Condividi:        

Virus e dialer

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Virus e dialer

Postdi lupos3 » 16/09/06 17:31

HO acceso il portatile (usato prima da altri) e mi sono ritrovato sul desktop questo file (91320187.dll) in piu il ripristino di configurazione disattivato.
Ho provato ad usare ad aware, superantispyware e altri programmini free, ma nulla non trova granche , ho inceve fatto una scansione online con panda antivirus ed e' uscito l'inferno , 390 spy, 60 dialer .....un manicomio
vi posto il report di panda online


Incident Status Location

Adware:adware/intcodec Not disinfected Windows Registry
Adware:adware/ieloader Not disinfected Windows Registry
Potentially unwanted tool:application/kill&clean Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/systemdoctor Not disinfected Windows Registry
Dialer:dialer.min Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/spywaresheriff Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/netword Not disinfected Windows Registry
Adware:adware/wetoffice Not disinfected Windows Registry
Adware:adware/spywaresoftstop Not disinfected Windows Registry
Adware:adware/mmediapd Not disinfected Windows Registry
Adware:adware/click Not disinfected Windows Registry
Adware:adware/quantos Not disinfected Windows Registry
Spyware:spyware/browseraccelerator Not disinfected Windows Registry
Adware:adware/wmmafia Not disinfected Windows Registry
Adware:adware/sinabar Not disinfected Windows Registry
Adware:adware/psic Not disinfected Windows Registry
Adware:adware/ourxin Not disinfected Windows Registry
Adware:adware/idonate Not disinfected Windows Registry
Adware:adware/brands Not disinfected Windows Registry
Adware:adware/eztracks Not disinfected Windows Registry
Adware:adware/roogoo Not disinfected Windows Registry
Adware:adware/targetad Not disinfected Windows Registry
Adware:adware/yazzle Not disinfected Windows Registry
Adware:adware/gator.gotsmiley Not disinfected Windows Registry
Adware:adware/spywarequake Not disinfected Windows Registry
Dialer:dialer.gun Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFB51760-344E-4FFB-BFFF-4B18C7AC1D63}
Potentially unwanted tool:application/seekmo Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38}
Adware:adware/trustin Not disinfected Windows Registry
Adware:adware/vog Not disinfected Windows Registry
Adware:adware/emediacodec Not disinfected Windows Registry
Adware:adware/flyswat Not disinfected Windows Registry
Adware:adware/ready2wear Not disinfected Windows Registry
Spyware:spyware/searchnet Not disinfected Windows Registry
Potentially unwanted tool:application/mediapipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
Adware:adware/shorty Not disinfected Windows Registry
Adware:adware/spyfalcon Not disinfected Windows Registry
Adware:adware/alfacleaner Not disinfected Windows Registry
Adware:adware/adwaresheriff Not disinfected Windows Registry
Adware:adware/confusearch Not disinfected Windows Registry
Potentially unwanted tool:application/malwarewipe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3103509-F6EC-4592-B5F2-FD862199D778}
Adware:adware/youcouldwinthis Not disinfected Windows Registry
Potentially unwanted tool:application/errorsafe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6AE7418B-229F-4A2C-AE1B-D5962888F02D}
Adware:adware/spywarestrike Not disinfected Windows Registry
Dialer:dialer.fgw Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF25B447-C0EF-49BB-97D8-D7C3FA27DF5F}
Adware:adware/fchelp Not disinfected Windows Registry
Adware:adware/rbtoolbar Not disinfected Windows Registry
Adware:adware/dropspam Not disinfected Windows Registry
Dialer:dialer.epr Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E15D681-1D20-11D4-8B72-000021DA1956}
Adware:adware/startpage.anl Not disinfected Windows Registry
Adware:adware/crystalys Not disinfected Windows Registry
Adware:adware/adwhere Not disinfected Windows Registry
