Dialer

[mvm]

Ciao a tutti!

Mi sa che mi si è installato un dialer perchè ogni tanto mi si cambia la connessione...Come posso neutralizzarlo?

Logfile of HijackThis v1.99.1
Scan saved at 11.08.36, on 26/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

(Unable to list running processes)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.corriere.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O1 - Hosts: 127.0.0.3 http://www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 http://www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 http://www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 http://www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 http://www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 http://www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 http://www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 http://www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 http://www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 http://www.iframebiz.biz
O1 - Hosts: 127.0.0.3 http://www.iframeurl.biz
O1 - Hosts: 127.0.0.3 http://www.iframesite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 http://www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 http://www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 http://www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 http://www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 http://www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 http://www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 http://www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 http://www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 http://www.loadcash.biz
O1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3 http://www.txiframe.biz
O1 - Hosts: 127.0.0.3 besthvac.com
O1 - Hosts: 127.0.0.3 http://www.besthvac.com
O1 - Hosts: 127.0.0.3 traff4.com
O1 - Hosts: 127.0.0.3 http://www.traff4.com
O1 - Hosts: 127.0.0.3 porn-host.org
O1 - Hosts: 127.0.0.3 http://www.porn-host.org
O1 - Hosts: 127.0.0.3 http://www.sarc.com
O1 - Hosts: 127.0.0.3 ad.doubleclick.net
O1 - Hosts: 127.0.0.3 ad.fastclick.net
O1 - Hosts: 127.0.0.3 ads.fastclick.net
O1 - Hosts: 127.0.0.3 ar.atwola.com
O1 - Hosts: 127.0.0.3 atdmt.com
O1 - Hosts: 127.0.0.3 awaps.net
O1 - Hosts: 127.0.0.3 banner.fastclick.net
O1 - Hosts: 127.0.0.3 banners.fastclick.net
O1 - Hosts: 127.0.0.3 click.atdmt.com
O1 - Hosts: 127.0.0.3 clicks.atdmt.com
O1 - Hosts: 127.0.0.3 engine.awaps.net
O1 - Hosts: 127.0.0.3 fastclick.net
O1 - Hosts: 127.0.0.3 media.fastclick.net
O1 - Hosts: 127.0.0.3 spd.atdmt.com
O1 - Hosts: 127.0.0.3 http://www.fastclick.net
O1 - Hosts: 127.0.0.3 http://www.viruslist.ru
O1 - Hosts: 127.0.0.3 lycee.explode.ru
O1 - Hosts: 127.0.0.3 http://www.lycee.explode.ru
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [UStorage] c:\programmi\u-storage tools2.1\ustorage.exe sys_auto_run C:\Programmi\U-Storage Tools2.1
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\Tucchio\Dati applicazioni\tofareraci\systvmrs.exe
O4 - HKLM\..\Run: [brvl9.exe] C:\WINDOWS\Temp\brvl9.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{F431F208-B98C-4234-9FC8-C4904C8FA725}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Programmi\Symantec AntiVirus\DefWatch.exe
O23 - Service: HkIANb - Unknown owner - \\?\C:\Programmi\lpt3.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Programmi\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Programmi\Symantec AntiVirus\Rtvscan.exe

[andorra24]

Metti la spunta nella casella accanto alle seguenti voci e premi fix checked:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
Tutte le voci 01
O4 - HKLM\..\Run: [SoundMan] C:\WINDOWS\sndman.exe -i
O4 - HKLM\..\Run: [Timer] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [oeuai] C:\Documents and Settings\Tucchio\Dati applicazioni\tofareraci\systvmrs.exe
O4 - HKLM\..\Run: [brvl9.exe] C:\WINDOWS\Temp\brvl9.exe
O15 - Trusted Zone: http://www.1987324.com
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O23 - Service: HkIANb - Unknown owner - \\?\C:\Programmi\lpt3.exe (file missing)

Vai in vai in start/risorse del computer/strumenti/opzioni cartella/visualizzazione e visualizza cartelle e file nascosti e togli la spunta da ''nascondi i file protetti di sistema''. Assicurati di eliminare i seguenti files exe:
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\sndman.exe
C:\WINDOWS\msncomm.exe
C:\WINDOWS\Temp\brvl9.exe

per eliminarli usa killbox:
http://www.bleepingcomputer.com/files/killbox.php

Scarica MyUninstaller da qui:
http://news.swzone.it/swznews-17533.php
(serve per disinstallare programmi e applicazioni, non necessita di installazione). Con questo programma disistalli LinkOptimizer. Dopo averlo disinstallato vai in C:\Programmi ed elimina la cartella LinkOptimizer.

Fai una scansione con ewido:
http://www.grisoft.cz/softw/70/filedir/ ... 0.172a.exe

Fatte tutte queste cose riposta un nuovo log di hijackthis.

[Luke57]

@ Andorra24
Buongiorno
@mvm
Ciao, elimina anche la seguente cartella
C:\Documents and Settings\Tucchio\Dati applicazioni\tofareraci

[Luke57]

Ciao di nuovo, scarica anche ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei)

Al termine delle operazioni di pulizia suggerite, avvia ATF cleaner clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

[andorra24]

@ Andorra24
Buongiorno

Buongiorno anche a te.

[mvm]

Domani appena torno in ufficio faccio tutto ciò che mi avete detto e intanto non posso fare a meno di ringrziarvi!!!!!!!!!!!!!!!!!!!

