<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Ciao ,
nel tuo log c'è la presenza evidente del rootkit linkoptimizer , piu delle entrate maligne nella trusted zone ... fai cosi :
- Scarica ed installa questo
<b><u>script</u></b> (---) <i>tasto destro sul link e salvalo sul desktop</i> -> Ora tasto destro sul file <b>.inf</b> e seleziona installa
Scarica ed esegui uno scan con l'ultimo tools della lista ->
http://steven.altervista.org/files/antirootkit.html(con tutti i programmi chiusi e disconnesso completamente da internet )
Alla fine posta sia il log del tool e sia quello aggiornato di hijackthis
PS__se hai una connessione ADSL ,disabilita completamente il modem analogico
Edited by - steven75 on 09/06/2006 23:48:11
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>
Ciao
Ti descrivo le attività effettuate:
1)ho eseguito una prima volta il Tool removal (ti allego il Log)
2)ho aggiornato Avast (ver 4.7)perchè l'aggiornamento era settato manuale
3)ho eseguito la scansione e avast ha intercettato 10 file infetti che ho messo nel cestino dell' antivirus
4)ho eseguito una seconda volta il Tool removal (ti allego il Log)
5)ho eseguito Hijacktis (ti allego il Log)
Per terminare vorrei farti queste domande:
a)sono pulito ? se no, cosa devo fare?
b)i file presenti nel cestino di Avast li devo eliminare?
c)nella cartella TEMP trovo dei file (pxr3.tmp - pxr4.tmp - pxr5.tmp....)che non riesco a cancellare, i caratteri dei nomi sono verdi, cosa mi puoi dire?
p.s. non ho connessioni ADSL
grazie mille per la collaborazione
ciao
prima scansione
Removal tool loaded into memory
Executing rootkit removal engine....
Disabling rootkit file: C:\WINDOWS:wmsysprk.prx
Resetting file permissions...
Scanning: C:\WINDOWS
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\10.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\11.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\13.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\16.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\17.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\19.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\1B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\1D.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\1E.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\2B.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\3A.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\4.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\5.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\6.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\7.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\8.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\E.tmp
Removed!
Gromozon-Related Malicious Code Detected!
FileName: C:\WINDOWS\tldwm1.dll
Removed!
Scanning: C:\Programmi\File comuni
Removing protected file: C:\Programmi\File comuni\System\aOT.exe
Removing protected file: C:\Programmi\File comuni\System\aXo.exe
Removing protected file: C:\Programmi\File comuni\System\mnLq.exe
Removing protected file: C:\Programmi\File comuni\System\nhH.exe
Removing protected file: C:\Programmi\File comuni\System\ppT.exe
Removing protected file: C:\Programmi\File comuni\System\wYb.exe
Trojan.Gromozon Removed!
seconda scansione
Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programmi\File comuni
Trojan.Gromozon does not exist - your system is clean.
ultima scansione di Hijackitis
Logfile of HijackThis v1.99.1
Scan saved at 21.42.18, on 11/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\Logi_MwX.Exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Documents and Settings\admin\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {257F3EBD-D54D-2A50-2953-3D5627B3AC7D} - C:\WINDOWS\tldwm1.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB002" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [TrustInstaller] "D:\Setup.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
<u></u><b></b>