|
|||||||
|
|
|
 |
|
|
Strumenti |
13-06-2005, 14:37
|
#1 |
|
Senior Member
Iscritto dal: Mar 2002
Città: ROMA
Messaggi: 1541
|
Ultimate porn zona resuscita !!!
Ciao a tutti , questo programma del cavolo si rigenera automanticamente
ho provato con aadware ultima release e spybot 1.3 ma non lo vedono e mentre si è collegati appare questo programma : ho provato anche con cwsheeder allego lo hijackthis.log Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe c:\cpqapps\Aclient\Aclient.exe C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe C:\WINDOWS\Cpqdiag\Cpqdfwag.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\SAVScan.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\Tablet.exe C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\igfxtray.exe C:\WINDOWS\System32\hkcmd.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE C:\WINDOWS\Logi_MwX.Exe C:\WINDOWS\System32\MMTrayLSI.exe C:\WINDOWS\System32\MMTray2k.exe C:\WINDOWS\System32\MMTray.exe C:\WINDOWS\System32\qttask.exe C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\inet20038\services.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Program Files\InterMute\SpySubtract\SpySub.exe C:\Programmi\OpenOffice.org1.0.3\program\soffice.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\inet20038\explorer.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\winsocks5.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\WINDOWS\ServicePackFiles\i386\IExplore.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0410/bl8.asp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10087/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = LUCA:6588 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F3 - REG:win.ini: run=C:\WINDOWS\inet20038\services.exe O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [DrvLsnr] C:\Programmi\Analog Devices\SoundMAX\DrvLsnr.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [SetRefresh] C:\Programmi\Compaq\SetRefresh\SetRefresh.exe O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP O4 - HKLM\..\Run: [MMTrayLSI] C:\WINDOWS\System32\MMTrayLSI.exe O4 - HKLM\..\Run: [MMTray2K] C:\WINDOWS\System32\MMTray2k.exe O4 - HKLM\..\Run: [MMTray] C:\WINDOWS\System32\MMTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe O4 - HKLM\..\Run: [upprpEE] C:\WINDOWS\rxownst.exe O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\loader.exe /1 O4 - HKLM\..\Run: [Ultimate_porn_zone] C:\Programmi\Ultimate_porn_zone\UPZ.exe w O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Shareaza] "C:\Programmi\Shareaza\Shareaza.exe" -tray O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe O4 - Startup: OpenOffice.org 1.0.3.lnk = C:\Programmi\OpenOffice.org1.0.3\program\quickstart.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra button: Microsoft AntiSpyware helper - {DAD6D278-5276-4A36-AD09-D383AD800CDD} - (no file) (HKCU) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAD6D278-5276-4A36-AD09-D383AD800CDD} - (no file) (HKCU) O12 - Plugin for .tif: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin5.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{00948DBB-0235-4E8D-9A11-831AF45D65CC}: NameServer = 151.99.125.2,151.99.125.3 O17 - HKLM\System\CCS\Services\Tcpip\..\{6497814E-5CF4-4D64-95DF-4514450F8399}: NameServer = 151.99.125.2,151.99.125.3 O17 - HKLM\System\CS1\Services\Tcpip\..\{00948DBB-0235-4E8D-9A11-831AF45D65CC}: NameServer = 151.99.125.2,151.99.125.3 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - c:\cpqapps\Aclient\Aclient.exe O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Insight Local Alerter (CPQALERT) - Hewlett-Packard Company - C:\Programmi\Compaq\Compaq Management Agents\cpqalert.exe O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe O23 - Service: Insight Web Agent (cpqWebDmi) - Hewlett-Packard Company - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe O23 - Service: Remote Diagnostics Enabling Agent (DfwWebAgent) - Hewlett-Packard - C:\WINDOWS\Cpqdiag\Cpqdfwag.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Programmi\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
__________________
Ho concluso con : VirusX,BlindGuardian,Firo(x3),Robalzu,Ganondorf,Nevi,Thor,Sticky,Jimmy3Dita,stefano25,colenr,hioros,CabALiSt,Lucio Virzì,axleco,Manuel78(x5),pierodj,Correx,dinuovo,cipango(x5),max84,recidivo(x4) Ho comprato senza problemi da : Cranius,Daitan III ,superpippo32,Catan,scaci,toshiman |
|
|
|
13-06-2005, 14:52
|
#2 |
|
Senior Member
Iscritto dal: May 2005
Città: Bari (ma vorrei vivere a Parigi...)
Messaggi: 821
|
C:\WINDOWS\inet20038\services.exe, la cartella "inet20038" è sbagliata se il file services.exe è presente anche in system32 cancella il file in inet20038
cancella il file C:\WINDOWS\winsocks5.exe dopo averlo terminato dal task poi fixa queste righe: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10087/ O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file) O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file) O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe (questa se è successo quello che ho detto prima) O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe (questa se è successo quello che ho detto prima) O9 - Extra button: Microsoft AntiSpyware helper - {DAD6D278-5276-4A36-AD09-D383AD800CDD} - (no file) (HKCU) (è inutile) O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DAD6D278-5276-4A36-AD09-D383AD800CDD} - (no file) (HKCU) (è inutile) Poi riavvia e riposta il log
__________________
Io faccio amicizia solo con gente amichevole e simpatica se non lo siete clik qui ma visitate Il Mio Sito 
|
|
|
|
|
13-06-2005, 16:00
|
#3 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
Io cancellerei pure:
F3 - REG:win.ini: run=C:\WINDOWS\inet20038\services.exe O2 - BHO: (no name) - {A0269420-A638-4509-889C-8FC3CC85DA7E} - C:\WINDOWS\drexinit.dll (Trojan.Win32.Agent.co ) O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\system32\ap9h4qmo.exe O4 - HKLM\..\Run: [upprpEE] C:\WINDOWS\rxownst.exe O4 - HKLM\..\Run: [WindowsFZ] C:\WINDOWS\loader.exe /1 O4 - HKLM\..\Run: [Ultimate_porn_zone] C:\Programmi\Ultimate_porn_zone\UPZ.exe w O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20038\services.exe |
|
|
|
|
13-06-2005, 16:05
|
#4 | |
|
Senior Member
Iscritto dal: May 2005
Città: Bari (ma vorrei vivere a Parigi...)
Messaggi: 821
|
Quote:
 molti non li avevo notati
__________________
Io faccio amicizia solo con gente amichevole e simpatica se non lo siete clik qui ma visitate Il Mio Sito
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:03.
