Home News Guide Hardware Download Forum Glossario

Condividi:        

Problema tack.exe e conn.exe

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

Problema tack.exe e conn.exe

Postdi LEVI » 28/10/06 22:17

Ciao a tutti, sono un nuovo arrivato. Da qualche mese ho a che fare con 2 progammini moooolto fastidiosi, Tack.exe e conn.exe. Tralasciando il fatto che ciò è stato causato da quel depravato mio fratello(frequentatore di certi siti...), vi chiederei gentilmente di aiutarmi. Un mio amico mi ha consigliato di fare una scansione HijackThis e di inviarvi il logfile:

Logfile of HijackThis v1.99.1
Scan saved at 22.28.47, on 28/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\directxs.exe
C:\Documents and Settings\User\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Temp\yipw6.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\User\Menu Avvio\Programmi\Esecuzione automatica\ms.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomepage.capitan-trash.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.3 http://www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 http://www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 http://www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 http://www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 http://www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 http://www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 http://www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 http://www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 http://www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 http://www.iframebiz.biz
O1 - Hosts: 127.0.0.3 http://www.iframeurl.biz
O1 - Hosts: 127.0.0.3 http://www.iframesite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 http://www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 http://www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 http://www.allforadult.com
O1 - Hosts: 127.0.0.3 http://www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 http://www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 http://www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 http://www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 http://www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 http://www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 http://www.slutmania.biz
O1 - Hosts: 127.
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {B2A0984D-0D41-6A92-9498-B7863EA90963} - C:\WINDOWS\kvpwi1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe
O4 - HKLM\..\Run: [WIZZ] C:\Programmi\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Programmi\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Winsystem] C:\WINDOWS\system32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\User\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\system32\ntsystem.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [yipw6.exe] C:\WINDOWS\Temp\yipw6.exe
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [WeatherCast] "C:\Programmi\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ms.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINDOWS\system32\WINSYS~1\FREEVI~1.EXE (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Winsystem - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Wintel\VIDEOC~1.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Alice - {6EFEDC69-B67A-49EB-BFB8-F2E702419E5A} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.3
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {37A587FE-1A33-4DAF-AFEB-ED1A1146C44A} - http://uv97vqm3.com/0058674b/55508/1/xp/FreeAccess.cab
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://acces-direct.net/20222/Italie/Oversexe.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.playqames.com/default.cab?ui ... s&ex&ppd=4
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/10243-23.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 515_it.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.softlab.name/closer/close.exe
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)


Vi chiedo ancora scusa in quanto vi rubo un po' del vostro prezioso tempo...
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top
Sponsor
 

Postdi Luke57 » 28/10/06 23:36

Ciao, hai una miriade di infezioni nel computer, tra cui linkoptimizer. Penso che fai prima a formattare che non a tentare un'operazione di pulizia.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi LEVI » 29/10/06 11:30

Ma non esiste proprio un modo per eliminare tutti questi virus senza formattare?
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi Luke57 » 29/10/06 11:39

Ciao, se ci vuoi provare, fai una scansione con il tuo antivirus aggiornato in modalità provvisoria (trovi più sotto il modo per andarci).
Poi vai qui:
http://www.pc-facile.com/forum/viewtopic.php?t=49816
scarica questi due tools.
Eseguili uno alla volta; disattiva il tuo antivirus durante la scansione.
Quello della prevx fa riavviare il computer e al riavvio viene eseguita la scansione, al termine della quale viene rilasciato un report che trovi in C:\Gromozon_Removal.log.

Poi esegui il tool della symantec (meglio dalla modalità provvisoria; se
non sai come andarci, premi ripetutamente il tasto F8 all'accensione del computer prima che inizi a caricarsi windows; sulla schermata grigia che appare scegli modalità provvisoria spostandoti con le freccette e premendo invio).

Anche questo tool rilascia un rapporto della scansione nella cartella dove
hai messo il file.

Inoltre scarica virit da qui:
http://www.tgsoft.it/italy/index_ita.html
versione di prova 30gg. aggiornalo alle ultimissime definizioni. Fai una scansione dalla modalità provvisoria, riavvii ed esegui un'altra scansione dalla modalità normale.

Posta i report delle scansioni dei due tools.
Posta anche il rapporto di virit.
Posta un nuovo log di hiajckthis.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi LEVI » 29/10/06 13:19

Scusa la mia ignoranza ma avrei un paio di domande prima di fare la procedura:
1- Dopo aver fatto la scansione con AVAST in modalità provvisoria, la scansione del tool della prevx la eseguo in modalità provvisoria o no?
2- Come faccio a disattivare AVAST durante la scansione?

