Olimpo Informatico

[miticogio63]

Ciao a tutti.Preciso che sono un po imbranatello al pc,facendo scansione on line con panda è uscito sto ben di dio,come posso pulire il tutto?Aiutatemi.

Incidente Stato Percorso

Strumenti indesiderati:application/funweb Non Disinfettato e:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Strumenti indesiderati:application/mywebsearch Non Disinfettato e:\programmi\MyWebSearch
Dialer:dialer.min Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB893839-10F0-4AF9-92FA-B23528F530AF}
Adware:adware/ist.yoursitebar Non Disinfettato Registro di sistema di Windows
Adware:adware/sgrunt Non Disinfettato Registro di sistema di Windows
Adware:adware/wupd Non Disinfettato Registro di sistema di Windows
Dialer:dialer.py Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}
Dialer:dialer.dk Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2048B51E-8D74-4762-82CE-B48CF545EEEA}
Dialer:dialer.cn Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{511F9316-771B-4953-A268-1C36DA667FE9}
Strumenti indesiderati:application/myway Non Disinfettato HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
Adware:adware/aureate-radiate Non Disinfettato Registro di sistema di Windows
Virus:Trj/Agent.CXY Disinfettato E:\WINDOWS\system32\ndaa.dll

[Smjert]

[miticogio63]

ecco ho fatto tutto come mi hai detto.
Logfile of HijackThis v1.99.1
Scan saved at 21.54.56, on 05/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\QuickTime\qttask.exe
E:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE
E:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
E:\WINDOWS\system32\CTSvcCDA.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O2 - BHO: (no name) - {140604BF-CAA9-00F6-1CAF-7A0A952C2E53} - (no file)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [Disc Detector] E:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [bini1.exe] E:\WINDOWS\TEMP\bini1.exe
O4 - HKLM\..\Run: [CreativeMixer] E:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - HKCU\..\Run: [Pony Express] PonyExpress.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia a &Bluetooth - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giohouseline.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B43C5E22-B1EF-43F9-9575-D4F769FEFC85}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\system32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - E:\Programmi\iPod\bin\iPodService.exe

[Smjert]

Hai proprio il LinkOptimzer

Avvia di nuovo HijackThis premi Do a system scan only, spunta queste voci e poi premi FixChecked (non spuntare le voci in rosso se usi WinMx):

[miticogio63]

Smjert aiutami su quei siti non so ke scaricare

[Smjert]

Come mi hai fatto notare nel pm non sapevi cosa scaricare da quei siti... e hai ragione!! i file non sono più presenti!
Allora il tool Prevx lo puoi prendere direttamente dal suo creatore (ho visto che hanno rinominato il file.exe per evitare di essere bloccato dal L.O.)
Per il tool Symantec invece conviene che tu lo prenda qua http://www.mytempdir.com/1100940 (l'ho riscaricato, ricamuffato e uploadato).

Edit: Cosa molto interessante è che tutte le volte che si aggiorna la pagina del sito Prevx il nome dell'eseguibile cambia! (molto bene! si sono fatti furbi ).

[miticogio63]

spero tu ci sia ancora.ecco il risultato di gromozon:
Removal tool loaded into memory
------------------------------------
Executing rootkit removal engine....
------------------------------------
Disabling rootkit file:
Resetting file permissions...
Clearing attributes...
Impossibile trovare il file - E:\_cleaned.tmp
Removing file...
Rootkit removed! Cleaning up...

