trojan

[50cent]

Ho trovato C:\bla.exe
L'ho cancellato e mi sembrava fosse tutto a posto.
Il giorno dopo però l'ho ritrovato.
Adesso la pagina iniziale di internet explorer è diventata Quick Web Search e non riesco a togliere questa pagina iniziale.
Inoltre mentre navigo mi compaiono sempre delle finestre con della pubblicità?
Che mi è successo?
Che devo fare?

Logfile of HijackThis v1.99.1
Scan saved at 2.47.14, on 20/05/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\Norton Internet Security\NISSERV.EXE
C:\Programmi\Norton Internet Security\SymProxySvc.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmi\Norton Internet Security\IAMAPP.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Corel\WordPerfect Office 2000\Register\Remind32.exe
C:\Programmi\Norton Internet Security\ATRACK.EXE
C:\WINDOWS\apiwm32.exe
C:\WINDOWS\netnq.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Andrea\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - C:\WINDOWS\system32\atlcv32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [iamapp] C:\Programmi\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VVSN] C:\Programmi\VVSN\VVSN.exe
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [apiwm32.exe] C:\WINDOWS\apiwm32.exe
O4 - HKLM\..\RunOnce: [netnq.exe] C:\WINDOWS\netnq.exe
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Corel Registration.lnk = C:\Programmi\Corel\WordPerfect Office 2000\Register\Remind32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...89/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75ECF140-4094-4342-9488-3FC6BC48768D}: NameServer = 85.37.17.13 151.99.125.1
O21 - SSODL: System - {B8B7E7AF-FDC4-4BDB-BE1C-723CD3A35718} - C:\WINDOWS\system32\system32.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkuw32.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\SymProxySvc.exe

[YMen]

Devi aggiornare IE e poi ci sono parecchie cose che puzzano:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [VVSN] C:\Programmi\VVSN\VVSN.exe

O4 - HKLM\..\Run: [iexplore.exe] C:\Programmi\Internet Explorer\iexplore.exe
O21 - SSODL: System - {B8B7E7AF-FDC4-4BDB-BE1C-723CD3A35718} - C:\WINDOWS\system32\system32.dll

vedi che sono se non le conosci eliminale e in più dove c'è file missing cancellali

[juninho85]

C:\WINDOWS\apiwm32.exe
C:\WINDOWS\netnq.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\vxnqy.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing

O2 - BHO: Class - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - C:\WINDOWS\system32\atlcv32.dll



O4 - HKLM\..\Run: [apiwm32.exe] C:\WINDOWS\apiwm32.exe
O4 - HKLM\..\RunOnce: [netnq.exe] C:\WINDOWS\netnq.exe
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab

O21 - SSODL: System - {B8B7E7AF-FDC4-4BDB-BE1C-723CD3A35718} - C:\WINDOWS\system32\system32.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkuw32.exe (file missing)

[juninho85]

installa il service pack2

[50cent]

Scusami ma non sono molto esperto...
Le stringhe con missing scusami ma non essendo presente il percorso non le trovo.
Le altre cose che mi hai detto le ho cancellate ma non ho risolto il problema.

[juninho85]

Quote:

Originariamente inviato da 50cent

Scusami ma non sono molto esperto...
Le stringhe con missing scusami ma non essendo presente il percorso non le trovo.
Le altre cose che mi hai detto le ho cancellate ma non ho risolto il problema.

devi cancellarle con la funzione del programma...selezioni e clicchi su fix

[50cent]

Cavoli io le ho cancellate dal registro??
Ho fatto un danno?

[3dsst]

Quote:

Originariamente inviato da 50cent

Cavoli io le ho cancellate dal registro??
Ho fatto un danno?

non dovresti se hai tolto quelle giuste hai solo tolto a mano ciò che potevi fare automaticamente

[50cent]

Vi ringrazio tutti!!!
Ce l'ho fatta!! siete stati gentilissimi.
Grazie ancora.

[3dsst]

Quote:

Originariamente inviato da 50cent

Vi ringrazio tutti!!!
Ce l'ho fatta!! siete stati gentilissimi.
Grazie ancora.

[juninho85]

Quote:

Originariamente inviato da 50cent

Vi ringrazio tutti!!!
Ce l'ho fatta!! siete stati gentilissimi.
Grazie ancora.

di nulla.

[YMen]

Quote:

Originariamente inviato da 50cent

Vi ringrazio tutti!!!
Ce l'ho fatta!! siete stati gentilissimi.
Grazie ancora.

niente di che