Delsim dialer...aiuto

Zefirox · 06-05-2007, 14:38

Ciao a tutti..

Ho usato il tasto cerca,ho trovato un topic su questo dialer ma non ha tolto questo dialer..

qualcuno sa darmi una mano?ho un file in c:,eliminandolo,torna perennemente quando riavvio con nomi diversi(casuali penso),anche disinstallandolo..

ho provato molti programmi ma niente...spero in un vostro aiuto...
ho anche formattato ma neinte..torna sempre...

wizard1993 · 06-05-2007, 15:06

log hijackthis

Zefirox · 06-05-2007, 15:20

Logfile of HijackThis v1.99.1
Scan saved at 16.19.54, on 06/05/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\tune.exe
C:\WINDOWS\System32\wpabaln.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\marco dea\Desktop\HijackThis.exe
C:\Programmi\MSN Messenger\usnsvc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Windows DLLISP Service - Unknown owner - C:\WINDOWS\dllisp.exe (file missing)
O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe

wizard1993 · 06-05-2007, 15:26

fixa questo coso

O23 - Service: Windows DLLISP Service - Unknown owner - C:\WINDOWS\dllisp.exe (file missing)

poi aggirona windows, disabilita il system restore

e fai una scan onlie con ewido e a-squared

Zefirox · 06-05-2007, 16:04

Ora provo..

wizard1993 · 06-05-2007, 16:16

fammi sapere

Zefirox · 06-05-2007, 16:20

niente..ce ancora..scansionato e aggiornato

wizard1993 · 06-05-2007, 16:25

Quote:

Originariamente inviato da Zefirox

niente..ce ancora..scansionato e aggiornato

anche ewido e asuqared non lo rilevano?

wizard1993 · 06-05-2007, 16:30

in caso i due nn rilevino disinstalla norton, scaricati il kaspersky antivirus in trial aggiorna e scansiona in modalità provvisoria

Zefirox · 06-05-2007, 16:31

trovano dei programmi malevoli..ma non questo del..
mi sta facendo impazzire..boh..non capisco nemmeno come possa resistere alla formattazione..

wizard1993 · 06-05-2007, 16:34

Quote:

Originariamente inviato da Zefirox

trovano dei programmi malevoli..ma non questo del..
mi sta facendo impazzire..boh..non capisco nemmeno come possa resistere alla formattazione..

fai come ti ho dettosopra

Zefirox · 06-05-2007, 18:19

Mi ha trovato 3 net-worm(a.exe,qmedia.exe)e un trojan(ff.exe)
mi si è bloccato a 99%..speriamo

Zefirox · 06-05-2007, 18:49

niente..eliminati i 4 virus ma il dialer è ancora qui..
stranamente pero non si è aperto ancora..

wizard1993 · 06-05-2007, 19:31

allora
con the avanger http://www.megalab.it/articoli.php?id=946

insersci questo script

Files to delete:
%CommonProgramFiles%\tjd\tjeeze.exe
%CommonProgramFiles%\tjd\amstercam uk.exe
%CommonProgramFiles%\tjd\amstercam.exe
%SystemDrive%\Documents and Settings\All Users\Start Menu\tjeeze.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\amstercam uk.lnk
%SystemDrive%\Documents and Settings\All Users\Start Menu\amstercam.lnk
%SystemDrive%\Documents and Settings\All Users\Desktop\amstercam uk.lnk
%SystemDrive%\Documents and Settings\All Users\Desktop\amstercam.lnk
%SystemDrive%\Documents and Settings\All Users\Desktop\tjeeze.lnk
C:\Program Files\Common Files\delsim\del.exe
Registry keys to delete:
HKEY_CURRENT_USER\Software\Trafficjam

Zefirox · 07-05-2007, 17:25

adesso provo..cmq ti ringrazio per l'aiuto che mi stai dando..

sarei perso senza te

wizard1993 · 07-05-2007, 17:27

Quote:

Originariamente inviato da Zefirox

adesso provo..cmq ti ringrazio per l'aiuto che mi stai dando..

sarei perso senza te

di nulla

Zefirox · 07-05-2007, 17:50

Rieccomi..dopo aver usato lo script mi ha dato qualche errore ma dopo il riavvio non ce piu il file in c..

grazie mille per l'aiuto..

wizard1993 · 07-05-2007, 18:30

Quote:

Originariamente inviato da Zefirox

Rieccomi..dopo aver usato lo script mi ha dato qualche errore ma dopo il riavvio non ce piu il file in c..

grazie mille per l'aiuto..

nella cartella C:\avenger troverai un file zippato, mandamelo all'indirzzo che ora ti spedirò via mp;

puoi postare il log di avenger?

Zefirox · 07-05-2007, 19:56

Inviato all'email//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Syntax error in line --- does not appear to be a valid registry path. Line will be ignored.
Error code: 1813
Line: HKEY_CURRENT_USER\Software\Trafficjam

//////////////////////////////////////////

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\btv^hihi

*******************

Script file located at: \??\C:\WINDOWS\System32\jnauskdt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Could not open file C:\Programmi\File comuni\tjd\tjeeze.exe for deletion
Deletion of file C:\Programmi\File comuni\tjd\tjeeze.exe failed!

Could not process line:
C:\Programmi\File comuni\tjd\tjeeze.exe
Status: 0xc000003a

Could not open file C:\Programmi\File comuni\tjd\amstercam uk.exe for deletion
Deletion of file C:\Programmi\File comuni\tjd\amstercam uk.exe failed!

Could not process line:
C:\Programmi\File comuni\tjd\amstercam uk.exe
Status: 0xc000003a

Could not open file C:\Programmi\File comuni\tjd\amstercam.exe for deletion
Deletion of file C:\Programmi\File comuni\tjd\amstercam.exe failed!

Could not process line:
C:\Programmi\File comuni\tjd\amstercam.exe
Status: 0xc000003a

Could not open file C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk
Status: 0xc000003a

Could not open file C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk
Status: 0xc000003a

Could not open file C:\Documents and Settings\All Users\Start Menu\amstercam.lnk for deletion
Deletion of file C:\Documents and Settings\All Users\Start Menu\amstercam.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Start Menu\amstercam.lnk
Status: 0xc000003a

File C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk not found!
Deletion of file C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk
Status: 0xc0000034

File C:\Documents and Settings\All Users\Desktop\amstercam.lnk not found!
Deletion of file C:\Documents and Settings\All Users\Desktop\amstercam.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Desktop\amstercam.lnk
Status: 0xc0000034

File C:\Documents and Settings\All Users\Desktop\tjeeze.lnk not found!
Deletion of file C:\Documents and Settings\All Users\Desktop\tjeeze.lnk failed!

Could not process line:
C:\Documents and Settings\All Users\Desktop\tjeeze.lnk
Status: 0xc0000034

Could not open file C:\Program Files\Common Files\delsim\del.exe for deletion
Deletion of file C:\Program Files\Common Files\delsim\del.exe failed!

Could not process line:
C:\Program Files\Common Files\delsim\del.exe
Status: 0xc000003a

Completed script processing.

*******************

Finished! Terminate.

06-05-2007, 14:38	#1
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Delsim dialer...aiuto Ciao a tutti.. Ho usato il tasto cerca,ho trovato un topic su questo dialer ma non ha tolto questo dialer.. qualcuno sa darmi una mano?ho un file in c:,eliminandolo,torna perennemente quando riavvio con nomi diversi(casuali penso),anche disinstallandolo.. ho provato molti programmi ma niente...spero in un vostro aiuto... ho anche formattato ma neinte..torna sempre...

06-05-2007, 15:06	#2
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	log hijackthis __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

06-05-2007, 15:26	#4
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	fixa questo coso O23 - Service: Windows DLLISP Service - Unknown owner - C:\WINDOWS\dllisp.exe (file missing) poi aggirona windows, disabilita il system restore e fai una scan onlie con ewido e a-squared __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

06-05-2007, 16:16	#6
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	fammi sapere __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

06-05-2007, 16:30	#9
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	in caso i due nn rilevino disinstalla norton, scaricati il kaspersky antivirus in trial aggiorna e scansiona in modalità provvisoria __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

06-05-2007, 15:20	#3
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Logfile of HijackThis v1.99.1 Scan saved at 16.19.54, on 06/05/2007 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\tune.exe C:\WINDOWS\System32\wpabaln.exe C:\WINDOWS\System32\msiexec.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Documents and Settings\marco dea\Desktop\HijackThis.exe C:\Programmi\MSN Messenger\usnsvc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Windows DLLISP Service - Unknown owner - C:\WINDOWS\dllisp.exe (file missing) O23 - Service: Windows Tune service - Unknown owner - C:\WINDOWS\tune.exe

06-05-2007, 16:04	#5
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Ora provo..

06-05-2007, 16:20	#7
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	niente..ce ancora..scansionato e aggiornato

06-05-2007, 16:31	#10
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	trovano dei programmi malevoli..ma non questo del.. mi sta facendo impazzire..boh..non capisco nemmeno come possa resistere alla formattazione..

06-05-2007, 18:19	#12
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Mi ha trovato 3 net-worm(a.exe,qmedia.exe)e un trojan(ff.exe) mi si è bloccato a 99%..speriamo

06-05-2007, 18:49	#13
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	niente..eliminati i 4 virus ma il dialer è ancora qui.. stranamente pero non si è aperto ancora..

06-05-2007, 19:31	#14
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	allora con the avanger http://www.megalab.it/articoli.php?id=946 insersci questo script Files to delete: %CommonProgramFiles%\tjd\tjeeze.exe %CommonProgramFiles%\tjd\amstercam uk.exe %CommonProgramFiles%\tjd\amstercam.exe %SystemDrive%\Documents and Settings\All Users\Start Menu\tjeeze.lnk %SystemDrive%\Documents and Settings\All Users\Start Menu\amstercam uk.lnk %SystemDrive%\Documents and Settings\All Users\Start Menu\amstercam.lnk %SystemDrive%\Documents and Settings\All Users\Desktop\amstercam uk.lnk %SystemDrive%\Documents and Settings\All Users\Desktop\amstercam.lnk %SystemDrive%\Documents and Settings\All Users\Desktop\tjeeze.lnk C:\Program Files\Common Files\delsim\del.exe Registry keys to delete: HKEY_CURRENT_USER\Software\Trafficjam __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

07-05-2007, 17:25	#15
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	adesso provo..cmq ti ringrazio per l'aiuto che mi stai dando.. sarei perso senza te

07-05-2007, 17:50	#17
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Rieccomi..dopo aver usato lo script mi ha dato qualche errore ma dopo il riavvio non ce piu il file in c.. grazie mille per l'aiuto..

07-05-2007, 19:56	#19
Zefirox Member Iscritto dal: Jan 2006 Messaggi: 93	Inviato all'email////////////////////////////////////////// Avenger Pre-Processor log ////////////////////////////////////////// Syntax error in line --- does not appear to be a valid registry path. Line will be ignored. Error code: 1813 Line: HKEY_CURRENT_USER\Software\Trafficjam ////////////////////////////////////////// Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\btv^hihi ***************** Script file located at: \??\C:\WINDOWS\System32\jnauskdt.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger *************** Beginning to process script file: Could not open file C:\Programmi\File comuni\tjd\tjeeze.exe for deletion Deletion of file C:\Programmi\File comuni\tjd\tjeeze.exe failed! Could not process line: C:\Programmi\File comuni\tjd\tjeeze.exe Status: 0xc000003a Could not open file C:\Programmi\File comuni\tjd\amstercam uk.exe for deletion Deletion of file C:\Programmi\File comuni\tjd\amstercam uk.exe failed! Could not process line: C:\Programmi\File comuni\tjd\amstercam uk.exe Status: 0xc000003a Could not open file C:\Programmi\File comuni\tjd\amstercam.exe for deletion Deletion of file C:\Programmi\File comuni\tjd\amstercam.exe failed! Could not process line: C:\Programmi\File comuni\tjd\amstercam.exe Status: 0xc000003a Could not open file C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk for deletion Deletion of file C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk failed! Could not process line: C:\Documents and Settings\All Users\Start Menu\tjeeze.lnk Status: 0xc000003a Could not open file C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk for deletion Deletion of file C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk failed! Could not process line: C:\Documents and Settings\All Users\Start Menu\amstercam uk.lnk Status: 0xc000003a Could not open file C:\Documents and Settings\All Users\Start Menu\amstercam.lnk for deletion Deletion of file C:\Documents and Settings\All Users\Start Menu\amstercam.lnk failed! Could not process line: C:\Documents and Settings\All Users\Start Menu\amstercam.lnk Status: 0xc000003a File C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk not found! Deletion of file C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk failed! Could not process line: C:\Documents and Settings\All Users\Desktop\amstercam uk.lnk Status: 0xc0000034 File C:\Documents and Settings\All Users\Desktop\amstercam.lnk not found! Deletion of file C:\Documents and Settings\All Users\Desktop\amstercam.lnk failed! Could not process line: C:\Documents and Settings\All Users\Desktop\amstercam.lnk Status: 0xc0000034 File C:\Documents and Settings\All Users\Desktop\tjeeze.lnk not found! Deletion of file C:\Documents and Settings\All Users\Desktop\tjeeze.lnk failed! Could not process line: C:\Documents and Settings\All Users\Desktop\tjeeze.lnk Status: 0xc0000034 Could not open file C:\Program Files\Common Files\delsim\del.exe for deletion Deletion of file C:\Program Files\Common Files\delsim\del.exe failed! Could not process line: C:\Program Files\Common Files\delsim\del.exe Status: 0xc000003a Completed script processing. ***************** Finished! Terminate. Ultima modifica di Zefirox : 07-05-2007 alle 22:03.

Strumenti
Mostra una versione stampabile Invia questa pagina per email