Grazie in anticipo per la risposta... sono un poco ignorante, non avevo mai avuto questi problemi prima... :roll:
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi Luke57 » 29/10/06 13:36

Ciao, il tool della prevx puoi eseguirlo in mod.normale.
Chiudi il tuo antivirus, generalmente cliccando sull'icona con il tasto dx del mouse e scegliendo l'opzione adatta.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi LEVI » 30/10/06 14:06

Ecco i risultati della procedura:

TOOL PREVX

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\aHQ.exe
Removing protected file: C:\Programmi\File comuni\System\aJoka.exe
Removing protected file: C:\Programmi\File comuni\System\anNdhS.exe
Removing protected file: C:\Programmi\File comuni\System\aOjRF.exe
Removing protected file: C:\Programmi\File comuni\System\AoRPB.exe
Removing protected file: C:\Programmi\File comuni\System\ASEa.exe
Removing protected file: C:\Programmi\File comuni\System\Asnn.exe
Removing protected file: C:\Programmi\File comuni\System\ASS.exe
Removing protected file: C:\Programmi\File comuni\System\Auh.exe
Removing protected file: C:\Programmi\File comuni\System\AZJIWX.exe
Removing protected file: C:\Programmi\File comuni\System\Bbf.exe
Removing protected file: C:\Programmi\File comuni\System\BbFtSs.exe
Removing protected file: C:\Programmi\File comuni\System\BBo.exe
Removing protected file: C:\Programmi\File comuni\System\BDn.exe
Removing protected file: C:\Programmi\File comuni\System\bTq.exe
Removing protected file: C:\Programmi\File comuni\System\BUCFlt.exe
Removing protected file: C:\Programmi\File comuni\System\BXb.exe
Removing protected file: C:\Programmi\File comuni\System\BZo.exe
Removing protected file: C:\Programmi\File comuni\System\cAb.exe
Removing protected file: C:\Programmi\File comuni\System\CeY.exe
Removing protected file: C:\Programmi\File comuni\System\ChTprc.exe
Removing protected file: C:\Programmi\File comuni\System\cIh.exe
Removing protected file: C:\Programmi\File comuni\System\CLR.exe
Removing protected file: C:\Programmi\File comuni\System\cnG.exe
Removing protected file: C:\Programmi\File comuni\System\cTfF.exe
Removing protected file: C:\Programmi\File comuni\System\CwUNd.exe
Removing protected file: C:\Programmi\File comuni\System\CxJs.exe
Removing protected file: C:\Programmi\File comuni\System\CZH.exe
Removing protected file: C:\Programmi\File comuni\System\Dnq.exe
Removing protected file: C:\Programmi\File comuni\System\dpZ.exe
Removing protected file: C:\Programmi\File comuni\System\drIWPJ.exe
Removing protected file: C:\Programmi\File comuni\System\duA.exe
Removing protected file: C:\Programmi\File comuni\System\dXJ.exe
Removing protected file: C:\Programmi\File comuni\System\DXZ.exe
Removing protected file: C:\Programmi\File comuni\System\ECE.exe
Removing protected file: C:\Programmi\File comuni\System\eCQbj.exe
Removing protected file: C:\Programmi\File comuni\System\EEq.exe
Removing protected file: C:\Programmi\File comuni\System\Eetnev.exe
Removing protected file: C:\Programmi\File comuni\System\EEW.exe
Removing protected file: C:\Programmi\File comuni\System\EgC.exe
Removing protected file: C:\Programmi\File comuni\System\eLY.exe
Removing protected file: C:\Programmi\File comuni\System\emU.exe
Removing protected file: C:\Programmi\File comuni\System\ePT.exe
Removing protected file: C:\Programmi\File comuni\System\euaOmj.exe
Removing protected file: C:\Programmi\File comuni\System\eyUl.exe
Removing protected file: C:\Programmi\File comuni\System\eZK.exe
Removing protected file: C:\Programmi\File comuni\System\FAV.exe
Removing protected file: C:\Programmi\File comuni\System\fDZzdU.exe
Removing protected file: C:\Programmi\File comuni\System\Ffk.exe
Removing protected file: C:\Programmi\File comuni\System\Fgs.exe
Removing protected file: C:\Programmi\File comuni\System\fIqm.exe
Removing protected file: C:\Programmi\File comuni\System\FKV.exe