[mvm]

Ecco il mio nuovo log con le modifiche apportate:

Logfile of HijackThis v1.99.1
Scan saved at 14.16.02, on 27/06/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Microsoft SQL Server\MSSQL$VLSOLE24\Binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\programmi\u-storage tools2.1\ustorage.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\eMule\emule.exe
C:\Documents and Settings\Tucchio\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.corriere.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
O1 - Hosts: 127.0.0.3 http://www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 http://www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 http://www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 http://www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 http://www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 http://www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 http://www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 http://www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 http://www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 http://www.iframebiz.biz
O1 - Hosts: 127.0.0.3 http://www.iframeurl.biz
O1 - Hosts: 127.0.0.3 http://www.iframesite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 http://www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 http://www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 http://www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 http://www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com
O1 - Hosts: 127.0.0.3 topsearch10.com
O1 - Hosts: 127.0.0.3 http://www.topsearch10.com
O1 - Hosts: 127.0.0.3 statscash.biz
O1 - Hosts: 127.0.0.3 http://www.statscash.biz
O1 - Hosts: 127.0.0.3 vxiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vxiframe.biz
O1 - Hosts: 127.0.0.3 crazy-toolbar.com
O1 - Hosts: 127.0.0.3 http://www.crazy-toolbar.com
O1 - Hosts: 127.0.0.3 topcash.biz
O1 - Hosts: 127.0.0.3 http://www.topcash.biz
O1 - Hosts: 127.0.0.3 loadcash.biz
O1 - Hosts: 127.0.0.3 http://www.loadcash.biz
O1 - Hosts: 127.0.0.3 txiframe.biz
O1 - Hosts: 127.0.0.3 http://www.txiframe.biz
O1 - Hosts: 127.0.0.3 besthvac.com
O1 - Hosts: 127.0.0.3 http://www.besthvac.com
O1 - Hosts: 127.0.0.3 traff4.com
O1 - Hosts: 127.0.0.3 http://www.traff4.com
O1 - Hosts: 127.0.0.3 porn-host.org
O1 - Hosts: 127.0.0.3 http://www.porn-host.org
O1 - Hosts: 127.0.0.3 http://www.sarc.com
O1 - Hosts: 127.0.0.3 ad.doubleclick.net
O1 - Hosts: 127.0.0.3 ad.fastclick.net
O1 - Hosts: 127.0.0.3 ads.fastclick.net
O1 - Hosts: 127.0.0.3 ar.atwola.com
O1 - Hosts: 127.0.0.3 atdmt.com
O1 - Hosts: 127.0.0.3 awaps.net
O1 - Hosts: 127.0.0.3 banner.fastclick.net
O1 - Hosts: 127.0.0.3 banners.fastclick.net
O1 - Hosts: 127.0.0.3 click.atdmt.com
O1 - Hosts: 127.0.0.3 clicks.atdmt.com
O1 - Hosts: 127.0.0.3 engine.awaps.net
O1 - Hosts: 127.0.0.3 fastclick.net
O1 - Hosts: 127.0.0.3 media.fastclick.net
O1 - Hosts: 127.0.0.3 spd.atdmt.com
O1 - Hosts: 127.0.0.3 http://www.fastclick.net
O1 - Hosts: 127.0.0.3 http://www.viruslist.ru
O1 - Hosts: 127.0.0.3 lycee.explode.ru
O1 - Hosts: 127.0.0.3 http://www.lycee.explode.ru
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [UStorage] c:\programmi\u-storage tools2.1\ustorage.exe
sys_auto_run C:\Programmi\U-Storage Tools2.1
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [brvl9.exe] C:\WINDOWS\Temp\brvl9.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programmi\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe"
/background
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat
5.0\Distillr\AcroTray.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL
Server\80\Tools\Binn\sqlmangr.exe
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O17 -
HKLM\System\CCS\Services\Tcpip\..\{F431F208-B98C-4234-9FC8-C4904C8FA725}:
NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner -
C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s.
- C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky
Anti-Virus Personal\kavsvc.exe

[andorra24]

Ci sono ancora molte cose da fixare:

R3 - Default URLSearchHook is missing
F2 - REG:system.ini:
UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WINDOWS\SERVICES.EXE
TUTTE LE VOCI 01
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O4 - HKLM\..\Run: [brvl9.exe] C:\WINDOWS\Temp\brvl9.exe
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name

Vai in vai in start/risorse del computer/strumenti/opzioni cartella/visualizzazione e visualizza cartelle e file nascosti e togli la spunta da ''nascondi i file protetti di sistema''. Cerca ed elimina con killbox i seguenti files exe:
C:\WINDOWS\SERVICES.EXE
C:\WINDOWS\Temp\brvl9.exe (svuota il contenuto della cartella Temp)

killbox:http://www.bleepingcomputer.com/files/killbox.php

Fai una scansione con questo tool:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe

[Luke57]

Ciao, procedura d'uso di killbox:
Scarica KILLBOX da qui
http://www.bleepingcomputer.com/files/s ... illBox.zip
- estrailo sul desktop e apri la cartella che lo contiene e quindi avvialo
- Seleziona l'opzione Delete on Reboot . Nello spazio scrivi il percorso del file da eliminare C:\WINDOWS\SERVICES.EXE
e clicchi sulla crocetta rossa (il computer si riavvierà)
Scarica anche deldomains da qui:
http://www.mvps.org/winhelp2002/DelDomains.inf
lo metti sul desktop. Poi, terminate le procedure con hijackthis, click con il tasto dx del mouse sul file .inf e scegli Installa (fa tutto da sè)

[mvm]

é troppo poco un grazie!!!!

Siete stati troppo gentili!!!!!!!!!!