Adware:adware/winhound Not disinfected Windows Registry
Adware:adware/cws.payfortraffic Not disinfected Windows Registry
Dialer:dialer.dxp Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C881E6FC-C673-4FDD-AEF8-B36DFB10E401}
Potentially unwanted tool:application/spyaxe Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A2D9D3F0-8C2A-2A1D-A376-1BECFB10AB72}
Adware:adware/enhancemsearch Not disinfected Windows Registry
Dialer:dialer.dvj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c32ee4cb-e99f-4147-bfae-67ff3b6f8076}
Adware:adware/borlander Not disinfected Windows Registry
Adware:adware/mytoolbar Not disinfected Windows Registry
Adware:adware/cws.ezsearch Not disinfected Windows Registry
Adware:adware/ipend Not disinfected Windows Registry
Adware:adware/pigsearch Not disinfected Windows Registry
Adware:adware/securitytoolbar Not disinfected Windows Registry
Adware:adware/sweetbar Not disinfected Windows Registry
Adware:adware/syslibie Not disinfected Windows Registry
Adware:adware/videoc Not disinfected Windows Registry
Adware:adware/spyaxe Not disinfected Windows Registry
Adware:adware/falkag Not disinfected Windows Registry
Adware:adware/zeropopup Not disinfected Windows Registry
Adware:adware/webext Not disinfected Windows Registry
Adware:adware/bdnl Not disinfected Windows Registry
Adware:adware/dollarrevenue Not disinfected Windows Registry
Adware:adware/masterbar Not disinfected Windows Registry
Adware:adware/ist.csearch Not disinfected Windows Registry
Adware:adware/cramtoolbar Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/cashsaver Not disinfected Windows Registry
Adware:adware/bonzibuddy Not disinfected Windows Registry
Adware:adware/blowsearch Not disinfected Windows Registry
Adware:adware/affilred Not disinfected Windows Registry
Adware:adware/adultlinks Not disinfected Windows Registry
Adware:adware/adservernow Not disinfected Windows Registry
Adware:adware/adbars Not disinfected Windows Registry
Adware:adware/cashdeluxe Not disinfected Windows Registry
Potentially unwanted tool:application/errorguard Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{205ff73b-ca67-11d5-99dd-444553540006}
Adware:adware/mpgcom Not disinfected Windows Registry
Adware:adware/surfassistant Not disinfected Windows Registry
Adware:adware/morwillsearch Not disinfected Windows Registry
Adware:adware/infocrawler Not disinfected Windows Registry
Adware:adware/adcom Not disinfected Windows Registry
Adware:adware/easyerror Not disinfected Windows Registry
Adware:adware/weblookup Not disinfected Windows Registry
Adware:adware/customtoolbar Not disinfected Windows Registry
Dialer:dialer.dkf Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17BFC8DA-B4D6-4DB9-AA40-1CD32EDA9845}
Adware:adware/quickbar Not disinfected Windows Registry
Dialer:dialer.dji Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C24626A-CC0D-49d6-8454-AAA5B97D4410}
Dialer:dialer.dip Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC3185AE-864F-4E62-9321-0E9FA1CBE6A4}
Adware:adware/2search Not disinfected Windows Registry
Adware:adware/upspiralbar Not disinfected Windows Registry
Adware:adware/uppcbar Not disinfected Windows Registry
Adware:adware/5-search Not disinfected Windows Registry
Adware:adware/bondreal Not disinfected Windows Registry
Adware:adware/popupsearches Not disinfected Windows Registry
Potentially unwanted tool:application/winfixer2005 Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C65AEF6-E413-4314-815B-82717A3F1603}
Adware:adware/securityerror Not disinfected Windows Registry
Adware:adware/mediaplex Not disinfected Windows Registry
Adware:adware/favadd Not disinfected Windows Registry
Adware:adware/windrv Not disinfected Windows Registry
Adware:adware/ddos Not disinfected Windows Registry
Adware:adware/activshopper Not disinfected Windows Registry
Adware:adware/mariasearch Not disinfected Windows Registry
