|
|||||||
|
|
|
 |
|
|
Strumenti |
01-04-2006, 19:49
|
#1 |
|
Member
Iscritto dal: Mar 2006
Messaggi: 37
|
www.xbeta69.com
aiutooo ragazzi cosa devo far per eliminare quest'incubo di .www.xbeta69.com .... ieri secure 32 oggi questo mi sa tanto che dovrò proteggermi in qualche modo anche se mi sa tanto che un po di colpa è di windows ME... aiutooooooo
|
|
|
|
01-04-2006, 19:51
|
#2 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Posta un log di hijackthis.
Naviga con firefox e fai l'immunizzazione con SpywareBlaster. Ultima modifica di andorra24 : 01-04-2006 alle 19:55. |
|
|
|
|
01-04-2006, 19:55
|
#3 |
|
Member
Iscritto dal: Mar 2006
Messaggi: 37
|
lo so che alla fine non mi aiuterete + ma questi malware sono un incubo ... grazie di nuovo
Logfile of HijackThis v1.99.1 Scan saved at 20.17.27, on 01/04/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWSB\SYSTEM\KERNEL32.DLL C:\WINDOWSB\SYSTEM\MSGSRV32.EXE C:\WINDOWSB\SYSTEM\MPREXE.EXE C:\WINDOWSB\SYSTEM\STIMON.EXE C:\WINDOWSB\SYSTEM\mmtask.tsk C:\WINDOWSB\SYSTEM\MSTASK.EXE C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWSB\EXPLORER.EXE C:\WINDOWSB\TASKMON.EXE C:\WINDOWSB\SYSTEM\SYSTRAY.EXE C:\WINDOWSB\SYSTEM\RMCTRL.EXE C:\WINDOWSB\SYSTEM\SVCHOST.EXE C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE C:\WINDOWSB\RUNDLL32.EXE C:\PROGRAMMI\MESSENGER\MSMSGS.EXE C:\WINDOWSB\SYSTEM\WMIEXE.EXE C:\WINDOWSB\SYSTEM\TAPISRV.EXE C:\ESM2\STMS.EXE C:\ESM2\EBRR.EXE C:\WINDOWSB\SYSTEM\PSTORES.EXE C:\WINDOWSB\SYSTEM\DDHELP.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMMI\SKYPE\PHONE\SKYPE.EXE C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.xbeta69.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWSB\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWSB\SYSTEM\SVCHOST.EXE /s O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE" -t O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [lich] lich.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWSB\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE" O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.xbeta69.com O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\PROGRAMMI\FCADVICE\FCADVICE.DLL |
|
|
|
|
01-04-2006, 20:01
|
#4 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa:
C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.xbeta69.com O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s O4 - HKLM\..\Run: [lich] lich.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.xbeta69.com O18 - Filter: text/html - {994D478A-45D0-4DB4-AE77-288B1E346E99} - C:\PROGRAMMI\FCADVICE\FCADVICE.DLL Per eliminare questo malware sgrunt se ti interessa esiste anche un piccolo tool che sarebbe questo: http://www.francydelorenzi.it/compon.../filecatid,105 Ultima modifica di andorra24 : 01-04-2006 alle 21:28. |
|
|
|
|
01-04-2006, 21:17
|
#5 |
|
Member
Iscritto dal: Mar 2006
Messaggi: 37
|
mi dice che è impossibile fixare le seguenti lines:
O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net questo è il nuovo log Logfile of HijackThis v1.99.1 Scan saved at 21.39.31, on 01/04/2006 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWSB\SYSTEM\KERNEL32.DLL C:\WINDOWSB\SYSTEM\MSGSRV32.EXE C:\WINDOWSB\SYSTEM\MPREXE.EXE C:\WINDOWSB\SYSTEM\mmtask.tsk C:\WINDOWSB\SYSTEM\MSTASK.EXE C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWSB\EXPLORER.EXE C:\WINDOWSB\TASKMON.EXE C:\WINDOWSB\SYSTEM\SYSTRAY.EXE C:\WINDOWSB\SYSTEM\RMCTRL.EXE C:\WINDOWSB\SYSTEM\SVCHOST.EXE C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE C:\WINDOWSB\RUNDLL32.EXE C:\PROGRAMMI\MESSENGER\MSMSGS.EXE C:\WINDOWSB\SYSTEM\WMIEXE.EXE C:\WINDOWSB\SYSTEM\TAPISRV.EXE C:\ESM2\STMS.EXE C:\ESM2\EBRR.EXE C:\WINDOWSB\SYSTEM\DDHELP.EXE C:\PROGRAMMI\SKYPE\PHONE\SKYPE.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\WINDOWSB\SYSTEM\STIMON.EXE C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWSB\SYSTEM\SVCHOST.EXE /s O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [eDonkey2000] "C:\PROGRAMMI\EDONKEY2000\EDONKEY2000.EXE" -t O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE" O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000 O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.xbeta69.com O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe |
|
|
|
|
01-04-2006, 21:21
|
#6 |
|
Senior Member
Iscritto dal: Sep 2005
Città: Opinions are like assholes: anybody has one...
Messaggi: 34290
|
c'e' ancora tutto...
togli sgrunt col tool indicato da andorra fallo da modalità provvisoria disattivando prima il ripristino conf di sistema
__________________
Ну давай !! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cina, bugiardo - stolen conto: non paghi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NON CERCO PIU' UN ALIMENTATORE DECENTE ----------------> LINK |
|
|
|
|
01-04-2006, 21:23
|
#7 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Usa il tool per sgrunt in modalita' provvisoria e gia' che sei in modalita' provvisoria ripeti il fix con hijackthis.
Le voci da fixare sono queste: C:\WINDOWSB\APPLICATION DATA\SGRUNT\IE4321.EXE O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet7_22.dll O4 - HKLM\..\Run: [Olympic] C:\WINDOWSB\Application Data\sgrunt\IE4321.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.xbeta69.com O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe Ultima modifica di andorra24 : 01-04-2006 alle 21:32. |
|
|
|
|
01-04-2006, 21:34
|
#8 |
|
Member
Iscritto dal: Mar 2006
Messaggi: 37
|
... fatto ma continua a non fixare la line 10 ......!!! bhoooo !!!!
|
|
|
|
|
01-04-2006, 21:39
|
#9 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 18:23.