Removing temp files...
Scanning: E:\WINDOWS
Scanning: E:\Programmi\File comuni
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Abu.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\AFf.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\AKm.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\AQmRoe.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\aQN.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\auA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\bNDyM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Bpqn.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\bWpGra.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\cgPgT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ChL.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\coGWhk.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\csWz.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\cXjSe.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\DddmrM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\DGgOHx.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\djG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\dOqW.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Drj.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\DtSWF.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\dxH.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\dzM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Eaw.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ekq.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\FHfq.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\fKaqOS.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\fSCUT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Fsu.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\FuZAy.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Fxf.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\FXu.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\GRLmbM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\GRT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\GUT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\gvrGcf.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\hDZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\hIA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\hjc.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\hUw.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\huzK.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\hwUb.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\IcY.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\IGm.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\iIR.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\iML.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\IMp.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\IvBqcU.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\iwk.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\JIK.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\jJa.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Jnass.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Joq.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\jrLxe.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\JTL.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\KauItQ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\kCm.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\KgnHLr.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\KJzr.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\lmj.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\mCe.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\mDp.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\MhG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\MQI.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\mtP.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\MtRT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\mWC.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\NaX.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\nsn.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ntp.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\OGT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ORTHTi.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\OSeveT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\oSJ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Otm.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\OUu.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ovx.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\peKG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\PGe.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\pUQMfM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\PvS.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\pYbBF.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Qak.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qand.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qdZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\QeFrl.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qHy.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qRO.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\QrrNA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qWQ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\qxoAPZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\QZr.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\RYG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\SaM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\sEz.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\SLb.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\sLU.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\sPT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\TBawpB.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\tCwI.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\tfb.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\tIL.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\tjw.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ucXSTs.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\uef.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\uexKId.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\UGT.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\UIDZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Ulc.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\uUO.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\UzZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\vHC.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\vhf.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\VPs.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\VqNa.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\vry.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\VuFgM.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\VYgjq.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WahmS.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wdBi.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wdvQw.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WGdnQU.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wKB.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WPYal.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wTk.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WWA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WYjuG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Wzc.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wZha.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\WZLpA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\wZZ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\XBx.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\Xcq.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\xDeBB.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\xFRsJ.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\XSp.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\XvA.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\XWR.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\yAU.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\yec.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\YFu.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\yOHf.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ySfrCB.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\YuPG.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\yZb.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zbb.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zHE.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ZhP.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zHx.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zrlDW.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zsl.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ZvC.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\zWR.exe
Removing protected file: E:\Programmi\File comuni\Microsoft Shared\ZZDl.exe


Trojan.Gromozon Removed!

[Smjert]

Eccomi qua!

Non hai seguito tutte le mie indicazioni però!
Devi ancora far girare il tool Symantec e postare un nuovo log di HijackThis (forse per colpa dell'ora non hai potuto continuare a fare le scansioni.. però piuttosto postami tutto in una volta quando hai completato le operazioni da fare).

[miticogio63]

Ciao ...ieri ho fatto girare il tool symantec come mi avevi detto tu,ora dovrei mandarti il resoconto di HijackThis?

[miticogio63]

questo è quello di HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 20.31.54, on 06/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
E:\WINDOWS\system32\CTSvcCDA.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\QuickTime\qttask.exe
E:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE
E:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
E:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.1 winmx.com
O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com
O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com
O1 - Hosts: 209.67.209.50 test3202.winmx.com test3206.winmx.com
O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com
O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com
O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com
O4 - HKLM\..\Run: [Disc Detector] E:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CreativeMixer] E:\Programmi\Creative\Audio2K\PROGRAM\CTMIX32.EXE /t
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Invia a &Bluetooth - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitialSetup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://giohouseline.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B43C5E22-B1EF-43F9-9575-D4F769FEFC85}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: vskype - (no CLSID) - (no file)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - E:\WINDOWS\system32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - E:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - E:\Programmi\iPod\bin\iPodService.exe

[Smjert]

Manca il resoconto del tool Symantec....

[miticogio63]

il fatto è ke quando ho fatto quello di symantec non mi ha rilasciato nulla da poterti far leggere.

[Smjert]

Alla fine della scansione il tool crea un file (chiamato FixLinkOpt.log) nella stessa posizione dell'eseguibile del tool.. cerca con la ricerca di Windows se non lo trovi!

[miticogio63]

Ciao Smjert non so quando mi leggerai.Non ho trovato da nessuna parte quello che avrei dovuto mandarti,ho fatto tutte le ricerche possibili e spulciato anche manualmente ovunque,non so forse dovrei ripetrelo symantec.Cmq devo dire che facendo quello che mi avevi detto di fare il mio pc è migliorato molto,prima mi usciva sempre memoria virtuale insufficiente almeno adesso non esce più.