/07/2008

mbam-log-7-14-2008 (18-41-52).txt

Tipo di scansione: Scansione completa (C:\|)

Elementi scansionati: 48548

Tempo trascorso: 13 minute(s), 53 second(s)

Processi delle memoria infetti: 0

Moduli della memoria infetti: 0

Chiavi di registro infette: 6

Valori di registro infetti: 0

Elementi dato del registro infetti: 1

Cartelle infette: 0

File infetti: 11

Processi delle memoria infetti:

(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:

(Nessun elemento malevolo rilevato)

Chiavi di registro infette:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{80a54e50-dfe1-4a42-aa7d-ed9ed7615da5} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{80a54e50-dfe1-4a42-aa7d-ed9ed7615da5} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b757e413-323f-4e67-840f-1c93e89d07e1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{b757e413-323f-4e67-840f-1c93e89d07e1} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df9f014c-6f12-4cea-a909-b66d1933f00d} (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{df9f014c-6f12-4cea-a909-b66d1933f00d} (Trojan.Vundo) -> Quarantined and deleted successfully.

Valori di registro infetti:

(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Security Packages (Trojan.Vundo) -> Data: c:\windows\system32\mlectrrj -> Quarantined and deleted successfully.

Cartelle infette:

(Nessun elemento malevolo rilevato)

File infetti:

C:\Windows\System32\mLeCtrRj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\jRrtCeLm.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\jRrtCeLm.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\cbXOIbyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\yybIOXbc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\yybIOXbc.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\urqNDTKc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\cKTDNqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\cKTDNqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\rahbqcxy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\Windows\System32\yxcqbhar.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.