Home News Guide Hardware Download Forum Glossario

Condividi:        

tr/Proxy.horst.Ek.2

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

tr/Proxy.horst.Ek.2

Postdi gigiv77 » 06/12/06 15:10

e rieccomi dopo qualche mese di pace sono di nuovo a parlare degli odiati virus!
Ormai so a memoria di cosa avete bisogno per aiutarmi!
ecco il log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 15.07.04, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Hotmail Popper\hotpop.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\GIGIVA~1\IMPOST~1\Temp\23exmodul32f.f.exe
C:\Programmi\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Programmi\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\gigi valerio\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istitutokronos.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Hotmail Popper.lnk = C:\Programmi\Hotmail Popper\hotpop.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A6E26B2-BAF4-476C-9BB0-FB26A16A6B23}: NameServer = 212.216.112.112 212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC8B91C-ACB7-4F79-BE2D-411F40241B22}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

iantivir guard mi dice che il virus è tr/Proxy.horst.Ek.2



:(
grazie a tutti
gigi
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top
Sponsor
 

Postdi andorra24 » 06/12/06 15:33

Ciao, apri hijackthis. premi su ''open the misc tools section'', poi premi ''open process manager'', individua la voce indicata sotto e premi ''kill process'':

C:\DOCUME~1\GIGIVA~1\IMPOST~1\Temp\23exmodul32f.f.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'':

O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica KillBox
http://www.killbox.net/downloads/KillBox.exe
elimina i seguenti files:
C:\WINDOWS\system\smss.exe (da non confondere con l'omonimo file legittimo che si trova in system32)
C:\DOCUME~1\GIGIVA~1\IMPOST~1\Temp\23exmodul32f.f.exe

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo
Top

Postdi gigiv77 » 06/12/06 21:34

ho fatto come mi hai detto, ma in una cartella condivisa fra me e mia sorella si presenta sempre un exe "setup" sicuramente virus.
Aiuto!!!!!!!!!!

Logfile of HijackThis v1.99.1
Scan saved at 21.31.30, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\carpserv.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\Hotmail Popper\hotpop.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Pinnacle\Shared Files\Programs\PclePvr\VideoControl.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gigi valerio\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.istitutokronos.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [PMCRemote] C:\Programmi\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [PMCS] "C:\Programmi\Pinnacle\Shared Files\Programs\MediaCenterService\PMC.Service.Main.exe" -host -clearDebug
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Hotmail Popper.lnk = C:\Programmi\Hotmail Popper\hotpop.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCC8B91C-ACB7-4F79-BE2D-411F40241B22}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - C:\Programmi\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi andorra24 » 06/12/06 22:36

Il log di hijackthis e' pulito. Se credi di aver individuato il file che ti crea rogne eliminalo con killbox: http://www.killbox.net/downloads/KillBox.exe

Eventualmente fai una scansione con bitdefender:
http://www.bitdefender.com/scan8/ie.html
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo
Top

Postdi gigiv77 » 07/12/06 09:03

Ecco cosa dice il mio antivirus:

AntiVir PersonalEdition Classic
Report file date: giovedì 7 dicembre 2006 08:39

Scanning for 576926 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: gigi valerio
Computer name: PC_A

Version information:
AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 11:06:56
AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 11:56:33
LUKE.DLL : 7.0.0.47 118824 07/09/2006 11:32:33
LUKERES.DLL : 7.0.0.47 9256 07/09/2006 11:56:33
ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 11:35:27
ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 09:12:15
ANTIVIR2.VDF : 6.36.1.131 294400 05/12/2006 07:27:35
ANTIVIR3.VDF : 6.36.1.142 30720 07/12/2006 07:36:42
AVEWIN32.DLL : 7.2.0.49 1946112 06/12/2006 07:27:35
AVPREF.DLL : 7.0.0.2 23592 24/07/2006 13:36:04
AVREP.DLL : 6.36.1.111 983080 01/12/2006 23:36:15
AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 09:43:31
AVPACK32.DLL : 7.2.0.5 368680 19/11/2006 09:12:15
AVREG.DLL : 6.31.0.90 27688 28/07/2005 11:06:36
NETNT.DLL : 6.32.0.0 6696 27/09/2005 08:56:49
NETNW.DLL : 7.0.0.0 9768 24/07/2006 13:35:55
RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 12:22:57
RCTEXT.DLL : 7.0.1.4 77864 19/11/2006 09:12:13

Configuration settings for the scan:
Jobname.......................: Local Hard Disks
Configuration file............: C:\Programmi\AntiVir PersonalEdition Classic\alldiscs.avp
Boot sectors..................: C
Scan memory...................: 1
Process scan..................: 1
Scan all files................: 1
Scan archives.................: 1
Recursion depth...............: 20
Smart extensions..............: 1
Macro heuristic...............: 1
File heuristic................: 0
Primary action................: 1
Secondary action..............: 0

Start of the scan: giovedì 7 dicembre 2006 08:39


The scan of running processes will be started
23 Processes were scanned

Start scanning boot sectors:

Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 26 files ).


Starting the file scan:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Temp\Perflib_Perfdata_5c4.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Temp\Perflib_Perfdata_bd0.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Temp\Perflib_Perfdata_bf4.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\gigi valerio\Impostazioni locali\Temp\Perflib_Perfdata_c68.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_PMC.mdf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_PMC_log.LDF
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf
[WARNING] The file could not be opened!
C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\air.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cIq.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\cVr.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dgB.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\dPiXU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\DRA.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\epCRbR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\epH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\FZh.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ggY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GnS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\GuN.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\hfd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ijH.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\InDOZn.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\JGC.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\Ljqd.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\LYi.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\mcc.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\nwnL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\oaUk.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\OLX.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qdD.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\qhqGBl.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\QmygQT.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SaL.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SBY.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\shBe.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\SST.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\tgyLR.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\uvm.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\wtlg.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\xneDU.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZqKKYS.exe
[WARNING] The file could not be opened!
C:\Programmi\Windows NT\ZtkE.exe
[WARNING] The file could not be opened!
C:\WINDOWS\SoftwareDistribution\EventCache\{CD463812-97E9-4398-9531-4FB73CB639B2}.bin
[WARNING] The file could not be opened!
C:\WINDOWS\system32\dayw.ime
[WARNING] The file could not be opened!
C:\WINDOWS\system32\ActiveScan\pskavs.dll
[DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '45e2ca9e.qua'!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\Perflib_Perfdata_1f8.dat
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\ZLT04b70.TMP
[WARNING] The file could not be opened!
C:\WINDOWS\Temp\ZLT06565.TMP
[WARNING] The file could not be opened!


End of the scan: giovedì 7 dicembre 2006 09:01
Used time: 21:44 min

The scan has been done completely.

4818 Scanning directories
199434 Files were scanned
1 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2744 Archives were scanned
77 Warnings
0 Notes

Ora faccio la scansione con bitdefender e ti dico
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi andorra24 » 07/12/06 10:48

Credo che tu abbia il linkoptimizer. Scarica da questo link i 2 tools di rimozione:
http://www.pc-facile.com/forum/viewtopic.php?t=49816

Lancia per primo il tool della prevx
(disattiva l'antivirus durante la scansione). Il programma fa riavviare il computer e al riavvio termina la scansione. Rilascia un report che trovi in C:\Gromzon_Removal.log.
e poi, esegui il tool della symantec
lo scan di questo tool va eseguito dalla modalità provvisoria.
Anch’esso rilascia un report nella stessa cartella dove hai sistemato il file (FixLinkopt.log).
Incolla in un post entrambi i report.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo
Top

Postdi gigiv77 » 07/12/06 13:38

BitDefender Online Scanner







Scan report generated at: Thu, Dec 07, 2006 - 09:36:06









Scan path: A:\;C:\;D:\;E:\;F:\;















Statistics

Time


00:32:15

Files


276427

Folders


4823

Boot Sectors


2

Archives


4428

Packed Files


10861







Results

Identified Viruses


3

Infected Files


5

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


5







Engines Info

Virus Definitions


329312

Engine build


AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\!KillBox\23exmodul32f.f


Infected with: Generic.Spammer.813CD1F0

C:\!KillBox\23exmodul32f.f


Disinfection failed

C:\!KillBox\23exmodul32f.f


Deleted

C:\!KillBox\SMSS.0XE


Infected with: DeepScan:Generic.Horst.F186C8CF

C:\!KillBox\SMSS.0XE


Disinfection failed

C:\!KillBox\SMSS.0XE


Deleted

C:\Documents and Settings\All Users\Documenti\setup.exe


Infected with: DeepScan:Generic.Horst.B76AF571

C:\Documents and Settings\All Users\Documenti\setup.exe


Disinfection failed

C:\Documents and Settings\All Users\Documenti\setup.exe


Deleted

C:\RECYCLER\S-1-5-21-839522115-963894560-725345543-1003\Dc1.exe


Infected with: DeepScan:Generic.Horst.B76AF571

C:\RECYCLER\S-1-5-21-839522115-963894560-725345543-1003\Dc1.exe


Disinfection failed

C:\RECYCLER\S-1-5-21-839522115-963894560-725345543-1003\Dc1.exe


Deleted

C:\WINDOWS\system32\spool\drivers\setup.exe


Infected with: DeepScan:Generic.Horst.B76AF571

C:\WINDOWS\system32\spool\drivers\setup.exe


Disinfection failed

C:\WINDOWS\system32\spool\drivers\setup.exe


Deleted
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top

Postdi gigiv77 » 07/12/06 16:31

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

mentre il log di grozoom è vuoto perchè ho effettuato piu' volte la scansione e ha sovrascritto il primo dove forse c'era la desne del problema.
ho sto facendo la scansione con il trial di prevx1
vi faccio sapere.
Ciao e grazie
gigiv77
Utente Junior
 
Post: 27
Iscritto il: 20/10/06 13:43
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "tr/Proxy.horst.Ek.2":

Proxy server su rete WIFI
Autore: kapatz 		Forum: Reti, ADSL e wireless
Risposte: 1
Foxy Proxy e immancabili problemi di connessione
Autore: usag 		Forum: Software Windows
Risposte: 2
Errore IP proxy aperto
Autore: la didi 		Forum: Reti, ADSL e wireless
Risposte: 0
Impossibile collegarsi server proxy
Autore: jona69aka 		Forum: Reti, ADSL e wireless
Risposte: 10
Firefox è configurato per utilizzare un server proxy che sta
Autore: Aramone 		Forum: Reti, ADSL e wireless
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 51 ospiti