Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Aiuto presunto dialer molto ostico

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Aiuto presunto dialer molto ostico

Postdi Ste-Six » 05/01/07 13:53

Ciao a tutti, ho riscontrato una situazione davvero anomala dopo la segnalazione del malware.
E' cominciato tutto con la segnalazione da parte di avast di questo malware.
Nome del file C:\documents and settings\15111150.dll
Nome malware: win32:Agent-cph [trj].
Dopo la segnalazione è partita un'altra connessione pirata tipo dialer. (io ho la 56k)

Dopo averla bloccata e riavviato il pc ho notato subito 3 cose:
Il programmino antidialer si era cancellato automaticamente
Taskmenager si chiude subito dando la segnalazione di errore, e la scasione completa da parte di avast e ad-aware (tutti aggiornati) non danno risultati.

Inoltre cercando una soluzione sul forum ho provato a cliccare il link di hijackthis o a cercarlo su google, si chiude immediatamente il programma di navigazione , che sia explorel mozilla o opera. Ho provato anche a farmelo mandare tramite messager ma non si apre si chiude immediatamente.
Spero di essere stato chiaro io non so più che fare sono nelle vostre mani.
Grazie mille.
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Sponsor
 

Postdi Ste-Six » 06/01/07 12:43

Grazie ho risolto
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi kadosh » 08/01/07 00:13

Se magari ci scrivessi come ;)
Ch®is ˜˜ www.glgroup.it˜˜ {~Up You® Life~}™ Semper Fidelis
Avatar utente
kadosh
Moderatore
 
Post: 3791
Iscritto il: 24/09/01 01:00
Località: Roma

Postdi Ste-Six » 08/01/07 19:55

Non ho postato perchè è successo diciamo per caso, ho disattivato e riattivato l'antivirus avast, al momento della riattivazione ha rilevato il virus dicendo che era necessario riavviare il pc al momento della riaccensione avast ha fatto una scansione prima che si aprisse windows, e ha rimosso il virus. Il pc ha ripreso le sue funzionalità anche se un dialer deve essere ancora nel pc e non resco ad elminarlo, per ora è tenuto a bada dall'anti dialer.
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi pades » 08/01/07 20:26

non credo che sia molto vantaggioso tenersi nel pc un dialer sopratutto se si ha la 56k quindi posta il log di hijackthis perfavore così togliamo anche quello.
pades
Utente Senior
 
Post: 158
Iscritto il: 26/09/06 17:17

Postdi Ste-Six » 09/01/07 18:47

Ecco qua la scansione di HijackThis, purtoppo penso ci sarà più di un problema, grazie dell'aiuto.




Logfile of HijackThis v1.99.1
Scan saved at 18.43.20, on 09/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\Temp\mkdo5.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Stefano\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,userinit.exe
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {7935D4DA-8BDE-B8BF-A941-D77B824F6A55} - C:\WINDOWS\usqna1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Programmi\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mkdo5.exe] C:\WINDOWS\Temp\mkdo5.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b53083.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} - file://C:\Programmi\AutoCAD 2002 Ita\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{CC96F5EE-65D3-4740-B6D8-872045DD6265}: NameServer = 62.211.69.150 212.48.4.15
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.mcy
O20 - Winlogon Notify: vistax - vistax.dll (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi Luke57 » 10/01/07 09:54

Ciao, sembri infetto da linkoptimizer.
Apri hiajckthis, premi "open the misc tools section", "open process manager", cerca il seguente processo:
C:\WINDOWS\Temp\mkdo5.exe
premi kill process.
Torna al menu principale con back, premi scan, cerca e spunta le seguenti voci:
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,userinit.exe
O2 - BHO: Class - {7935D4DA-8BDE-B8BF-A941-D77B824F6A55} - C:\WINDOWS\usqna1.dll
O4 - HKLM\..\Run: [mkdo5.exe] C:\WINDOWS\Temp\mkdo5.exe
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt6.mcy
O20 - Winlogon Notify: vistax - vistax.dll (file missing)
premi fix checked

Poi elimina tutti i file temp di windows e di ie. Allo scopo usa ATFCleaner:
http://www.atribune.org/ccount/click.php?id=1

Avvia ATF cleaner clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!".

