Accedi per seguire   
Seguaci 0
art69

Pop Up

10 messaggi in questa discussione

Dopo avere riinstallato WXP + SP2 da 3 mesi, mi trovo con un problemino fastidioso.

(anzi due, visto che continuo a ricevere tonnellate di schifezze nelle email, ma vediamo prima se mi levo il primo problema).

Nonostante AVG aggiornato, nonostante controlli spesso con Ad-Aware e SpyBot (ma non ho aggiornato Zone Alarm perche ultimamente mi aveva fatto le bizze), continua ogni spesso ad aprirmi una finestrina popup con su scritto "cerchi forum? guarda su xxx.com".... o a volte mi si sdoppia la finestra corrente di IE in due e mi passano scritte scorrevoli in basso dello stesso tenore....

Questo e' il report di HiJack This.... qualche anima pia mi dice la quantita' di schifezze che ho raccolto?

"Logfile of HijackThis v1.99.1

Scan saved at 15.33.41, on 03/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

F:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe

F:\WINDOWS\system32\ZONELABS\vsmon.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

F:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

F:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe

F:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

F:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

F:\WINDOWS\system32\rundll32.exe

F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

F:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\Messenger\msmsgs.exe

F:\Programmi\eMule\emule.exe

F:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe

F:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

F:\Programmi\File comuni\Teleca Shared\Generic.exe

F:\Programmi\Sony Ericsson\Mobile Phone Monitor\epmworker.exe

F:\Programmi\Internet Explorer\iexplore.exe

F:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - F:\Programmi\LinkOptimizer\LinkOptimizer.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CXMon] "F:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] F:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [AudioHQ] F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [Creative Launcher] F:\Programmi\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [RemoteControl] F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [AdobeVersionCue] F:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] F:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "F:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [ucmc1.exe] F:\WINDOWS\TEMP\ucmc1.exe

O4 - HKLM\..\Run: [Zone Labs Client] F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe"

/startoptions

O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\emule.exe -AutoStart

O4 - Startup: HDDlife.lnk = F:\Programmi\BinarySense\HDDlife\HDDlife.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF7D6FB-EB08-46CD-8D23-39155298AF02}: NameServer = 193.70.152.15 193.70.152.25

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: dEmF - Unknown owner - \\?\F:\Programmi\prn.exe (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Programmi\File

comuni\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File

comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - F:\Programmi\File comuni\Roxio

Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - F:\Programmi\File comuni\Roxio

Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - F:\Programmi\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - F:\Programmi\File comuni\Roxio

Shared\SharedCOM8\RoxWatch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZONELABS\vsmon.exe"

Grazie.... :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao e ben arrivato sul forum art69

allora sei infetto da link optimizer un trojan di ultima generazione

Scarica ed esegui questo tools:

http://www.wininizio.it/forum/index.php?s=...st&p=255686

AVG versione free non ha il controllo euristico (riconoscimento dei file sconosciuti), pertanto in suo aiuto, mettici anche questo:

http://www.kuma215.it/Guide%20K&J/K/Bi...tdefender8.html

Un altro consiglio....

comincia ad usare un browser più sicuro per navigare ... IE è una falla unica... usa Firefox oppure Opera

Nuovo log aggiornato al termine....

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

PrevX Removal tool adoperato, trojan link optimizer / gromozon (o come si chiamava) rimosso.

Il nuovo report di HiJack This è questo:

Logfile of HijackThis v1.99.1

Scan saved at 20.49.41, on 04/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

F:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe

F:\WINDOWS\system32\ZONELABS\vsmon.exe

F:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

F:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\WINDOWS\Explorer.EXE

F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

F:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe

F:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

F:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

F:\WINDOWS\system32\rundll32.exe

F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

F:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

F:\Programmi\Softwin\BitDefender8\bdmcon.exe

F:\Programmi\Softwin\BitDefender8\bdnagent.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\Messenger\msmsgs.exe

F:\Programmi\eMule\emule.exe

F:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

F:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe

F:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

F:\Programmi\File comuni\Teleca Shared\Generic.exe

F:\Programmi\Sony Ericsson\Mobile Phone Monitor\epmworker.exe

F:\Programmi\Softwin\BitDefender8\bdlite.exe

F:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Class - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - F:\Programmi\LinkOptimizer\LinkOptimizer.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CXMon] "F:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] F:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [AudioHQ] F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [Creative Launcher] F:\Programmi\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [RemoteControl] F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [AdobeVersionCue] F:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] F:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "F:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [ucmc1.exe] F:\WINDOWS\TEMP\ucmc1.exe

O4 - HKLM\..\Run: [Zone Labs Client] F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bDMCon] "F:\Programmi\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "F:\Programmi\Softwin\BitDefender8\bdnagent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\emule.exe -AutoStart

O4 - Startup: HDDlife.lnk = F:\Programmi\BinarySense\HDDlife\HDDlife.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF7D6FB-EB08-46CD-8D23-39155298AF02}: NameServer = 193.70.152.15 193.70.152.25

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: dEmF - Unknown owner - \\?\F:\Programmi\prn.exe (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - F:\Programmi\File comuni\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - F:\Programmi\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZONELABS\vsmon.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Mi fate sapere se ci sono altre schifezze?