Adware:adware/ieplus Not disinfected Windows Registry
Adware:adware/bestsearchengine Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Adware:adware/searchresults Not disinfected Windows Registry
Adware:adware/cws.customie Not disinfected Windows Registry
Adware:adware/block-checker Not disinfected Windows Registry
Dialer:dialer.cso Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6BC36767-3FCC-4948-8A13-703F887A3E87}
Adware:adware/adblock Not disinfected Windows Registry
Adware:adware/thingies Not disinfected Windows Registry
Adware:adware/spyblast Not disinfected Windows Registry
Adware:adware/enhsrch Not disinfected Windows Registry
Adware:adware/riversoft Not disinfected Windows Registry
Adware:adware/invisiblepop Not disinfected Windows Registry
Adware:adware/henbang Not disinfected Windows Registry
Adware:adware/stripplayer Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/appoli Not disinfected Windows Registry
Adware:adware/bdsearch Not disinfected Windows Registry
Adware:adware/gxb Not disinfected Windows Registry
Adware:adware/veevo Not disinfected Windows Registry
Dialer:dialer.bnz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D7334F5-CF58-4F22-8502-6CC0ACB2FE6B}
Adware:adware/searchexplorer Not disinfected Windows Registry
Dialer:dialer.bmt Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8512B008-B0AA-451F-A744-A289FD8FFDE6}
Adware:adware/popupdefence Not disinfected Windows Registry
Adware:adware/seekseek Not disinfected Windows Registry
Adware:adware/winres Not disinfected Windows Registry
Dialer:dialer.bkj Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E}
Adware:adware/browserplugin Not disinfected Windows Registry
Adware:adware/clicker.b Not disinfected Windows Registry
Adware:adware/surfplugin Not disinfected Windows Registry
Adware:adware/consumeralertsystem Not disinfected Windows Registry
Adware:adware/afaenhance Not disinfected Windows Registry
Adware:adware/seeqbar Not disinfected Windows Registry
Adware:adware/alibabar Not disinfected Windows Registry
Adware:adware/dudu Not disinfected Windows Registry
Adware:adware/hoonter Not disinfected Windows Registry
Adware:adware/ietoolbar Not disinfected Windows Registry
Adware:adware/psguard Not disinfected Windows Registry
Adware:adware/oemji Not disinfected Windows Registry
Adware:adware/winstat Not disinfected Windows Registry
Adware:adware/diytoolbar Not disinfected Windows Registry
Adware:adware/moneygainer Not disinfected Windows Registry
Adware:adware/weirdontheweb Not disinfected Windows Registry
Adware:adware/antivirus-gold Not disinfected Windows Registry
Adware:adware/kz515 Not disinfected Windows Registry
Adware:adware/miamore Not disinfected Windows Registry
Dialer:dialer.cbz Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17243282-24D7-01A5-B2CE-4AD63FBA0B93}
Adware:adware/g-search Not disinfected Windows Registry
Adware:adware/bigtrafficnet Not disinfected Windows Registry
Adware:adware/maxifiles Not disinfected Windows Registry
Spyware:spyware/lefeat Not disinfected Windows Registry
Adware:adware/craft Not disinfected Windows Registry
Adware:adware/aurora Not disinfected Windows Registry
Adware:adware/digitalnames Not disinfected Windows Registry
Adware:adware/redbanner Not disinfected Windows Registry
Adware:adware/coolsavings Not disinfected Windows Registry
Adware:adware/richfind Not disinfected Windows Registry
Adware:adware/ctxpopup Not disinfected Windows Registry
Adware:adware/stickypops Not disinfected Windows Registry
Adware:adware/startpage.wl Not disinfected Windows Registry
Adware:adware/startpage.wh Not disinfected Windows Registry
Adware:adware/wazzup Not disinfected Windows Registry
Adware:adware/imgiant Not disinfected Windows Registry
Potentially unwanted tool:application/need2find Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{630D6140-04C5-4db0-B27A-020D766FF09B}
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Sponsor
 