Removing protected file: C:\Programmi\File comuni\System\foS.exe
Removing protected file: C:\Programmi\File comuni\System\fPyTNM.exe
Removing protected file: C:\Programmi\File comuni\System\fRmrCN.exe
Removing protected file: C:\Programmi\File comuni\System\fTC.exe
Removing protected file: C:\Programmi\File comuni\System\fty.exe
Removing protected file: C:\Programmi\File comuni\System\gfV.exe
Removing protected file: C:\Programmi\File comuni\System\GJX.exe
Removing protected file: C:\Programmi\File comuni\System\GKKU.exe
Removing protected file: C:\Programmi\File comuni\System\gqf.exe
Removing protected file: C:\Programmi\File comuni\System\gUE.exe
Removing protected file: C:\Programmi\File comuni\System\GVh.exe
Removing protected file: C:\Programmi\File comuni\System\gWL.exe
Removing protected file: C:\Programmi\File comuni\System\GXB.exe
Removing protected file: C:\Programmi\File comuni\System\gXC.exe
Removing protected file: C:\Programmi\File comuni\System\gzVzf.exe
Removing protected file: C:\Programmi\File comuni\System\Gzz.exe
Removing protected file: C:\Programmi\File comuni\System\hbSUa.exe
Removing protected file: C:\Programmi\File comuni\System\HgelX.exe
Removing protected file: C:\Programmi\File comuni\System\HgnI.exe
Removing protected file: C:\Programmi\File comuni\System\HqyU.exe
Removing protected file: C:\Programmi\File comuni\System\HsH.exe
Removing protected file: C:\Programmi\File comuni\System\HtzCd.exe
Removing protected file: C:\Programmi\File comuni\System\HuQAgR.exe
Removing protected file: C:\Programmi\File comuni\System\Hvi.exe
Removing protected file: C:\Programmi\File comuni\System\HWetDO.exe
Removing protected file: C:\Programmi\File comuni\System\HxL.exe
Removing protected file: C:\Programmi\File comuni\System\HYw.exe
Removing protected file: C:\Programmi\File comuni\System\idIOzS.exe
Removing protected file: C:\Programmi\File comuni\System\IwPb.exe
Removing protected file: C:\Programmi\File comuni\System\JkbBBD.exe
Removing protected file: C:\Programmi\File comuni\System\JKV.exe
Removing protected file: C:\Programmi\File comuni\System\jLk.exe
Removing protected file: C:\Programmi\File comuni\System\jNIaeM.exe
Removing protected file: C:\Programmi\File comuni\System\jppl.exe
Removing protected file: C:\Programmi\File comuni\System\JVu.exe
Removing protected file: C:\Programmi\File comuni\System\KdYF.exe
Removing protected file: C:\Programmi\File comuni\System\KFq.exe
Removing protected file: C:\Programmi\File comuni\System\kka.exe
Removing protected file: C:\Programmi\File comuni\System\kUbP.exe
Removing protected file: C:\Programmi\File comuni\System\Kyg.exe
Removing protected file: C:\Programmi\File comuni\System\LaF.exe
Removing protected file: C:\Programmi\File comuni\System\lcA.exe
Removing protected file: C:\Programmi\File comuni\System\LedbAc.exe
Removing protected file: C:\Programmi\File comuni\System\lfa.exe
Removing protected file: C:\Programmi\File comuni\System\LgQuYq.exe
Removing protected file: C:\Programmi\File comuni\System\lhVasz.exe
Removing protected file: C:\Programmi\File comuni\System\LnBiO.exe
Removing protected file: C:\Programmi\File comuni\System\LpHKdD.exe
Removing protected file: C:\Programmi\File comuni\System\LqQ.exe
Removing protected file: C:\Programmi\File comuni\System\LSIR.exe
Removing protected file: C:\Programmi\File comuni\System\LvX.exe
Removing protected file: C:\Programmi\File comuni\System\lXi.exe
Removing protected file: C:\Programmi\File comuni\System\lXT.exe
Removing protected file: C:\Programmi\File comuni\System\LXY.exe
Removing protected file: C:\Programmi\File comuni\System\lyrOwE.exe
Removing protected file: C:\Programmi\File comuni\System\maJ.exe
Removing protected file: C:\Programmi\File comuni\System\MIltcr.exe
Removing protected file: C:\Programmi\File comuni\System\MIpk.exe
Removing protected file: C:\Programmi\File comuni\System\mIR.exe
Removing protected file: C:\Programmi\File comuni\System\MMb.exe
Removing protected file: C:\Programmi\File comuni\System\mQS.exe
Removing protected file: C:\Programmi\File comuni\System\MUz.exe
Removing protected file: C:\Programmi\File comuni\System\MvdjS.exe
Removing protected file: C:\Programmi\File comuni\System\MVnRlj.exe
Removing protected file: C:\Programmi\File comuni\System\MwJ.exe
Removing protected file: C:\Programmi\File comuni\System\mZe.exe
Removing protected file: C:\Programmi\File comuni\System\nfw.exe
Removing protected file: C:\Programmi\File comuni\System\NIY.exe
Removing protected file: C:\Programmi\File comuni\System\NKz.exe
Removing protected file: C:\Programmi\File comuni\System\NXEYaD.exe
Removing protected file: C:\Programmi\File comuni\System\NzbCgm.exe
Removing protected file: C:\Programmi\File comuni\System\OdX.exe
Removing protected file: C:\Programmi\File comuni\System\Oee.exe
Removing protected file: C:\Programmi\File comuni\System\Ofs.exe
Removing protected file: C:\Programmi\File comuni\System\oJL.exe
Removing protected file: C:\Programmi\File comuni\System\OkMmv.exe
Removing protected file: C:\Programmi\File comuni\System\OVcibl.exe
Removing protected file: C:\Programmi\File comuni\System\OXt.exe
Removing protected file: C:\Programmi\File comuni\System\PaU.exe
Removing protected file: C:\Programmi\File comuni\System\pbyu.exe
Removing protected file: C:\Programmi\File comuni\System\peN.exe
Removing protected file: C:\Programmi\File comuni\System\PFHaoz.exe
Removing protected file: C:\Programmi\File comuni\System\plGfE.exe
Removing protected file: C:\Programmi\File comuni\System\pmj.exe
Removing protected file: C:\Programmi\File comuni\System\PPy.exe
Removing protected file: C:\Programmi\File comuni\System\prkfqk.exe
Removing protected file: C:\Programmi\File comuni\System\pti.exe
Removing protected file: C:\Programmi\File comuni\System\qDr.exe
Removing protected file: C:\Programmi\File comuni\System\QHl.exe
Removing protected file: C:\Programmi\File comuni\System\QJA.exe
Removing protected file: C:\Programmi\File comuni\System\QJiRp.exe
Removing protected file: C:\Programmi\File comuni\System\qNYkFy.exe
Removing protected file: C:\Programmi\File comuni\System\QuO.exe
Removing protected file: C:\Programmi\File comuni\System\Qwz.exe
Removing protected file: C:\Programmi\File comuni\System\QZl.exe
Removing protected file: C:\Programmi\File comuni\System\Rdi.exe
Removing protected file: C:\Programmi\File comuni\System\ReRn.exe
Removing protected file: C:\Programmi\File comuni\System\rFT.exe
Removing protected file: C:\Programmi\File comuni\System\RHGye.exe
Removing protected file: C:\Programmi\File comuni\System\rhy.exe
Removing protected file: C:\Programmi\File comuni\System\rKmpIh.exe
Removing protected file: C:\Programmi\File comuni\System\ROU.exe
Removing protected file: C:\Programmi\File comuni\System\rpHh.exe
Removing protected file: C:\Programmi\File comuni\System\RTw.exe
Removing protected file: C:\Programmi\File comuni\System\RxqV.exe
Removing protected file: C:\Programmi\File comuni\System\sat.exe
Removing protected file: C:\Programmi\File comuni\System\ScpIz.exe
Removing protected file: C:\Programmi\File comuni\System\SGWv.exe
Removing protected file: C:\Programmi\File comuni\System\sKE.exe
Removing protected file: C:\Programmi\File comuni\System\skhqp.exe
Removing protected file: C:\Programmi\File comuni\System\TAFt.exe
Removing protected file: C:\Programmi\File comuni\System\Tbg.exe
Removing protected file: C:\Programmi\File comuni\System\tDDFm.exe
Removing protected file: C:\Programmi\File comuni\System\tDms.exe
Removing protected file: C:\Programmi\File comuni\System\TeF.exe
Removing protected file: C:\Programmi\File comuni\System\thH.exe
Removing protected file: C:\Programmi\File comuni\System\tjCX.exe
Removing protected file: C:\Programmi\File comuni\System\TjNE.exe