Per I.E. purtroppo qualche rarissima volta mia sorella oltre alla sua partizione ME mi usa pure XP quindi anche se usassi io un'altro browser, il rischio rimarrebbe.

P.S. Scansione con Bit Defender in corso, poi vi posto anche quel che ha trovato.....

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Con Hijack fissa queste voci:

O2 - BHO: Class - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - F:\Programmi\LinkOptimizer\LinkOptimizer.dll

O4 - HKLM\..\Run: [ucmc1.exe] F:\WINDOWS\TEMP\ucmc1.exe

O23 - Service: dEmF - Unknown owner - \\?\F:\Programmi\prn.exe (file missing)

-----------------

Scarica MyUninstaller da qui:

http://www.nirsoft.net/utils/myuninst.html

Apri il programma , evidenzi Linkoptimizer, click con il dx e scegli Delected;

Poi da

Start\esegui digita control userpasswords2 OK

Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete Administrators e Utente, Aspnet), tipo XYZFG. (lettere casuali, senza senso)

cliccaci sopra con il tasto destro e scegli elimina

Assicurati che l'opzione "Visualizza cartelle e file nascosti" sia attivata.

(Pannello di controllo > Opzioni Cartella > Visualizzazione)

Togli anche la spunta da "nascondi file protetti di sistema

Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, (quella con le lettere casuali) elimina anch'essa ( se il tool te l'ha rimossa)

Esegui nuovamente il tool di rimozione , posta qui il rapporto e anche un Log di Hijack aggiornato

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Intervento rimandato a stasera causa Italia-Francia ieri sera in TV.... :sick:

Fatto tutto quanto indicato da Kuma.

Questo è il nuovo report del tool di rimozione di Gromozon:

"Launching Scan

Removing rootkit file...

Gromozon rootkit not found - scanning for other components...

Scanning Windows Directory, this may take a few minutes...

Searching for EFS service files...

Trojan.Gromozon Removed!

Scan finished normally"

e questo il nuovo report di HiJackThis:

"Logfile of HijackThis v1.99.1

Scan saved at 21.54.37, on 07/09/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

F:\WINDOWS\System32\smss.exe

F:\WINDOWS\system32\winlogon.exe

F:\WINDOWS\system32\services.exe

F:\WINDOWS\system32\lsass.exe

F:\WINDOWS\System32\Ati2evxx.exe

F:\WINDOWS\system32\svchost.exe

F:\WINDOWS\System32\svchost.exe

F:\WINDOWS\system32\spoolsv.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

F:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxMediaDB.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatch.exe

F:\WINDOWS\system32\ZONELABS\vsmon.exe

F:\WINDOWS\system32\Ati2evxx.exe

F:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

F:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe

F:\WINDOWS\Explorer.EXE

F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe

F:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe

F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe

F:\Programmi\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\RoxWatchTray.exe

F:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

F:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

F:\WINDOWS\system32\rundll32.exe

F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

F:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

F:\Programmi\Softwin\BitDefender8\bdmcon.exe

F:\Programmi\Softwin\BitDefender8\bdnagent.exe

F:\WINDOWS\system32\ctfmon.exe

F:\Programmi\Messenger\msmsgs.exe

F:\Programmi\eMule\emule.exe

F:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.exe

F:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe

F:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe

F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe

F:\Programmi\File comuni\Roxio Shared\SharedCOM8\CPSHelpRunner.exe

F:\WINDOWS\system32\notepad.exe

F:\Programmi\File comuni\Teleca Shared\Generic.exe

F:\Programmi\Sony Ericsson\Mobile Phone Monitor\epmworker.exe

F:\Programmi\Outlook Express\msimn.exe

F:\Programmi\Microsoft Office\Office10\WINWORD.EXE

F:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

F:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - (no file)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Programmi\Spybot - Search

& Destroy\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} -

F:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -

F:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [ATIPTA] "F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"

O4 - HKLM\..\Run: [CXMon] "F:\Programmi\Hewlett-Packard\PhotoSmart\Photo

Imaging\Hpi_Monitor.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] F:\Programmi\Hewlett-Packard\PhotoSmart\HP

Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [AudioHQ] F:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE

O4 - HKLM\..\Run: [Creative Launcher] F:\Programmi\Creative\Launcher\CTLauncher.exe