Postdi andorra24 » 16/09/06 18:17

Mah, mi sembra davvero assurdo, 390 spyware e 60 dialer. Ma hai un allevamento? Comunque di Panda non mi fido molto. Magari posta un log di hijackthis.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi lupos3 » 16/09/06 19:12

andorra24 ha scritto:Mah, mi sembra davvero assurdo, 390 spyware e 60 dialer. Ma hai un allevamento? Comunque di Panda non mi fido molto. Magari posta un log di hijackthis.



ecco il log


Logfile of HijackThis v1.99.1
Scan saved at 20.12.36, on 16/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atievxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\max.MAX-8EE2D348FFA\Impostazioni locali\Temp\wz7857\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: edit_html Class - {14D1A72D-8705-11D8-B120-0040F46CB696} - C:\Documents and Settings\max.MAX-8EE2D348FFA\Desktop\91320187.dll (file missing)
O2 - BHO: Class - {C4D5989E-6DE8-1119-F691-FB733D681E29} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Programmi\U.S. Robotics\Wireless USB Manager\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: U.S. Robotics Wireless USB Adapter.lnk = C:\Programmi\U.S. Robotics\Wireless USB Manager\USR11G.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.laplink.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SrvSmw - Unknown owner - \\?\C:\Programmi\File comuni\System\com2.exe (file missing)
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 16/09/06 19:17

Ciao, hai attuato procedure di rimozione di Gromozon alias linkoptimizer?
Ci sono alcuni riferimenti...
Scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit" nella tabella dei menu
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 16/09/06 19:27

Luke57 ha scritto:Ciao, hai attuato procedure di rimozione di Gromozon alias linkoptimizer?
Ci sono alcuni riferimenti...
Scarica Gmer :
http://www.gmer.net/gmer110.zip
Dopo averlo scompattato, lo avvii, selezioni "Rootkit" nella tabella dei menu
Clicca su "Scan"
Attendi la fine della scansione e clicca su "Copy"
Apri il block notes di windows, clicca su modifica e seleziona incolla

Poi fai una scansione con GMer dalla posizione Autostart, con le stesse procedure del precedente. Incolli il log generato nel suddetto block notes e poi incolli i due log in un post nel forum.



Allora ora ho fatto partire il remove kit del linkoptimizer e mi ha tolto diverse cose
non posso avviare gmer perche mi da schermata BLU
che fare?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 16/09/06 19:29

Ciao, con il tool della Prevx?
Posta il report della scansione, lo trovi in C:\Gromozon_removal.log.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 16/09/06 20:19

Luke57 ha scritto:Ciao, con il tool della Prevx?
Posta il report della scansione, lo trovi in C:\Gromozon_removal.log.



eccolo

Rootkit detected!
Removal Tool loaded into memory
Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file: \\?\C:\WINDOWS\lpt6.rbi
\\?\C:\WINDOWS\lpt6.rbi
Resetting file permissions...
Clearing attributes...
Removing file...
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\1.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\vjbiv1.dll
Removed!


Trojan.Gromozon Removed!
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 16/09/06 20:50

Ciao, ancora non ti pare GMer? Prova dalla posizione Autostart.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 16/09/06 21:42

Luke57 ha scritto:Ciao, ancora non ti pare GMer? Prova dalla posizione Autostart.


da qualsiasi posizione mi va in schermata blu (process invalid).
altre soluzioni?
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 16/09/06 21:52

Ciao, prova a rinominare gmer.exe con un altro nome, che so pippo.exe e a lanciarlo.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi Luke57 » 16/09/06 21:57

Ciao, inoltre se non l'hai scarica Adware 1.06 da qui:
http://www.pc-facile.com/download/anti- ... /ad-aware/
lo installi, aggiorni le definizioni, fai una scansione completa del disco fisso, inserisci il report dello scan in un post (pare che individui alcune chiavi del registro riferite a linkoptimizer).
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 17/09/06 12:39

Luke57 ha scritto:Ciao, prova a rinominare gmer.exe con un altro nome, che so pippo.exe e a lanciarlo.


niente anche rinominando mi va in crash
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi lupos3 » 17/09/06 12:57