Removing protected file: C:\Programmi\File comuni\System\tPk.exe
Removing protected file: C:\Programmi\File comuni\System\tSi.exe
Removing protected file: C:\Programmi\File comuni\System\TTL.exe
Removing protected file: C:\Programmi\File comuni\System\Ttqdj.exe
Removing protected file: C:\Programmi\File comuni\System\tvKein.exe
Removing protected file: C:\Programmi\File comuni\System\UaG.exe
Removing protected file: C:\Programmi\File comuni\System\uAqRaB.exe
Removing protected file: C:\Programmi\File comuni\System\uEye.exe
Removing protected file: C:\Programmi\File comuni\System\UFA.exe
Removing protected file: C:\Programmi\File comuni\System\ulo.exe
Removing protected file: C:\Programmi\File comuni\System\UoX.exe
Removing protected file: C:\Programmi\File comuni\System\uSx.exe
Removing protected file: C:\Programmi\File comuni\System\vdW.exe
Removing protected file: C:\Programmi\File comuni\System\vfWie.exe
Removing protected file: C:\Programmi\File comuni\System\VLPb.exe
Removing protected file: C:\Programmi\File comuni\System\vZnrTz.exe
Removing protected file: C:\Programmi\File comuni\System\WfA.exe
Removing protected file: C:\Programmi\File comuni\System\WHiCQ.exe
Removing protected file: C:\Programmi\File comuni\System\wiO.exe
Removing protected file: C:\Programmi\File comuni\System\wlQ.exe
Removing protected file: C:\Programmi\File comuni\System\WnpWtx.exe
Removing protected file: C:\Programmi\File comuni\System\WOU.exe
Removing protected file: C:\Programmi\File comuni\System\wrH.exe
Removing protected file: C:\Programmi\File comuni\System\wUHxx.exe
Removing protected file: C:\Programmi\File comuni\System\xBn.exe
Removing protected file: C:\Programmi\File comuni\System\xCGYq.exe
Removing protected file: C:\Programmi\File comuni\System\XfeK.exe
Removing protected file: C:\Programmi\File comuni\System\xhfZvM.exe
Removing protected file: C:\Programmi\File comuni\System\xNFlb.exe
Removing protected file: C:\Programmi\File comuni\System\xPbTA.exe
Removing protected file: C:\Programmi\File comuni\System\XpgJ.exe
Removing protected file: C:\Programmi\File comuni\System\Xpv.exe
Removing protected file: C:\Programmi\File comuni\System\XpxHaX.exe
Removing protected file: C:\Programmi\File comuni\System\XRAAw.exe
Removing protected file: C:\Programmi\File comuni\System\XTK.exe
Removing protected file: C:\Programmi\File comuni\System\XwEW.exe
Removing protected file: C:\Programmi\File comuni\System\Xze.exe
Removing protected file: C:\Programmi\File comuni\System\yBs.exe
Removing protected file: C:\Programmi\File comuni\System\yfqHCm.exe
Removing protected file: C:\Programmi\File comuni\System\yhh.exe
Removing protected file: C:\Programmi\File comuni\System\Ymb.exe
Removing protected file: C:\Programmi\File comuni\System\yPLFX.exe
Removing protected file: C:\Programmi\File comuni\System\ySY.exe
Removing protected file: C:\Programmi\File comuni\System\YTzM.exe
Removing protected file: C:\Programmi\File comuni\System\YZL.exe
Removing protected file: C:\Programmi\File comuni\System\zaG.exe
Removing protected file: C:\Programmi\File comuni\System\zao.exe
Removing protected file: C:\Programmi\File comuni\System\ZAP.exe
Removing protected file: C:\Programmi\File comuni\System\zBc.exe
Removing protected file: C:\Programmi\File comuni\System\zcYwHt.exe
Removing protected file: C:\Programmi\File comuni\System\zdJ.exe
Removing protected file: C:\Programmi\File comuni\System\ZEt.exe
Removing protected file: C:\Programmi\File comuni\System\zgtKkl.exe
Removing protected file: C:\Programmi\File comuni\System\Zhvo.exe
Removing protected file: C:\Programmi\File comuni\System\zKf.exe
Removing protected file: C:\Programmi\File comuni\System\ZmF.exe
Removing protected file: C:\Programmi\File comuni\System\zqPB.exe
Removing protected file: C:\Programmi\File comuni\System\zyr.exe
Removing protected file: C:\Programmi\File comuni\System\zZW.exe


Trojan.Gromozon Removed!



TOOL SYMANTEC

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8
Restored SeDebugPrivilege to Administrators group

registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run: yipw6.exe (value deleted)
C:\WINDOWS\Temp\yipw6.exe: (deleted)

Trojan.Linkoptimizer has been successfully removed from your computer!

Here is the report:

The total number of the scanned files: 59559
The number of deleted threat files: 1
The number of threat processes terminated: 0
The number of threat threads terminated: 0
The number of registry entries fixed: 1

The tool initiated a system reboot.

registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (cleared)



VIRIT MODALITA' PROVVISORIA

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
29/10/2006 - 18:13:14

[SCANSIONE DEL REGISTRO]
{DB893839-10F0-4AF9-92FA-B23528F530AF} Infetto da Trojan.Win32.Dialer.AB
* * * RIMOSSO * * *
{86EEF11E-FF16-48CE-B1A2-474B663041A9} Infetto da Trojan.Win32.Dialer.AK
* * * RIMOSSO * * *
{FFFF0003-0001-101A-A3C9-08002B2F49FB} Infetto da Trojan.Win32.Dialer.AL
* * * RIMOSSO * * *
{FFFF0001-0001-101A-A3C9-08002B2F49FC} Infetto da Trojan.Win32.Dialer.AU
* * * RIMOSSO * * *
{014DA6C9-189F-421a-88CD-07CFE51CFF10} Infetto da BHO.MySearch.C
* * * RIMOSSO * * *
{91433D86-9F27-402C-B5E3-DEBDD122C339} Infetto da Trojan.Win32.Dialer.GF
* * * RIMOSSO * * *
{2ee25147-37d4-4640-832c-fccfac8b21d9} Infetto da BHO.Agent.AR
* * * RIMOSSO * * *
{2a6af021-17a2-4014-8624-cf6015f82fad} Infetto da BHO.Agent.BA
* * * RIMOSSO * * *
{f250d521-225d-4d6b-8829-e064f944e180} Infetto da BHO.Agent.BM
* * * RIMOSSO * * *

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\User\Impostazioni locali\Temp\1.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\10.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\11.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\16.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\17.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\18.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\19.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1A.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1B.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1C.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1D.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1E.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\1F.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\2.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\20.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\21.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\22.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\23.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\3.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\4.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\5.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\6.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\7.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\8.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\9.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\A.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\B.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\C.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\D.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\E.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Impostazioni locali\Temp\F.tmp Infetto da BHO.Agent.BM
* * * RIMOSSO * * *
C:\Documents and Settings\User\Menu Avvio\Programmi\Esecuzione automatica\ms.exe Infetto da Trojan.Win32.Agent.AGQ
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\close.exe Infetto da Trojan.Win32.Small.LD
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\close.exe Infetto da Trojan.Win32.Small.LD
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\Downloaded Program Files\conn.exe Infetto da Trojan.Win32.Dialer.CM
* * * RIMOSSO * * *
C:\WINDOWS\system32\ntsystem.exe Infetto da Trojan.Win32.Small.NF
* * * RIMOSSO * * *
C:\WINDOWS\system32\piaa.dll Infetto da BHO.Agent.BM
* * * RIMOSSO * * *

[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


[F:]


[G:]


Chiavi Registro infette: 9.
Files Infetti: 43.
Files Sospetti: 0.
Files Analizzati: 59355.
Files Totali: 59355.
Chiavi Registro rimosse: 9.
Virus Rimossi: 43.

[SCANSIONE DELLA MEMORIA]
OK



VIRIT MODALITA' NORMALE

29/10/2006 - 18:58:05

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


[F:]


[G:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 59325.
Files Totali: 59325.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.



HIAJCKTHIS

Logfile of HijackThis v1.99.1
Scan saved at 19.26.48, on 29/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\directxs.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomepage.capitan-trash.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 127.0.0.3 http://www.onedayoffer.biz
O1 - Hosts: 127.0.0.3 onedayoffer.biz
O1 - Hosts: 127.0.0.3 callmachine.net
O1 - Hosts: 127.0.0.3 http://www.callmachine.net
O1 - Hosts: 127.0.0.3 reportbucks.com
O1 - Hosts: 127.0.0.3 http://www.reportbucks.com
O1 - Hosts: 127.0.0.3 isuckall.com
O1 - Hosts: 127.0.0.3 http://www.isuckall.com
O1 - Hosts: 127.0.0.3 wbdialer.biz
O1 - Hosts: 127.0.0.3 http://www.wbdialer.biz
O1 - Hosts: 127.0.0.3 alphadialer.com
O1 - Hosts: 127.0.0.3 http://www.alphadialer.com
O1 - Hosts: 127.0.0.3 it.online-more.com
O1 - Hosts: 127.0.0.3 http://www.it.online-more.com
O1 - Hosts: 127.0.0.3 statscash.net
O1 - Hosts: 127.0.0.3 http://www.statscash.net
O1 - Hosts: 127.0.0.3 85.255.113.242
O1 - Hosts: 127.0.0.3 takeyourbucks.com
O1 - Hosts: 127.0.0.3 http://www.takeyourbucks.com
O1 - Hosts: 127.0.0.3 195.225.176.25
O1 - Hosts: 127.0.0.3 iframebiz.biz
O1 - Hosts: 127.0.0.3 iframeurl.biz
O1 - Hosts: 127.0.0.3 iframesite.biz
O1 - Hosts: 127.0.0.3 toolbarbiz.biz
O1 - Hosts: 127.0.0.3 toolbarsite.biz
O1 - Hosts: 127.0.0.3 toolbarurl.biz
O1 - Hosts: 127.0.0.3 toolbartraff.biz
O1 - Hosts: 127.0.0.3 buytoolbar.biz
O1 - Hosts: 127.0.0.3 http://www.iframebiz.biz
O1 - Hosts: 127.0.0.3 http://www.iframeurl.biz
O1 - Hosts: 127.0.0.3 http://www.iframesite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarbiz.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarsite.biz
O1 - Hosts: 127.0.0.3 http://www.toolbarurl.biz
O1 - Hosts: 127.0.0.3 http://www.toolbartraff.biz
O1 - Hosts: 127.0.0.3 http://www.buytoolbar.biz
O1 - Hosts: 127.0.0.3 81.9.5.9
O1 - Hosts: 127.0.0.3 n-glx.s-redirect.com
O1 - Hosts: 127.0.0.3 http://www.sexfiles.nu
O1 - Hosts: 127.0.0.3 awmdabest.com
O1 - Hosts: 127.0.0.3 sexfiles.nu
O1 - Hosts: 127.0.0.3 allforadult.com
O1 - Hosts: 127.0.0.3 http://www.allforadult.com
O1 - Hosts: 127.0.0.3 http://www.iframe.biz
O1 - Hosts: 127.0.0.3 iframe.biz
O1 - Hosts: 127.0.0.3 procounter.biz
O1 - Hosts: 127.0.0.3 http://www.procounter.biz
O1 - Hosts: 127.0.0.3 advadmin.biz
O1 - Hosts: 127.0.0.3 http://www.advadmin.biz
O1 - Hosts: 127.0.0.3 trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.trafficbest.net
O1 - Hosts: 127.0.0.3 http://www.newiframe.biz
O1 - Hosts: 127.0.0.3 newiframe.biz
O1 - Hosts: 127.0.0.3 http://www.vesbiz.biz
O1 - Hosts: 127.0.0.3 vesbiz.biz
O1 - Hosts: 127.0.0.3 http://www.pizdato.biz
O1 - Hosts: 127.0.0.3 pizdato.biz
O1 - Hosts: 127.0.0.3 http://www.aaasexypics.com
O1 - Hosts: 127.0.0.3 aaasexypics.com
O1 - Hosts: 127.0.0.3 http://www.virgin-tgp.net
O1 - Hosts: 127.0.0.3 vparivalka.com
O1 - Hosts: 127.0.0.3 http://www.vparivalka.com
O1 - Hosts: 127.0.0.3 iframeprofit.com
O1 - Hosts: 127.0.0.3 http://www.iframeprofit.com
O1 - Hosts: 127.0.0.3 virgin-tgp.net
O1 - Hosts: 127.0.0.3 http://www.awmcash.biz
O1 - Hosts: 127.0.0.3 awmcash.biz
O1 - Hosts: 127.0.0.3 buldog-stats.com
O1 - Hosts: 127.0.0.3 http://www.buldog-stats.com
O1 - Hosts: 127.0.0.3 fregat.drocherway.com
O1 - Hosts: 127.0.0.3 slutmania.biz
O1 - Hosts: 127.0.0.3 http://www.slutmania.biz
O1 - Hosts: 127.
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {B2A0984D-0D41-6A92-9498-B7863EA90963} - C:\WINDOWS\kvpwi1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe
O4 - HKLM\..\Run: [WIZZ] C:\Programmi\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Programmi\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Winsystem] C:\WINDOWS\system32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [WeatherCast] "C:\Programmi\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINDOWS\system32\WINSYS~1\FREEVI~1.EXE (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Winsystem - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Wintel\VIDEOC~1.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Alice - {6EFEDC69-B67A-49EB-BFB8-F2E702419E5A} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.3
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {37A587FE-1A33-4DAF-AFEB-ED1A1146C44A} - http://uv97vqm3.com/0058674b/55508/1/xp/FreeAccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LogVxn - Unknown owner - C:\Programmi\File comuni\System\fty.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe



Illuminatemi sul da farsi....
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi Luke57 » 30/10/06 18:02

Ciao, apri hiajckthis, browser e applicazioni chiusi, disconnesso da internet, premi "open the misc tools section", "open process manager", ceca e individua i seguenti processi:
C:\WINDOWS\system32\directxs.exe

premi kill process.

Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci (se ci sono tutte):
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://myhomepage.capitan-trash.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://myhomepage.capitan-trash.com/
R3 - Default URLSearchHook is missing
TUTTE LE VOCI 01 TRANNE L'ULTIMA
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Class - {B2A0984D-0D41-6A92-9498-B7863EA90963} - C:\WINDOWS\kvpwi1.dll (file missing)
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe
O4 - HKLM\..\Run: [WIZZ] C:\Programmi\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
TUTTE LE VOCI 015
O20 - AppInit_DLLs:

premi fix checked

Riavvia in modalità provvisoria

Rendi visibili file e cartelle nascosti:
(da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK)

Cerca ed elimina i seguenti file e cartelle:
C:\WINDOWS\system32\directxs.exe
C:\Programmi\SHA256----------->la cartella
C:\Programmi\WIZZ\dazzler.exe
C:\Programmi\E-nrgyPlus------- >la cartella

Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)

sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)

svuota il cestino.

Disistalla Energy-Plus da pannello di controllo, installazioni\applicazioni.

Riavvia il computer in modalità normale, posta nuovo log.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi LEVI » 23/11/06 16:23

Cavolo, è un sacco di tempo che non scrivo più qui a causa di problemi di connessione.

Ecco il nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 15.53.36, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Programmi\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Winsystem] C:\WINDOWS\system32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WeatherCast] "C:\Programmi\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINDOWS\system32\WINSYS~1\FREEVI~1.EXE (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Winsystem - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Wintel\VIDEOC~1.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Alice - {6EFEDC69-B67A-49EB-BFB8-F2E702419E5A} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {37A587FE-1A33-4DAF-AFEB-ED1A1146C44A} - http://uv97vqm3.com/0058674b/55508/1/xp/FreeAccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LogVxn - Unknown owner - C:\Programmi\File comuni\System\fty.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi LEVI » 27/11/06 14:48

Please, help me.... è tutto a posto o devo fare ancora qualcosa?
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi Luke57 » 28/11/06 09:06

Ciao, hai avuto infezioni da linjkoptimizer recentemente?
per ora prova a fare così:
apri hijackthis, premi do a system scan only", cerchi e spunti le seguenti voci:
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [Winsystem] C:\WINDOWS\system32\Winsystem\Freevideo1.EXE -d
O4 - HKLM\..\Run: [DirectXs] C:\WINDOWS\system32\directxs.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S8D.tmp" /EF "HKLM"
O9 - Extra button: Winsystem - {491A5872-C30F-4E54-8FF1-BF31CC73DC4B} - C:\WINDOWS\system32\WINSYS~1\FREEVI~1.EXE (file missing)
O9 - Extra button: Winsystem - {DA002853-42D9-4A47-A236-896D32BB7EC7} - C:\WINDOWS\system32\Wintel\VIDEOC~1.EXE (file missing)
O23 - Service: LogVxn - Unknown owner - C:\Programmi\File comuni\System\fty.exe (file missing)

premi fix checked

Scarica ATF Cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare file temporanei di windows e IE)
Avvia ATF cleaner, clicca sul menu "main" e poi seleziona la casella "Select All". Adesso clicca sul pulsante "Empty selected" e aspetta il messaggio "Done Cleaning!"

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su "visualizza cartelle file nascosti" e togli la spunta da ''nascondi i file protetti di sistema''.

Cerca ed elimina i seguenti file e cartelle:
C:\Programmi\DSB------- > la cartella
C:\WINDOWS\system32\Winsystem------- > la cartella
C:\WINDOWS\system32\directxs.exe

Posta log di hijackthis di controllo
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10
Top

Postdi LEVI » 01/12/06 16:59

Ecco il nuovo log:

Logfile of HijackThis v1.99.1
Scan saved at 16.57.50, on 01/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
D:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
D:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\rundll32.exe
D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Encarta Web Companion - {147D6308-0614-4112-89B1-31402F9B82C4} - C:\Programmi\File comuni\Microsoft Shared\Encarta Web Companion\ENCWCBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Programmi\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [avast!] D:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WeatherCast] "C:\Programmi\WeatherCast\Weather.exe" /q
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [E06IXLRD_6335910] "D:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Alice - {6EFEDC69-B67A-49EB-BFB8-F2E702419E5A} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {37A587FE-1A33-4DAF-AFEB-ED1A1146C44A} - http://uv97vqm3.com/0058674b/55508/1/xp/FreeAccess.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - D:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top

Postdi LEVI » 03/12/06 14:11

Please, help me... :undecided:
LEVI
Utente Junior
 
Post: 36
Iscritto il: 28/10/06 21:41
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "Problema tack.exe e conn.exe":

Problema con programma posta Thunderbird
Autore: aurelio37 		Forum: Software Windows
Risposte: 5
Problema con il mouse
Autore: crisge73 		Forum: Discussioni
Risposte: 9
Problema con apertura MsgBox con duplice condizione
Autore: systemcrack 		Forum: Applicazioni Office Windows
Risposte: 24
Problema convivenza macro
Autore: systemcrack 		Forum: Applicazioni Office Windows
Risposte: 2
Problema Tiktok
Autore: Fra_rey 		Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 43 ospiti