Hacktool.Rootkit

[HaranB]

Aiuto non riesco a liberarmene! Mi ha infettato il file msdirectx.sys

[gionapper]

Che av hai?

[gionapper]

allora ti consiglio di provare con il tools di rimozione della trendmicro sysclean in modalità provvisoria e con il ripristino del Sistema disattivato

[HaranB]

Qualcuno mi da una mano? Ho fatto la scansione in mod prov e sono riuscito a cancellarlo ma tornato in mod normale me lo ritrova ancora!!! Che devo fare????

[andorra24]

Quote:

Originariamente inviato da HaranB

Qualcuno mi da una mano? Ho fatto la scansione in mod prov e sono riuscito a cancellarlo ma tornato in mod normale me lo ritrova ancora!!! Che devo fare????

Ciao, prova qualche scansione online tipo queste: http://it.trendmicro-europe.com/cons...all_launch.php
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo.

[HaranB]

Quote:

Originariamente inviato da andorra24

Ciao, prova qualche scansione online tipo queste: http://it.trendmicro-europe.com/cons...all_launch.php
http://support.f-secure.com/enu/home/ols.shtml
http://www.bitdefender.com/scan-online/ie.html
Inoltre puoi anche postare il log di hijackthis cosi gli si da' uno sguardo.

non mi servono scansioni online, norton me lo trova!! lo cancella ma poi me lo ritrovo quando torno in modalità normale!
Che roba è hijackthis?

[andorra24]

Quote:

Originariamente inviato da HaranB

Che roba è hijackthis?

Hijackthis e' un utile programmino che permette di effettuare una scansione dell'intero sistema e mostra tutte le chiavi ed elementi caricati all'avvio. Lo puoi scaricare da qui: http://www.merijn.org/files/hijackthis.zip
Poi,se vuoi,puoi postare il log sul forum in modo che gli si possa dare un'occhiata.

[HaranB]

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\green.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com...DrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.co...bg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a51198...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[andorra24]

Fixa le seguenti voci:
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.

[HaranB]

Quote:

Originariamente inviato da andorra24

Fixa le seguenti voci:
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.co...IDrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.c...abg330/jRjs.cgi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O2 - BHO: (no name) - {B2D537EE-8246-0D5E-882A-235412D63B08} - C:\DOCUME~1\Haran\DATIAP~1\dvdooze\bib scr.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
O4 - HKCU\..\RunServices: [norton antigay] gay.exe
E' preferibile che tu elimini queste voci in modalita' provvisoria e con il ripristino di sistema disabilitato. Ciao.

come faccio ad eliminarle?

[andorra24]

Quote:

Originariamente inviato da HaranB

come faccio ad eliminarle?

Individua con grande attenzione le voci che ti ho elencato e metti la spunta sulla relativa casellina di hijackthis. Poi premi ''fix checked'' e il gioco e' fatto.

[bluepix]

Queste, IMHO, è sospetta:

O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe

[andorra24]

Quote:

Originariamente inviato da bluepix

Queste, IMHO, è sospetta:

O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe

Si l'avevo notata anche io ma purtroppo su google ci sono info poco chiare su questo Ref file.exe

[HaranB]

Quote:

Originariamente inviato da andorra24

Individua con grande attenzione le voci che ti ho elencato e metti la spunta sulla relativa casellina di hijackthis. Poi premi ''fix checked'' e il gioco e' fatto.

ma devo fare tutto questo in mod prov, giusto?

[andorra24]

Quote:

Originariamente inviato da HaranB

ma devo fare tutto questo in mod prov, giusto?

L'ideale sarebbe farlo in modalita' provvisoria.

[juninho85]

C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\green.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ixgryshetnzeyhgwavbaa.com...DrPjRCOJ3.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.jkngxxejdlqzoyzzuwfpdh.co...bg330/jRjs.cgi
ti
F2 - REG:system.ini: Shell=Explorer.exe green.exe
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [Name Open] C:\DOCUME~1\Haran\DATIAP~1\BALLPO~1\litetrayfour.exe
gay.exe

[lord2]

Quote:

Originariamente inviato da HaranB

Aiuto non riesco a liberarmene! Mi ha infettato il file msdirectx.sys

ciao scansiona con RootkitRevealer

lo trovi quà:http://www.snapfiles.com/reviews/Roo...tRevealer.html

[HaranB]

ora va meglio grazie (tocchiamoci non si sa mai)
come tolgo lll.exe? visto che nn appare tra le app da fixare? cmq vi riposto il nuovo log così se avete voglia date un altro okkio...

Logfile of HijackThis v1.99.1
Scan saved at 23.20.19, on 18/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\lll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon06.exe
C:\Programmi\Java\jre1.5.0\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Haran\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wgllibsazcyaxttkh.com/VKr...IDrPjRCOJ3.jpg
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\System32\hphmon06.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Idle Log Cast Knob] C:\Documents and Settings\All Users\Dati applicazioni\wintrustidlelog\Ref file.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Startup: PeerGuardian.lnk = C:\Programmi\PeerGuardian2\pg2.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\digital imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\digital imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01a51198...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1094050516793
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{27D4CFFA-5EC2-4886-8A7E-648B1718614E}: NameServer = 80.21.70.171 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Network DDE Client (NetDDEclnt) - Unknown owner - C:\WINDOWS\system32\lll.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[juninho85]

se magari leggessi il mio post...

[HaranB]

Quote:

Originariamente inviato da juninho85

se magari leggessi il mio post...

l'ho letto ma mi manca lll.exe da togliere