Poi Scarica questi due tools:

http://www.prevx.com/gromozon.asp

Tool di rimozione della Symantec:
http://smallbiz.symantec.com/security_r ... 16-4153-99

Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.

Quello della prevx fa riavviare il computer e al riavvio viene completata la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file (Fixlinkopt.log)

Posta i report delle scansioni dei due tools.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Ste-Six » 10/01/07 20:42

Grazie ancora dell'aiuto ecco i log delle scansioni:

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\aBToHG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\acx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ADhowM.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\aiM.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\aJf.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\aRGt.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\auXKP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Avp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ayH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\beFyyt.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BHzN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\biD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bIGkB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bjAEs.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BJta.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\bsx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\BzP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\CBB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cBL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ccD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\CIt.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cka.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cmu.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Cmy.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\CRLkmc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\csAGZ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\cYOVIv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dEN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dFkVn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dfx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dNlXGz.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Doa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dqbYX.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Dqqij.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\DRe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\DtE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\duW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Dwh.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\dWTSi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\eAX.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\EcRI.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\eiXOJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\eoF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ePB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\EtvT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\FcYcMq.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\fij.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GAQ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GaV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\geJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GGE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\gGFMqJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\GizFdW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\gtge.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\hdv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HFa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HIB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HNH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Hpn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HPW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\HxFsZy.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\hZW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\IAuc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\IfV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ihP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Ikh.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\iMWu.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\IOe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\IrY.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ItI.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\JGN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jgo.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Jnh.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jpz.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\JsB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jSJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jtC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jUfRU.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\jvA.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kdRc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kDT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kIV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kKS.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\krhG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ktP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kwD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kXN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\kYe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\LjPAcH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Lmm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lPmh.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lVk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\lxYN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\msLv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MXC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MxOrgr.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\mxY.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MzO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\MZp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nHgD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nKJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nMgZ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\nxa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\NZV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\oaX.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\OdBd.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\OFx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Ohewp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\onQHZm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\OPu.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\owRCMs.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\OZZ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PBqd.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PbS.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pcR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pfdcB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PLNVu.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PnuR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pqcmdW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pqV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pvL.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pxHEl.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\pzCXG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\PZi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QaXRJU.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qBx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QFcO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qMoPj.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qmrKH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QOxlt.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qRH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QSz.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\qWJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QyP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\QzO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rap.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Rig.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rKW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rooNP.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\RPVr.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rSiJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\RuV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rVHboi.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\rwugqG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\RZs.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\SadX.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\SHuzU.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\SJc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Slt.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\sOa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\stg.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\sXf.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tEk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tfV.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tLhoT.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TmA.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Toc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\TSA.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\tSS.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ucqqe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\uGg.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\uha.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\UIXI.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\uKvrhm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\UoubG.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\UOW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\uvWWe.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vAPA.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\VFa.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vfK.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Vfx.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\VGPF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vMXOH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vTI.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vvE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Vvlek.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\VwAD.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\vXjtGC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\wcmc.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\WOiv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\wOO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\WrJ.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Wyqjvr.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Wzn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XAm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xDC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XjQF.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xjxN.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XkdbO.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xKFkLC.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XLm.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xlo.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xMwVE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XSR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XVn.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\XxIMy.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xZf.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\xZH.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ybWs.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ySk.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\YsM.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\YvkGgB.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\yzR.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ZDmE.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Zegdul.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zfp.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zFuHiW.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\Zfv.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zkote.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\ZRu.exe
Removing protected file: C:\Programmi\File comuni\Microsoft Shared\zxf.exe
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\mkdo1.exe
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\mkdo2.exe
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\mkdo3.exe
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\Temp\mkdo4.exe
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\usqna1.dll
Removed!


Trojan.Gromozon Removed!

