Condividi:        

Ciao Luke, ho fatto come hai suggerito prima delle vacanze;

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Ciao Luke, ho fatto come hai suggerito prima delle vacanze;

Postdi monclar » 08/01/07 10:10

Ecco qui i report:

IL PRIMO:

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINNT
Scanning: C:\Programmi\File comuni
Gromozon-Related Malicious Code Detected!
FileName: C:\WINNT\system32\eyaa.dll
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\\m
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\\10B.tmp
Removed!

Trojan.Gromozon Removed!

E IL SECONDO:

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

C:\WINNT\syst32.dll: (deleted)
C:\WINNT\99190126191.exe: (deleted)
C:\.$$$: (deleted)

E ADESSO? (Il fetentone torna sempre!)
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Sponsor
 

Postdi Luke57 » 08/01/07 10:35

Ciao, scarica Systemscan --> http://www.suspectfile.com/forum/viewtopic.php?t=466
(utility per analizzare il computer, comunque nel link è spiegato che cosa fa)
lo scarichi, lo estrai, lo avvii mettendo la spunta a tutte le voci (ci vorranno diversi minuti)e poi alleghi il relativo log (viene salvato con il nome di report.txt nella cartella c:/suspectfile), in quanto molto lungo, su
http://www.mytempdir.com
(con Sfoglia, individui il file del report, premi poi Host it, una volta caricato appare il link dove visualizzare il file).
Copia e incolla il link in un post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

ok, grazie. Faccio subito

Postdi monclar » 08/01/07 11:20

Grazie mille!
Sto già scaricando (mamma mia che lento il download!!)
Appena finisco ti posto i report.

P.S.: Buon anno 2007 :-)
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 08/01/07 12:23

ecco il link:

http://www.mytempdir.com/1155262

attendo.
ciao
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 08/01/07 13:20

Ciao, qui:
http://www.mytempdir.com/1155357
trovi le istruzioni.
Posta il report di Avenger

P.S. Non aprire un'altra discussione, continua in questa premendo Rispondi.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi monclar » 08/01/07 14:26

Ciao
ecco il report di avenger (almeno penso sia questo)

attendo conferma.

P.S.: non aprirò altre discussioni...pardon!
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 08/01/07 14:28

ho dimenticato a postare...eccolo qua:


//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: Registry keys to dolete:


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\System\CurrentControlSet\Services\ LogQpx
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 08/01/07 14:37

Al riavvio del pc il problema originario è sempre presente.
Prima, durante la scansione, Avenger mi ha dato qualche messaggio di errore, è normale?
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 08/01/07 14:45

ecco il report completo; mi sono accorto che è sul file C:Avenge.txt

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: Registry keys to dolete:


Syntax error in line --- no registry value to delete found. Line will be ignored.
Error code: 1813
Line: HKLM\System\CurrentControlSet\Services\ LogQpx


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\aaquiojq

*******************

Script file located at: \??\C:\Program Files\hiunflio.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Programmi\File comuni\Microsoft Shared\lDf.exe not found!
Deletion of file C:\Programmi\File comuni\Microsoft Shared\lDf.exe failed!

Could not process line:
C:\Programmi\File comuni\Microsoft Shared\lDf.exe
Status: 0xc0000034



File C:\Programmi\File comuni\Microsoft Shared\AYE.exe not found!
Deletion of file C:\Programmi\File comuni\Microsoft Shared\AYE.exe failed!

Could not process line:
C:\Programmi\File comuni\Microsoft Shared\AYE.exe
Status: 0xc0000034

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR10.tmp failed!
Status: 0xc000014f
Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR11.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR12.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR13.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR14.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR15.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR16.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR17.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR18.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR19.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR1F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR20.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR21.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR22.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR23.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR24.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR25.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR26.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR27.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR28.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR29.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR2F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR30.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR31.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR32.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR33.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR34.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR35.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR36.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR37.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR38.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR39.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR3F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR40.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR41.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR42.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR43.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR44.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR45.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR46.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR47.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR48.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR49.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR4F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR50.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR51.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR52.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR53.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR54.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR55.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR56.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR57.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR58.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR59.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR5F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR60.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR61.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR62.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR63.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR64.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR65.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR66.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR67.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR68.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR69.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR6F.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR70.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR71.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR72.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR73.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR74.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR75.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR76.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR77.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR78.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR79.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7A.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7B.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7C.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7D.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR7E.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR8.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXR9.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRA.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRB.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRC.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRD.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRE.tmp failed!
Status: 0xc000014f

Deletion of file C:\Documents and Settings\giuliano\Impostazioni locali\Temp\PXRF.tmp failed!
Status: 0xc000014f

Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.


Could not delete registry value HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList|YpSUkHpEycr
Deletion of registry value HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\SpecialAccounts\UserList|YpSUkHpEycr failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


P.S.: MA CHI E' STO GIULIANO???
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 08/01/07 15:13

Ho letto altri post simili ai miei e spero di farti cosa gradita anicipando il mio nuovo Log.

Logfile of HijackThis v1.99.1
Scan saved at 15.10.10, on 08/01/2007
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Programmi\NavNT\defwatch.exe
C:\WINNT\system32\cba\pds.exe
C:\Programmi\NavNT\rtvscan.exe
C:\WINNT\System32\QCONSVC.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\System32\tp4serv.exe
C:\WINNT\System32\atiptaxx.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\System32\PRPCUI.exe
C:\WINNT\System32\RunDll32.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
C:\Programmi\NavNT\vptray.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\loadqm.exe
C:\WINNT\System32\internat.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = sirio.llpp.it:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\PROGRA~1\ThinkPad\CONNEC~1\Qctray.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [CSScheduleCheck] C:\CFGSAFE\SCHWIZEX.EXE -CHECK
O4 - HKLM\..\Run: [vptray] C:\Programmi\NavNT\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [PrevxOne] "C:\Programmi\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SessoXXX] C:\Documents and Settings\Administrator\Dati applicazioni\SessoXXX[1].exe t
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Programmi\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Programmi\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Programmi\AutoCAD 2002\InstFred.ocx
O16 - DPF: {E6A3C1E2-F792-483E-9133-596215172BE9} (AcceptLang Class) - http://runonce.msn.com/setacceptlang.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Programmi\AutoCAD 2002\AcPreview.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Programmi\NavNT\defwatch.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\System32\ibmpmsvc.exe
O23 - Service: Intel File Transfer - Intel Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: Norton AntiVirus Server - Symantec Corporation - C:\Programmi\NavNT\rtvscan.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Programmi\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: QCONSVC - Unknown owner - C:\WINNT\System32\QCONSVC.EXE

COME VEDI STO "SESSOXXX" PERSISTE.

SCUSA PER I TROPPI POST CONTINUI
CIAO
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi Luke57 » 08/01/07 16:48

Ciao, scusami per il mistero di Giuliano, ti ho linkato il report di un'altra persona, il bello è che l'ho anche ristudiato :oops: , fosse semplice e breve ;)
Apri hijackthis, premi " do a system scan only", cerca e spunta:
O4 - HKCU\..\Run: [SessoXXX] C:\Documents and Settings\Administrator\Dati applicazioni\SessoXXX[1].exe t
premi fix checked.

Con Avenger inserisci questo script:

Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs


registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC}


Files to delete:
C:\Documents and Settings\Administrator\Dati applicazioni\SessoXXX[1].exe
C:\WINNT\4NG7G8UR.EXE
C:\WINNT\J58MWNV7.EXE
C:\WINNT\B0GO10OE.EXE
C:\WINNT\8TM1EISK.EXE
C:\WINNT\7I1JEV97.EXE
C:\WINNT\FD2HPTLS.EXE
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi monclar » 09/01/07 00:35

ok, grazie.
Lo farò domattina e ti faccio sapere
buonanotteeee
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo

Postdi monclar » 09/01/07 08:36

Fatto!!! Sembra essere risolto...grazie Luke
Siete insostituibili !!!

Il nuovo report di avenger, nel caso dovesse servire:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\kkualcfh

*******************

Script file located at: \??\C:\WINNT\ppyctuim.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Administrator\Dati applicazioni\SessoXXX[1].exe deleted successfully.
File C:\WINNT\4NG7G8UR.EXE deleted successfully.
File C:\WINNT\J58MWNV7.EXE deleted successfully.
File C:\WINNT\B0GO10OE.EXE deleted successfully.
File C:\WINNT\8TM1EISK.EXE deleted successfully.
File C:\WINNT\7I1JEV97.EXE deleted successfully.
File C:\WINNT\FD2HPTLS.EXE deleted successfully.
Registry value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs replaced with dummy successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA39029C-D291-A968-3FF4-D0990D5CB5FC} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Ancora grazie, vi farò tanta pubblicictà!!
BUON ANNOOOOO
monclar
Utente Junior
 
Post: 49
Iscritto il: 02/03/06 12:45
Località: palermo


Torna a Sicurezza e Privacy


Topic correlati a "Ciao Luke, ho fatto come hai suggerito prima delle vacanze;":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti

cron