|
|||||||
|
|
|
 |
|
|
Strumenti |
18-08-2007, 12:27
|
#1 |
|
Senior Member
Iscritto dal: Aug 2000
Città: Prov. Pg
Messaggi: 2349
|
Directx.exe --> backdoor
Salve a tutti facendo una "passata" di Hijackthis noto il processo directx.exe che da ricerca sembra essere un troyan
http://www.avira.com/it/threats/sect...iadoor.bo.html ora il problema è che non riesco ad eliminarlo; nel link postato sopra non ho capito bene come fare...qualcuno ha un suggerimento? Posto anche il log E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\Programmi\AntiVir PersonalEdition Classic\sched.exe E:\WINDOWS\system32\CTsvcCDA.EXE E:\WINDOWS\Explorer.EXE E:\Programmi\Java\jre1.5.0_10\bin\jusched.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\SOUNDMAN.EXE E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe E:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE E:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe E:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe E:\WINDOWS\CTHELPER.EXE E:\Programmi\HP\HP Software Update\HPWuSchd2.exe E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe E:\Programmi\QuickTime\qttask.exe E:\WINDOWS\system32\LVCOMSX.EXE E:\Programmi\Logitech\Video\LogiTray.exe E:\Programmi\File comuni\Real\Update_OB\realsched.exe E:\WINDOWS\system32\ctfmon.exe E:\Programmi\Creative\MediaSource\Detector\CTDetect.exe E:\WINDOWS\System32\svchost.exe E:\Programmi\Logitech\Video\FxSvr2.exe E:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe E:\WINDOWS\Minidump\explorer.exe E:\Documents and Settings\Pippo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/accounts/Serv...t<mplcache=2 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SmcService] E:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [avgnt] "E:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programmi\Java\jre1.5.0_10\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "E:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [CTDVDDET] E:\Programmi\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE O4 - HKLM\..\Run: [CTSysVol] E:\Programmi\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [AudioDrvEmulator] "E:\Programmi\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "E:\Programmi\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll" O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [HP Software Update] "E:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] E:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programmi\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programmi\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative Detector] E:\Programmi\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programmi\Logitech\Video\ManifestEngine.exe boot O4 - Startup: Adobe Gamma.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = E:\Programmi\HP\digital imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = E:\Programmi\HP\digital imaging\bin\hpqtra08.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&sporta in Microsoft Excel - res://J:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\jre1.5.0_10\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - J:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...x/qtplugin.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - E:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - E:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - E:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe O23 - Service: DirectX Service (Pogos) - Unknown owner - E:\WINDOWS\system32\directx.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - E:\Programmi\Sygate\SPF\smc.exe Grazie
__________________
Ho trattato con molti utenti tutti soddisfatti per esigenza di signature ho dovuto rimuoverli 
|
|
|
|
18-08-2007, 12:31
|
#2 |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
|
|
|
|
|
18-08-2007, 12:54
|
#3 |
|
Senior Member
Iscritto dal: Aug 2000
Città: Prov. Pg
Messaggi: 2349
|
ok avrò sbagliato sezione...ma la sostanza del tuo intervento?
__________________
Ho trattato con molti utenti tutti soddisfatti per esigenza di signature ho dovuto rimuoverli
|
|
|
|
|
18-08-2007, 12:55
|
#4 | |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
Quote:
|
|
|
|
|
|
18-08-2007, 12:58
|
#5 |
|
Senior Member
Iscritto dal: Aug 2000
Città: Prov. Pg
Messaggi: 2349
|
__________________
Ho trattato con molti utenti tutti soddisfatti per esigenza di signature ho dovuto rimuoverli
|
|
|
|
|
18-08-2007, 13:59
|
#6 | |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
Quote:
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 13:31.