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group

Trojan.Linkoptimizer has not been found on your computer.
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi Luke57 » 10/01/07 22:30

Ciao, scarica Systemscan --> http://www.suspectfile.com/forum/viewtopic.php?t=466
(utility per analizzare il computer, comunque nel link è spiegato che cosa fa)
lo scarichi, lo estrai, lo avvii mettendo la spunta a tutte le voci (ci vorranno diversi minuti)e poi alleghi il relativo log (viene salvato con il nome di report.txt nella cartella c:/suspectfile), in quanto molto lungo, su
http://www.mytempdir.com
(con Sfoglia, individui il file del report, premi poi Host it, una volta caricato appare il link dove visualizzare il file).
Copia e incolla il link in un post in modo che lo possa vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Ste-Six » 11/01/07 18:56

Ecco qua il nuovo log

http://www.mytempdir.com/1161229
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi Luke57 » 12/01/07 08:55

Ste-Six ha scritto:Ecco qua il nuovo log

http://www.mytempdir.com/1161229

Ciao, scarica questo tool da qui:
http://www.suspectfile.com/upload/files ... stbfix.exe
avvialo, segui le istruzioni a schermo.
Poi vai qui:
http://www.mytempdir.com/1162105
trovi le istruzioni relative alle procedure da eseguire per completare la rimozone del Gromozon.

Posta poi i due report (tool e Avenger)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Ste-Six » 12/01/07 19:28

Ciao e grazie ancora,
ecco qui i due log

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qtqrifnc

*******************

Script file located at: \??\C:\WINDOWS\system32\qwpmfyrr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.
-------------------------------------------------------------------------------------
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pvkjqhbc

*******************

Script file located at: \??\C:\WINDOWS\system32\plabdbro.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKLM\SYSTEM\CurrentControlSet\Services\NetWhp deleted successfully.
Folder C:\documents and settings\gbZeEVSFXMX deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR10.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR11.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR12.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR13.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR14.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR15.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR16.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR17.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR18.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR19.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR1F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR20.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR21.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR22.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR23.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR24.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR25.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR26.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR27.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR28.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR29.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR2F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR30.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR31.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR32.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR33.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR34.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR35.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR36.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR37.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR38.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR39.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR3F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR40.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR41.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR42.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR43.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR44.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR45.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR46.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR47.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR48.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR49.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR4F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR50.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR51.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR52.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR53.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR54.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR55.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR56.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR57.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR58.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR59.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR5F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR60.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR61.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR62.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR63.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR64.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR65.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR66.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR67.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR68.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR69.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR6F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR70.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR71.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR72.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR73.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR74.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR75.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR76.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR77.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR78.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR79.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR7F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR80.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR81.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR82.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR83.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR84.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR85.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR86.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR87.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR88.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR89.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR8F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR90.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR91.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR92.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR93.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR94.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR95.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR96.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR97.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR98.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR99.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9A.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9B.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9C.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9D.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9E.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXR9F.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA0.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA1.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA2.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA3.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA4.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA5.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA6.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA7.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA8.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRA9.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAA.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAB.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAC.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAD.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAE.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRAF.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB0.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB1.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB2.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB3.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB4.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB5.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB6.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB7.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB8.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRB9.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBA.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBB.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBC.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBD.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBE.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRBF.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC0.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC1.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC2.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC3.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC4.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC5.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC6.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC7.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC8.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRC9.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCA.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCB.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCC.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCD.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCE.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRCF.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRD.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRD0.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRD1.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRD2.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRD3.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRE.tmp deleted successfully.
File C:\Documents and Settings\Stefano\Impostazioni locali\Temp\PXRF.tmp deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList|gbZeEVSFXMX deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como

Postdi Luke57 » 12/01/07 21:02

Ciao, è andato tutto a buon fine ;)
Recentemente il buon gromozon installa anche un rootkit che è stato eliminato dal tool.
Fai l'ultimo controllo con hijackthis, lo apri, premi "open the misc tools section", "open unistall manager" e se trovi, tra le applicazioni, qualcuna di queste o similari:
ConnectionService
-Power Verify
-StrongestGuard
-ConnectionKnight
-StrongestOptimizer
-SecurityOptimizer
-InternetOptimizer
-StrongestPaladin
-SecurityGuard
-InternerGuard
-InternetShield
la selezioni e premi "delete this entry".
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Ste-Six » 12/01/07 23:23

Ok fatto anche l'ultimo passaggio, sembra essere tutto a posto e pare che mi si sia tolto un disturbo allo schermo; magnifico.... grazie per la disponibilità e per la chiarezza!
Ste-Six
Newbie
 
Post: 9
Iscritto il: 05/01/07 13:15
Località: Como


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto presunto dialer molto ostico":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti