Ciao a tutti.
Sono nuovo nel forum.
Mi sono iscritto dopo aver notato che altri hanno avuto il problema che ora ho io e sono riusciti a risolverlo.
Infatti, purtroppo, ho contratto anch'io un malware che che genera la solita "Internet connection" parassita.
Vorrei dunque chiedere gentilmente un aiuto per eliminare questo dialer.
Vi ringrazio.
ciao.
facciamo questi controlli:
scarica HijackThis
salvalo in una cartella tutta per lui in C: (o nella partizione dove è installato Windows) ad esempio C:\Hijackthis\. (Questo passaggio è importante perchè il software crea una cartella di backup, delle modifiche da noi apportate al sistema, che potrebbe essere cancellata se si trova tra i file temporanei.)
Avvia hijackthis
clicca su Do a system scan and save a log file
il tool farà uno scan veloce e alla fine apre il blocco note con dentro il tuo log
copia tutto il suo contenuto e incollalo nel tuo post di risposta
scarica FindAWF e salvalo sul desktop
avvialo, seleziona 1 + Invio e aspetta il termine della scansione
alla fine copia il contenuto del blocco note e postalo qui.
Ti ringrazio per l'attenzione!
*** Log di Hijackthis ***
Logfile of HijackThis v1.99.1
Scan saved at 23.59.30, on 22/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\Compaq\EAB\EABSERVR.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Winamp\winamp.exe
c:\programmi\internet explorer\iexplore.exe
C:\Programmi\PC-Linq\MDI.EXE
D:\Setups\hijackthis_199\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [USBTA] C:\WINDOWS\system32\usbtapnp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.e xe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\Compaq\EAB\EABSERVR.EXE /Start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\Programmi\MatlabR13-6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Servizio di framework di McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
*** Log di AWF ***
Find AWF report by noahdfear ©2006
Version 1.40
bak folders found
~~~~~~~~~~~
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\WINDOWS\SYSTEM32\BAK
16/10/2000 20.37 32.768 rmctrl.exe
10/01/2001 00.14 126.976 usbtapnp.exe
2 File 159.744 byte
2 Directory 22.043.885.568 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK
07/06/2005 21.05 344.064 atiptaxx.exe
1 File 344.064 byte
2 Directory 22.043.885.568 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\LOGITECH\QUICKC~1\BAK
26/06/2006 10.34 614.960 QuickCam10.exe
1 File 614.960 byte
2 Directory 22.043.881.472 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\NETWOR~1\COMMON~1\BAK
06/08/2004 03.50 139.320 UpdaterUI.exe
1 File 139.320 byte
2 Directory 22.043.881.472 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\NETWOR~1\VIRUSS~1\BAK
0 File 0 byte
2 Directory 22.043.881.472 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\FILECO~1\LOGITECH\LCOMMGR\BAK
26/06/2006 09.46 497.200 Communications_Helper.exe
26/06/2006 10.33 243.248 LVComSX.exe
2 File 740.448 byte
2 Directory 22.043.881.472 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\FILECO~1\NETWOR~1\TALKBACK\BAK
07/10/2003 09.48 147.514 TBMon.exe
1 File 147.514 byte
2 Directory 22.043.881.472 byte disponibili
Il volume nell'unit… C Š Programmi
Numero di serie del volume: 1C53-9A70
Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK
07/07/2005 18.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 22.043.881.472 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
24080 20 Jul 2007 "C:\WINDOWS\system32\rmctrl.exe"
32768 16 Oct 2000 "C:\WINDOWS\system32\bak\rmctrl.exe"
126976 26 Oct 2000 "C:\Programmi\Marvian ISDN Tools\usbtapnp.EXE"
24080 20 Jul 2007 "C:\WINDOWS\system32\usbtapnp.exe"
126976 10 Jan 2001 "C:\WINDOWS\Temp\usbtapnp.exe"
126976 10 Jan 2001 "C:\WINDOWS\system32\bak\usbtapnp.exe"
126976 10 Jan 2001 "D:\Setups\MavianTargetWorld1000Pro\driverwin2000_ XP\USBTAPNP.EXE"
24080 20 Jul 2007 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
344064 7 Jun 2005 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
24080 20 Jul 2007 "C:\Programmi\Logitech\QuickCam10\QuickCam10.e xe"
614960 26 Jun 2006 "C:\Programmi\Logitech\QuickCam10\bak\QuickCam10.e xe"
151552 15 Oct 2001 "C:\Programmi\CyberLink\Common\UpdateIPR.exe"
24080 20 Jul 2007 "C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe"
139320 6 Aug 2004 "C:\Programmi\Network Associates\Common Framework\bak\UpdaterUI.exe"
24080 20 Jul 2007 "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
497200 26 Jun 2006 "C:\Programmi\File comuni\Logitech\LComMgr\bak\Communications_Helper. exe"
24080 20 Jul 2007 "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
243248 26 Jun 2006 "C:\Programmi\File comuni\Logitech\LComMgr\bak\LVComSX.exe"
24080 20 Jul 2007 "C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe"
147514 7 Oct 2003 "C:\Programmi\File comuni\Network Associates\TalkBack\bak\TBMon.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
end of report
Scusa del ritardo...
scarica Avenger e scompattalo sul desktop
avvialo, seleziona Input script manually
clicca sulla lente d'ingrandimento
nella finestra che si apre View/Edit scrit copia/incolla queste righe:
Clicca DoneFiles to delete:
C:\WINDOWS\system32\rmctrl.exe
C:\WINDOWS\system32\usbtapnp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe
Files to move:
C:\WINDOWS\system32\bak\rmctrl.exe|C:\WINDOWS\syst em32\rmctrl.exe
C:\WINDOWS\system32\bak\usbtapnp.exe|C:\WINDOWS\sy stem32\usbtapnp.exe
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Logitech\QuickCam10\bak\QuickCam10.ex e|C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\Network Associates\Common Framework\bak\UpdaterUI.exe|C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmi\File comuni\Logitech\LComMgr\bak\Communications_Helper. exe|C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\File comuni\Logitech\LComMgr\bak\LVComSX.exe|C:\Program mi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\File comuni\Network Associates\TalkBack\bak\TBMon.exe|C:\Programmi\Fil e comuni\Network Associates\TalkBack\TBMon.exe
poi sul icona del semaforo
rispondi Yes (a questo punto il PC dovrebbe riavviarsi. se così non fosse riavvialo manualmente)
al riavvio posta il log di Avenger.
Appena puoi collegati a Kaspersky on-line scanner, fai lo scan completo in modalità estesa e posta il risultato.
Buongiorno!
Questo è il risultato di avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\avsclsdn
*******************
Script file located at: \??\C:\Documents and Settings\tkunbbnm.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\rmctrl.exe deleted successfully.
File C:\WINDOWS\system32\usbtapnp.exe deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\Logitech\QuickCam10\QuickCam10.exe deleted successfully.
File C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe deleted successfully.
File C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe deleted successfully.
File C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe deleted successfully.
File C:\Programmi\File comuni\Network Associates\TalkBack\TBMon.exe deleted successfully.
File move operation C:\WINDOWS\system32\bak\rmctrl.exe|C:\WINDOWS\syst em32\rmctrl.exe completed successfully.
File move operation C:\WINDOWS\system32\bak\usbtapnp.exe|C:\WINDOWS\sy stem32\usbtapnp.exe completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe completed successfully.
File move operation C:\Programmi\Logitech\QuickCam10\bak\QuickCam10.ex e|C:\Programmi\Logitech\QuickCam10\QuickCam10.exe completed successfully.
File move operation C:\Programmi\Network Associates\Common Framework\bak\UpdaterUI.exe|C:\Programmi\Network Associates\Common Framework\UpdaterUI.exe completed successfully.
File move operation C:\Programmi\File comuni\Logitech\LComMgr\bak\Communications_Helper. exe|C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe completed successfully.
File move operation C:\Programmi\File comuni\Logitech\LComMgr\bak\LVComSX.exe|C:\Program mi\File comuni\Logitech\LComMgr\LVComSX.exe completed successfully.
File move operation C:\Programmi\File comuni\Network Associates\TalkBack\bak\TBMon.exe|C:\Programmi\Fil e comuni\Network Associates\TalkBack\TBMon.exe completed successfully.
Completed script processing.
*******************
Finished! Terminate.
Permessi di invio
Rispondi quotando