HaranB
18-06-2005, 12:11
Aiuto non riesco a liberarmene! Mi ha infettato il file msdirectx.sys
View Full Version : Hacktool.Rootkit
gionapper
18-06-2005, 12:14
Che av hai?
gionapper
18-06-2005, 12:24
allora ti consiglio di provare con il tools di rimozione della trendmicro sysclean in modalità provvisoria e con il ripristino del Sistema disattivato
HaranB
18-06-2005, 19:06
Qualcuno mi da una mano? Ho fatto la scansione in mod prov e sono riuscito a cancellarlo ma tornato in mod normale me lo ritrova ancora!!! Che devo fare????
andorra24
18-06-2005, 19:13
Qualcuno mi da una mano? Ho fatto la scansione in mod prov e sono riuscito a cancellarlo ma tornato in mod normale me lo ritrova ancora!!! Che devo fare????
Ciao, prova qualche scansione online tipo queste: http://it.trendmicro-europe.com/consumer/housecall/housecall_launch.php
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo. :)
Ciao, prova qualche scansione online tipo queste: http://it.trendmicro-europe.com/consumer/housecall/housecall_launch.php
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo. :)
HaranB
18-06-2005, 19:17
Ciao, prova qualche scansione online tipo queste: http://it.trendmicro-europe.com/consumer/housecall/housecall_launch.php
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo. :)
non mi servono scansioni online, norton me lo trova!! lo cancella ma poi me lo ritrovo quando torno in modalità normale!
Che roba è hijackthis?
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo. :)
non mi servono scansioni online, norton me lo trova!! lo cancella ma poi me lo ritrovo quando torno in modalità normale!
Che roba è hijackthis?
andorra24
18-06-2005, 19:35
Che roba è hijackthis?
Hijackthis e' un utile programmino che permette di effettuare una scansione dell'intero sistema e mostra tutte le chiavi ed elementi caricati all'avvio. Lo puoi scaricare da qui: http://www.merijn.org/files/hijackthis.zip
Poi,se vuoi,puoi postare il log sul forum in modo che gli si possa dare un'occhiata.
Hijackthis e' un utile programmino che permette di effettuare una scansione dell'intero sistema e mostra tutte le chiavi ed elementi caricati all'avvio. Lo puoi scaricare da qui: http://www.merijn.org/files/hijackthis.zip
Poi,se vuoi,puoi postare il log sul forum in modo che gli si possa dare un'occhiata.
HaranB
18-06-2005, 19:49
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\green.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPTdcehWMS_3vIDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.com/VKrhDgRgECMcFnyvo98QPs4RPEEVoB3labg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a511986e93fdca4205/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\green.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPTdcehWMS_3vIDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.com/VKrhDgRgECMcFnyvo98QPs4RPEEVoB3labg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a511986e93fdca4205/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
andorra24
18-06-2005, 20:21
Fixa le seguenti voci:
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.
HaranB
18-06-2005, 20:27
Fixa le seguenti voci:
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.
come faccio ad eliminarle?
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.
come faccio ad eliminarle?
andorra24
18-06-2005, 20:31
come faccio ad eliminarle?
Individua con grande attenzione le voci che ti ho elencato e metti la spunta sulla relativa casellina di hijackthis. Poi premi ''fix checked'' e il gioco e' fatto.
Individua con grande attenzione le voci che ti ho elencato e metti la spunta sulla relativa casellina di hijackthis. Poi premi ''fix checked'' e il gioco e' fatto.
bluepix
18-06-2005, 20:38
Queste, IMHO, è sospetta:
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
andorra24
18-06-2005, 20:43
Queste, IMHO, è sospetta:
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
Si l'avevo notata anche io ma purtroppo su google ci sono info poco chiare su questo Ref file.exe
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
Si l'avevo notata anche io ma purtroppo su google ci sono info poco chiare su questo Ref file.exe
HaranB
18-06-2005, 20:51
Individua con grande attenzione le voci che ti ho elencato e metti la spunta sulla relativa casellina di hijackthis. Poi premi ''fix checked'' e il gioco e' fatto.
ma devo fare tutto questo in mod prov, giusto?
ma devo fare tutto questo in mod prov, giusto?
andorra24
18-06-2005, 20:54
ma devo fare tutto questo in mod prov, giusto?
L'ideale sarebbe farlo in modalita' provvisoria.
L'ideale sarebbe farlo in modalita' provvisoria.
juninho85
18-06-2005, 21:28
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPTdcehWMS_3vIDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.com/VKrhDgRgECMcFnyvo98QPs4RPEEVoB3labg330/jRjs.cgi
ti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
gay.exe
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPTdcehWMS_3vIDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.com/VKrhDgRgECMcFnyvo98QPs4RPEEVoB3labg330/jRjs.cgi
ti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
gay.exe
lord2
18-06-2005, 22:14
Aiuto non riesco a liberarmene! Mi ha infettato il file msdirectx.sys
ciao scansiona con RootkitRevealer
lo trovi quà:http://www.snapfiles.com/reviews/Rootkit-Revealer/RootkitRevealer.html
ciao scansiona con RootkitRevealer
lo trovi quà:http://www.snapfiles.com/reviews/Rootkit-Revealer/RootkitRevealer.html
HaranB
18-06-2005, 22:20
ora va meglio grazie (tocchiamoci non si sa mai)
come tolgo lll.exe? visto che nn appare tra le app da fixare? cmq vi riposto il nuovo log così se avete voglia date un altro okkio...
Logfile of HijackThis v1.99.1
Scan saved at 23.20.19, on 18/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wgllibsazcyaxttkh.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPkYMuh7JepDvIDrPjRCOJ3.jpg
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a511986e93fdca4205/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
come tolgo lll.exe? visto che nn appare tra le app da fixare? cmq vi riposto il nuovo log così se avete voglia date un altro okkio...
Logfile of HijackThis v1.99.1
Scan saved at 23.20.19, on 18/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wgllibsazcyaxttkh.com/VKrhDgRgECNI36C9SMw3c1rurxo6mQhui4LDvRWmqAPkYMuh7JepDvIDrPjRCOJ3.jpg
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a511986e93fdca4205/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
juninho85
18-06-2005, 22:26
se magari leggessi il mio post...
HaranB
18-06-2005, 23:11
se magari leggessi il mio post...
l'ho letto ma mi manca lll.exe da togliere
l'ho letto ma mi manca lll.exe da togliere
andorra24
19-06-2005, 07:17
Fixa questa voce:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wgllibsazcyaxttkh.com/VK...vIDrPjRCOJ3.jpg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wgllibsazcyaxttkh.com/VK...vIDrPjRCOJ3.jpg
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.