O4 - HKLM\..\Run: [EM_EXEC] F:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [RemoteControl] F:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AVG7_CC] F:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP

O4 - HKLM\..\Run: [RoxioDragToDisc] "F:\Programmi\Roxio\Easy Media Creator 8\Drag to

Disc\DrgToDsc.exe"

O4 - HKLM\..\Run: [RoxWatchTray] "F:\Programmi\File comuni\Roxio

Shared\SharedCOM8\RoxWatchTray.exe"

O4 - HKLM\..\Run: [AdobeVersionCue] F:\Programmi\Adobe\Adobe Version

Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [iSUSPM Startup] F:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

-startup

O4 - HKLM\..\Run: [iSUSScheduler] "F:\Programmi\File

comuni\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [AME_CSA] rundll32 amecsa.cpl,RUN_DLL

O4 - HKLM\..\Run: [Zone Labs Client] F:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKLM\..\Run: [sony Ericsson PC Suite] "F:\Programmi\Sony Ericsson\Mobile2\Application

Launcher\Application Launcher.exe" /startoptions

O4 - HKLM\..\Run: [bDMCon] "F:\Programmi\Softwin\BitDefender8\bdmcon.exe"

O4 - HKLM\..\Run: [bDNewsAgent] "F:\Programmi\Softwin\BitDefender8\bdnagent.exe"

O4 - HKCU\..\Run: [MsnMsgr] "F:\Programmi\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [eMuleAutoStart] F:\Programmi\eMule\emule.exe -AutoStart

O4 - Startup: HDDlife.lnk = F:\Programmi\BinarySense\HDDlife\HDDlife.exe

O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk =

F:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE

O4 - Global Startup: Microsoft Office.lnk = F:\Programmi\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Adobe Gamma Loader.lnk = F:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Acrobat Assistant.lnk = F:\Programmi\Adobe\Acrobat

6.0\Distillr\acrotray.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = F:\Programmi\Adobe\Acrobat

7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth Manager.lnk = ?

O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

F:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

F:\Programmi\Messenger\msmsgs.exe

O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe

O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -

F:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe

O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -

F:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. -

F:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - F:\Programmi\File

comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION -

F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -

F:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - F:\Programmi\File

comuni\Roxio Shared\SharedCOM8\RoxLiveShare.exe

O23 - Service: RoxMediaDB - Sonic Solutions - F:\Programmi\File comuni\Roxio

Shared\SharedCOM8\RoxMediaDB.exe

O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - F:\Programmi\File

comuni\Roxio Shared\SharedCom\RoxUpnpRenderer.exe

O23 - Service: RoxUpnpServer - Sonic Solutions - F:\Programmi\Roxio\Easy Media Creator

8\Digital Home\RoxUpnpServer.exe

O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - F:\Programmi\File

comuni\Roxio Shared\SharedCOM8\RoxWatch.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -

F:\WINDOWS\system32\ZONELABS\vsmon.exe

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - F:\Programmi\File

comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)"

Come sono messo adesso? :leggi:

Modificato da art69

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Appaiono ancora i popup ????

Fissa nuovamente questa voce:

O2 - BHO: (no name) - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - (no file)

Per il resto il log è a posto :up1:

Potrebbero essere rimasti dei frammenti dell'infezione (che comunque non dovrebbero nuocere)

Solo se il problema NON ti sembra risolto, procediamo con l'eventuale rimozione

Dai comunque una ripulita al sistema

# dal pannello di controllo, clicca su Java -> elimina file

poi usa Ccleaner (pulizia file inutili)

ma prima di effettuare la pulizia, vai in Opzioni\Avanzate e togli la spunta a :

capt0013pz.jpg

(in seguito... Ccleaner usalo una volta al mese... se lo usi più spesso NON svuotare la cartella prefetch... se svuoti questa cartella troppo spesso potresti rallentare il sistema)

Pulisci il registro con Eusing Free Registry Cleaner 1.0 (Pulizia del Registro)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

I popup sono spariti ma quella voce non me la toglie.......

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Se il problema è risolto direi che possiamo ignorarla.... :)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti
I popup sono spariti ma quella voce non me la toglie.......

Ciao, prova così:

selezioni e copi:

2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA

Poi :

start>esegui>regedt32>OK ( entrare nel registro con regedt32)

Nell'Editor del registro clcik su Modifica>Trova, nella finestra che si apre incolli nello spazio (Ctrl+V)

2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA

poi OK.

Trovato il CLSID click con il dx su di essa, nel menu contestuale scegliere Autorizzazioni, sulla finestra che si apre premere Avanzate, andare su Proprietario e impostare la proprietà all'utente del computer>OK. Tornare alla pagina precedente e consentire il controllo completo spuntando le relative caselle>OK. A questo punto prova ad eliminare la voce.

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora
Accedi per seguire   
Seguaci 0