Luke57 ha scritto:Ciao, inoltre se non l'hai scarica Adware 1.06 da qui:
http://www.pc-facile.com/download/anti- ... /ad-aware/
lo installi, aggiorni le definizioni, fai una scansione completa del disco fisso, inserisci il report dello scan in un post (pare che individui alcune chiavi del registro riferite a linkoptimizer).


ti posto il log di ad aware, considera che family key logger l'ho installato io :


Ad-Aware SE Build 1.06r1
Logfile Created on:domenica 17 settembre 2006 13.50.01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R123 14.09.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):10 total references
SpyArsenal FamilyKeylogger(TAC index:10):5 total references
Tracking Cookie(TAC index:3):4 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


17-09-2006 13.50.01 - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 416
ThreadCreationTime : 17-09-2006 11.41.30
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 656
ThreadCreationTime : 17-09-2006 11.44.21
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 680
ThreadCreationTime : 17-09-2006 11.44.31
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 17-09-2006 11.44.34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 744
ThreadCreationTime : 17-09-2006 11.44.34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 896
ThreadCreationTime : 17-09-2006 11.44.39
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 992
ThreadCreationTime : 17-09-2006 11.44.45
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 17-09-2006 11.44.47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1188
ThreadCreationTime : 17-09-2006 11.44.47
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1352
ThreadCreationTime : 17-09-2006 11.44.59
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2012
ThreadCreationTime : 17-09-2006 11.45.15
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [atievxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 524
ThreadCreationTime : 17-09-2006 11.45.21
BasePriority : Normal
FileVersion : 5.1.2482.0 (Lab01_N(ericks).010524-2202)
ProductVersion : 5.1.2482.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : ATI Hotkey polling utility
InternalName : atievxx.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : atievxx.exe

#:13 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 540
ThreadCreationTime : 17-09-2006 11.45.22
BasePriority : Normal
FileVersion : 7,1,0,365
ProductVersion : 7.1.0.365
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:14 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 608
ThreadCreationTime : 17-09-2006 11.45.27
BasePriority : Normal
FileVersion : 7,1,0,349
ProductVersion : 7.1.0.349
ProductName : AVG 7.0 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2005, GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:15 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1440
ThreadCreationTime : 17-09-2006 11.45.34
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:16 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1604
ThreadCreationTime : 17-09-2006 11.45.38
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:17 [jusched.exe]
FilePath : C:\Programmi\Java\jre1.5.0_06\bin\
ProcessID : 1252
ThreadCreationTime : 17-09-2006 11.46.07
BasePriority : Normal


#:18 [prismsvr.exe]
FilePath : C:\Programmi\U.S. Robotics\Wireless USB Manager\
ProcessID : 1268
ThreadCreationTime : 17-09-2006 11.46.09
BasePriority : Normal
FileVersion : 1.01.24
ProductVersion : 1.01.24.0026
ProductName : PRISM Wireless LAN
CompanyName : Conexant Systems, Inc.
FileDescription : PRISM Profiles Server Module
InternalName : GlobespanVirata
LegalCopyright : Copyright (c) 2004, Conexant Systems, Inc.
OriginalFilename : PRISMsvr.exe
Comments : Conexant Systems, Inc. (http://www.conexant.com)

#:19 [avgcc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVGFRE~1\
ProcessID : 1376
ThreadCreationTime : 17-09-2006 11.46.11
BasePriority : Normal
FileVersion : 7,1,0,405
ProductVersion : 7.1.0.405
ProductName : AVG Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2006, GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:20 [wcescomm.exe]
FilePath : C:\Programmi\Microsoft ActiveSync\
ProcessID : 1564
ThreadCreationTime : 17-09-2006 11.46.16
BasePriority : Normal
FileVersion : 3.8.0.5004
ProductVersion : 3.8.5004
ProductName : Microsoft ActiveSync
CompanyName : Microsoft Corporation
FileDescription : ActiveSync Connection Manager
InternalName : wcescomm
LegalCopyright : Copyright © 1995-2004 Microsoft Corp. All rights reserved.
LegalTrademarks : Microsoft® and Windows® are registered trademarks of Microsoft Corporation.
OriginalFilename : WCESCOMM.EXE

#:21 [superantispyware.exe]
FilePath : C:\Programmi\SUPERAntiSpyware\
ProcessID : 1080
ThreadCreationTime : 17-09-2006 11.46.18
BasePriority : Normal
FileVersion : 3, 2, 0, 1028
ProductVersion : 3, 2, 0, 1028
ProductName : SUPERAntiSpyware
CompanyName : SUPERAntiSpyware.com
FileDescription : SUPERAntiSpyware
InternalName : SUPERAntiSpyware
LegalCopyright : Copyright (C) 2006 by SUPERAntiSpyware.com and SUPERAdBlocker.com
OriginalFilename : SUPERAntiSpyware.exe

#:22 [usr11g.exe]
FilePath : C:\Programmi\U.S. Robotics\Wireless USB Manager\
ProcessID : 1868
ThreadCreationTime : 17-09-2006 11.46.25
BasePriority : Normal
FileVersion : 1.0.1.13
ProductVersion : 1.0.1.13
ProductName : Wireless Monitor
FileDescription : WLAN Monitor MFC Application
InternalName : base
LegalCopyright : Copyright (C) 2004
OriginalFilename : base.EXE

#:23 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 404
ThreadCreationTime : 17-09-2006 11.46.34
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:24 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1600
ThreadCreationTime : 17-09-2006 11.46.36
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:25 [wuauclt.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1176
ThreadCreationTime : 17-09-2006 11.46.39
BasePriority : Normal
FileVersion : 5.4.3790.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.4.3790.2180
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Aggiornamenti automatici
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : wuauclt.exe

#:26 [ad-aware.exe]
FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2032
ThreadCreationTime : 17-09-2006 11.48.53
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:27 [firefox.exe]
FilePath : C:\Programmi\Mozilla Firefox\
ProcessID : 1408
ThreadCreationTime : 17-09-2006 11.48.56
BasePriority : Normal


Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpyArsenal FamilyKeylogger Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Monitoring Tool
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\kmint21\familykeylogger

SpyArsenal FamilyKeylogger Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Monitoring Tool
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\kmint21\familykeylogger
Value : Options

SpyArsenal FamilyKeylogger Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Monitoring Tool
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\familykeylogger

SpyArsenal FamilyKeylogger Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Monitoring Tool
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\familykeylogger
Value : UninstallString

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 4


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 4


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:max@tradedoubler.com/
Expires : 20-09-2006 22.41.30
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@as1.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:max@as1.falkag.de/
Expires : 15-11-2006 21.27.12
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:max@atdmt.com/
Expires : 15-09-2011 2.00.00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : max@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:max@doubleclick.net/
Expires : 16-09-2006 21.43.04
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 8



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8

Disk Scan Result for C:\DOCUME~2\MAX~1.MAX\IMPOST~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 8



MRU List Object Recognized!
Location: : C:\Documents and Settings\max.MAX-8EE2D348FFA\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-842925246-854245398-1003\software\nico mak computing\winzip\filemenu
Description : winzip recently used archives



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

SpyArsenal FamilyKeylogger Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Monitoring Tool
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software
Value : Transparent

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 19

13.56.08 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.06.06.557
Objects scanned:79687
Objects identified:9
Objects ignored:0
New critical objects:9
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 17/09/06 14:47

Ciao, non ha trovato niente, sei riuscito a far partire Gmer?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi lupos3 » 17/09/06 17:02

Luke57 ha scritto:Ciao, non ha trovato niente, sei riuscito a far partire Gmer?



niente da fare con gmer
lupos3
Utente Senior
 
Post: 177
Iscritto il: 20/08/06 14:15

Postdi Luke57 » 17/09/06 17:13

Ciao, disistallalo e prova con questo:
http://www.suspectfile.com/upload/files/tools/gmer.zip
se andasse buca nuovamente prova a fare il log dalla modalità provvisoria.
Altrimenti faremo altre ricerche.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "Virus e dialer":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti