Esegui -
- Annuncio Pubblicitario
Lentissimo...aiuto
21 messaggi
• Pagina 1 di 2 • 1, 2
Lentissimo...aiuto
da milos » sab set 30, 2006 2:51 am
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da milos » lun ott 02, 2006 6:27 pm
GRAZIE PER LA RISPOSTA, ECCO IL LOG:
Logfile of HijackThis v1.99.1
Scan saved at 10.21.50, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\TEMP\xscu1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\NI.UWAS6T_0001_N91M2208\setup.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xscu1.exe] C:\WINDOWS\TEMP\xscu1.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 10.21.50, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\TEMP\xscu1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\NI.UWAS6T_0001_N91M2208\setup.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 2 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [xscu1.exe] C:\WINDOWS\TEMP\xscu1.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da Amantide » lun ott 02, 2006 6:38 pm
Come immaginavo, anche il tuo computer è affetto dal LinkOptimizer. Prova a fare la pulizia con questi 2 tools di rimozione che troverai qui http://www.MegaLab.it/forum/viewtopic.php?t=24004.
Dopo aver usato questi tools, rifai la scansione con Hijackthis e posta il log.
Dopo aver usato questi tools, rifai la scansione con Hijackthis e posta il log.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da Amantide » lun ott 02, 2006 6:59 pm
milos ha scritto:scusa l'ignoranza, ma non mi sono mai trovata in questa situazione, devo scaricare i 5 programmi della rimozione manuale e seguire poi le varie fasi?
No, devi scaricare solo i 2 tools di rimozione della Prevx e della Symantec. La pulizia manuale, con aiuto di quell' altri programmi, va effettuata solo se i tools di rimozione non avranno efficacia.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da milos » lun ott 02, 2006 7:49 pm
ho usato solo il tool symantec, nell'altro nn riesco ad entrare. Ecco la nuova scansione:
Logfile of HijackThis v1.99.1
Scan saved at 11.47.37, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\uwasffNT.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
Logfile of HijackThis v1.99.1
Scan saved at 11.47.37, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\WinAntiSpyware 2006 Scanner\uwasffNT.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da crazy.cat » lun ott 02, 2006 9:08 pm
Hai installato tu Winantispyware?
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
Oltre a non rimuovere niente, ti installa lui delle componenti adware pericolose.
Rifai la scansione con hijackthis ed elimina anche queste due righe
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
O4 - HKLM\..\Run: [WinAntiSpyware 2006 Scanner] C:\Programmi\WinAntiSpyware 2006 Scanner\was6.exe
Oltre a non rimuovere niente, ti installa lui delle componenti adware pericolose.
Rifai la scansione con hijackthis ed elimina anche queste due righe
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da Amantide » lun ott 02, 2006 10:11 pm
crazy.cat ha scritto:Rifai la scansione con hijackthis ed elimina anche queste due righe
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//viaixux//ogelzas//wwsislh//irkqpg//IT//arct.chm::/painter.exe
... ed anche questa
R3 - Default URLSearchHook is missing
Queste 2 righe in blu indicano che il LinkOptimizer sta ancora li.
Prova a fare la pulizia manuale, seguendo la guida.
-
Amantide - Membro Ufficiale (Gold)
- Messaggi: 8126
- Iscritto il: lun feb 06, 2006 4:13 pm
- Località: Abruzzo
da BilloKenobi » lun ott 02, 2006 11:32 pm
credo che tu abbia preso l'ultima versione del LinkOptimizer, che inibisce l'uso di tutti i tools eccetto quello symantec.
dopo aver fatto girare questo tool posta il log che esso crea in C:\Fixlinkopt.log
inoltre dopo il tool scarica VirIt della TgSoft, aggiornalo e fagli fare uno scan dalla modalità provvisoria. dopo di che riprova a scaricare e a far girare il tool della Prevx
Tool symantec
Tool Prevx
VirIt
dopo aver fatto girare questo tool posta il log che esso crea in C:\Fixlinkopt.log
inoltre dopo il tool scarica VirIt della TgSoft, aggiornalo e fagli fare uno scan dalla modalità provvisoria. dopo di che riprova a scaricare e a far girare il tool della Prevx
Tool symantec
Tool Prevx
VirIt
Begun the Clone War has
-
BilloKenobi - Senior Member
- Messaggi: 453
- Iscritto il: gio ago 10, 2006 11:06 am
da milos » mar ott 03, 2006 2:13 am
Ecco il log di symantec. Poi ho fatto lo scan con VirIT aggiornato in mod provv, ho fatto girare Prevx e scan ancora con Hijackthis. Ecco i risultati:
ymantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
SeDebugPrivilege acquired
Trojan.Linkoptimizer has not been found on your computer.
Logfile of HijackThis v1.99.1
Scan saved at 18.05.33, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 16 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
ymantec Trojan.Linkoptimizer Removal Tool 1.0.2
SeTakeOwnershipPrivilege acquired
SeDebugPrivilege acquired
Trojan.Linkoptimizer has not been found on your computer.
Logfile of HijackThis v1.99.1
Scan saved at 18.05.33, on 02/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 16 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Class - {C3CF3841-1558-C5A6-D119-F9D22C76F24B} - C:\WINDOWS\xyfgd1.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O16 - DPF: {D5649FCD-D683-11D4-8C85-0020AFE1F8EC} (NIFtpDLLs.clsObject) - https://213.26.67.124/ce_milano/denunce ... tpDLLs.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da BilloKenobi » mar ott 03, 2006 3:29 am
allora sei stato in grado di scaricare e usare il tool prevx? questa è una buona notizia. ps il tool symantec ha preso una bella cantonata.
scarica questi altri programmi
Ccleaner --- http://download.ccleaner.com/ccsetup132.exe
The Avenger --- http://swandog46.geekstogo.com/avenger.zip
Myuninstaller --- http://www.puntocr.it/index/downloads_r ... d/214.html
GMER --- http://www.gmer.net/files.php
quando li hai scaricati, estrai Gmer, avvialo, e fai uno scan dalla sezione "Autostart". poi clicchi su copia e incolli nella risposta
stessa cosa con la sezione "Rootkit"
scarica questi altri programmi
Ccleaner --- http://download.ccleaner.com/ccsetup132.exe
The Avenger --- http://swandog46.geekstogo.com/avenger.zip
Myuninstaller --- http://www.puntocr.it/index/downloads_r ... d/214.html
GMER --- http://www.gmer.net/files.php
quando li hai scaricati, estrai Gmer, avvialo, e fai uno scan dalla sezione "Autostart". poi clicchi su copia e incolli nella risposta
stessa cosa con la sezione "Rootkit"
Begun the Clone War has
-
BilloKenobi - Senior Member
- Messaggi: 453
- Iscritto il: gio ago 10, 2006 11:06 am
da milos » mar ott 03, 2006 5:40 pm
Sì, sono riuscita a usare il tool prevx. Ecco i risultati di Gmer.
GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-03 09:31:26
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
InoRPC /*eTrust Antivirus RPC Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRpc.exe"
InoRT /*eTrust Antivirus Realtime Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRT.exe"
InoTask /*eTrust Antivirus Job Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoTask.exe"
LogWatch /*Event Log Watch*/@ = C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AtiPTAatiptaxx.exe = atiptaxx.exe
@Realtime MonitorC:\PROGRA~1\CA\ETRUST~1\realmon.exe -s = C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
@WorksFUDC:\Programmi\Microsoft Works\wkfud.exe = C:\Programmi\Microsoft Works\wkfud.exe
@Microsoft Works PortfolioC:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/ = C:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/
@Microsoft Works Update DetectionC:\Programmi\Microsoft Works\WkDetect.exe = C:\Programmi\Microsoft Works\WkDetect.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@ATI Launchpad /*file not found*/ = /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{DCED20BE-3645-11D4-BC95-00C04F0E0588} /*InoShell*/C:\Programmi\CA\eTrust Antivirus\InoShell.dll = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/ = C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{C3CF3841-1558-C5A6-D119-F9D22C76F24B}C:\WINDOWS\xyfgd1.dll /*file not found*/ = C:\WINDOWS\xyfgd1.dll /*file not found*/
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\Nepal.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.it/ = http://www.msn.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.4 = 192.168.1.4
@NameServer193.76.202.5 = 193.76.202.5
@DefaultGateway192.168.1.100 = 192.168.1.100
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CB7D100-0394-49BB-8AEE-C9146F6C512C} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.1.4 = 192.168.1.4
@NameServer151.99.125.2,151.99.0.100 = 151.99.125.2,151.99.0.100
@DefaultGateway192.168.1.100 = 192.168.1.100
@Domain =
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
Promemoria del Calendario di Microsoft Works.lnk = Promemoria del Calendario di Microsoft Works.lnk
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:38:45
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:39:14
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:39:34
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
grazie per la pazienza!
GMER 1.0.11.11390 - http://www.gmer.net
Autostart 2006-10-03 09:31:26
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Ati HotKey Poller@ = %SystemRoot%\System32\Ati2evxx.exe
InoRPC /*eTrust Antivirus RPC Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRpc.exe"
InoRT /*eTrust Antivirus Realtime Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoRT.exe"
InoTask /*eTrust Antivirus Job Server*/@ = "C:\Programmi\CA\eTrust Antivirus\InoTask.exe"
LogWatch /*Event Log Watch*/@ = C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AtiPTAatiptaxx.exe = atiptaxx.exe
@Realtime MonitorC:\PROGRA~1\CA\ETRUST~1\realmon.exe -s = C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
@WorksFUDC:\Programmi\Microsoft Works\wkfud.exe = C:\Programmi\Microsoft Works\wkfud.exe
@Microsoft Works PortfolioC:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/ = C:\Programmi\Microsoft Works\WksSb.exe /AllUsers /*file not found*/
@Microsoft Works Update DetectionC:\Programmi\Microsoft Works\WkDetect.exe = C:\Programmi\Microsoft Works\WkDetect.exe
@TkBellExe"C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@ATI Launchpad /*file not found*/ = /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{DCED20BE-3645-11D4-BC95-00C04F0E0588} /*InoShell*/C:\Programmi\CA\eTrust Antivirus\InoShell.dll = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/ = C:\PROGRA~1\MICROS~3\OFFICE11\msohev.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Programmi\Real\RealPlayer\rpshell.dll = C:\Programmi\Real\RealPlayer\rpshell.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\InoShell@{DCED20BE-3645-11D4-BC95-00C04F0E0588} = C:\Programmi\CA\eTrust Antivirus\InoShell.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\programmi\google\googletoolbar2.dll = c:\programmi\google\googletoolbar2.dll
@{C3CF3841-1558-C5A6-D119-F9D22C76F24B}C:\WINDOWS\xyfgd1.dll /*file not found*/ = C:\WINDOWS\xyfgd1.dll /*file not found*/
HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\System32\Nepal.scr
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
@Start Pageabout:blank = about:blank
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.msn.it/ = http://www.msn.it/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\System32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B} /*Connessione alla rete locale (LAN)*/ >>>
@IPAddress192.168.1.4 = 192.168.1.4
@NameServer193.76.202.5 = 193.76.202.5
@DefaultGateway192.168.1.100 = 192.168.1.100
@Domain =
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6CB7D100-0394-49BB-8AEE-C9146F6C512C} /*Connessione alla rete locale (LAN) 2*/ >>>
@IPAddress192.168.1.4 = 192.168.1.4
@NameServer151.99.125.2,151.99.0.100 = 151.99.125.2,151.99.0.100
@DefaultGateway192.168.1.100 = 192.168.1.100
@Domain =
C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
Avvio veloce di Adobe Reader.lnk = Avvio veloce di Adobe Reader.lnk
Microsoft Office.lnk = Microsoft Office.lnk
Promemoria del Calendario di Microsoft Works.lnk = Promemoria del Calendario di Microsoft Works.lnk
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:38:45
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:39:14
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
GMER 1.0.11.11390 - http://www.gmer.net
Rootkit 2006-10-03 09:39:34
Windows 5.1.2600 Service Pack 2
---- Registry - GMER 1.0.11 ----
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc23.yvoreb.vg-ptv-ova-jroznvy.ptv-YRGGREN_VASBEZNGVIN.qbpVQ=Vu0iOH8LAW_eM4ZIijhTMja9agXscubyatFLiw0iz8pAoXRuS9x&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=106&Obql=2&svyranzr=YRGGREN_VASBEZNGVIN.qbp.yax 0x4F 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc1.yvoreb.vg-ptv-ova-jroznvy.ptv-RYRAPB_ZBOVYV_HFNGV.qbpVQ=VmY4XmhUD4GPieEF8YhvawPq0cGj_mLOhosPPcVrb50QKu2rAOdVlc&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=227&Obql=2&svyranzr=RYRAPB_ZBOVYV_HFNGV.qbp.yax 0x84 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc9.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=V0SJZkbUEog8gcKH_WtfyuRo2eAh8krUfMEZNeBrkJ9gNwjLCQxTje&Npg_Ivrj=1&E_Sbyqre=nJ5vo3t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-3364005892-2716406928-3452464051-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count@HRZR_EHACVQY:P:\Qbphzragf naq Frggvatf\hgragr\Erprag\uggc--jcbc3.yvoreb.vg-ptv-ova-jroznvy.ptv-Pvepbyner_Yrttr_Orefnav.qbpVQ=VgoVrw_EQcGlsouvZ7rFKGlgRMQthwVE_YCFF5LV8WywxETh9kn4PM&Npg_Ivrj=1&E_Sbyqre=FH5PG1t=&zftVQ=240&Obql=3&svyranzr=Pvepbyner_Yrttr_Orefnav.qbp.yax 0xE6 0x02 0x00 0x00 ...
---- Files - GMER 1.0.11 ----
ADS ...
---- EOF - GMER 1.0.11 ----
grazie per la pazienza!
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da BilloKenobi » mar ott 03, 2006 11:04 pm
effettivamente la tua infezione sembra un guscio vuoto...
fai così
1) Estrai Myuninstaller. è un programma (che non necessita installazione) simile a "installazione applicazioni" ma molto più efficace. Cerca la voce LinkOptimizer o connectionservices, cliccaci col destro e clicca Delete selected entry
2) Vai su Start>esegui>e digita control userpasswords2 (lo scrivi nello spazio bianco)>OK
Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);
3) Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema.
clicchi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa
4) Ora estrai e avvia Avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3CF3841-1558-C5A6-D119-F9D22C76F24B}
Files to delete:
C:\WINDOWS\xyfgd1.dll
Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Il programma rilascia un log con le operazioni eseguite.
Posta il log di Avenger (che si trova in C:/avenger.txt) con l´esito dello script.
5) Controlla se in C:\Programmi o C:\Programmi\file comuni o C:\programmi\file comuni\System o in C:\programmi\file comuni\microsoft shared , sono presenti file con estensione .exe di colore verde; se sì fammelo sapere
6) Ora installa Ccleaner, aprilo, spunta l'opzione "Cookie" in alto a sinistra, e clicca su "Avvia Cleaner" in basso a destra.
inoltre pare che il tuo pc sia affetto da un qualche malware. scarica ewido, aggiornalo e poi fagli fare un bello scan
fai così
1) Estrai Myuninstaller. è un programma (che non necessita installazione) simile a "installazione applicazioni" ma molto più efficace. Cerca la voce LinkOptimizer o connectionservices, cliccaci col destro e clicca Delete selected entry
2) Vai su Start>esegui>e digita control userpasswords2 (lo scrivi nello spazio bianco)>OK
Nella finestra Account utente, dovresti avere un'utenza sospetta con nome casuale (oltre le consuete), tipo XYZFG. Segnati il nome dell'utenza ed eliminala (click con il destro e scegli elimina);
3) Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file protetti di sistema.
clicchi OK
Vai in C:\Documents and Settings, dovresti trovare una cartella con lo stesso nome dell'utenza, elimina anch'essa
4) Ora estrai e avvia Avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento
Si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in neretto:
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C3CF3841-1558-C5A6-D119-F9D22C76F24B}
Files to delete:
C:\WINDOWS\xyfgd1.dll
Clicca sul pulsante Done
Clicca 2 volte sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente
Il programma rilascia un log con le operazioni eseguite.
Posta il log di Avenger (che si trova in C:/avenger.txt) con l´esito dello script.
5) Controlla se in C:\Programmi o C:\Programmi\file comuni o C:\programmi\file comuni\System o in C:\programmi\file comuni\microsoft shared , sono presenti file con estensione .exe di colore verde; se sì fammelo sapere
6) Ora installa Ccleaner, aprilo, spunta l'opzione "Cookie" in alto a sinistra, e clicca su "Avvia Cleaner" in basso a destra.
inoltre pare che il tuo pc sia affetto da un qualche malware. scarica ewido, aggiornalo e poi fagli fare un bello scan
Begun the Clone War has
-
BilloKenobi - Senior Member
- Messaggi: 453
- Iscritto il: gio ago 10, 2006 11:06 am
da milos » mer ott 04, 2006 1:48 am
allora:
con Myuninstaller non ho trovato nè la voce linkoptimizer nè connectioservices. Fra le utenze ho trovato ASPNET, non credo sia sospetta. Non sono riuscita ad estrarre Avenger, non riesco proprio ad entrare nel sito.
Per quanto riguarda il punto 5) non c'è alcuna voce in verde.
Ho avviato Ccleaner e ho fatto anche lo scan con Ewido.
Ora ho rifatto la scansione con Hijack e questo è il logo:
Logfile of HijackThis v1.99.1
Scan saved at 17.36.17, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\TTERMPRO\ttermpro.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 29 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
con Myuninstaller non ho trovato nè la voce linkoptimizer nè connectioservices. Fra le utenze ho trovato ASPNET, non credo sia sospetta. Non sono riuscita ad estrarre Avenger, non riesco proprio ad entrare nel sito.
Per quanto riguarda il punto 5) non c'è alcuna voce in verde.
Ho avviato Ccleaner e ho fatto anche lo scan con Ewido.
Ora ho rifatto la scansione con Hijack e questo è il logo:
Logfile of HijackThis v1.99.1
Scan saved at 17.36.17, on 03/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\Programmi\Microsoft Works\WksSb.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\TTERMPRO\ttermpro.exe
C:\Programmi\ewido anti-spyware 4.0\guard.exe
C:\Programmi\ewido anti-spyware 4.0\ewido.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Directory temporanea 29 per hijackthis_199[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.1.210:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [!ewido] "C:\Programmi\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 7882900160
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2777326839
O17 - HKLM\System\CCS\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB7D100-0394-49BB-8AEE-C9146F6C512C}: NameServer = 151.99.125.2,151.99.0.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{274E0FAA-2869-4A14-AF17-B2FB6059AB4B}: NameServer = 193.76.202.5
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da milos » gio ott 05, 2006 12:19 am
che sollievo! Ringrazio infinitamente te amantide e anche billokenobi e crazy.cat che si sono presi a cuore il mio problema. Vorrei rivolgervi ancora una domanda: visto che ho scaricato i vari Ccleaner, Ewido, Myuninstaller, Prevx, VirIT, vorrei sapere quali di questi devo lasciare attivi sul pc e quali posso cancellare ed in linea generale che mi consigliate per un protezione "decente". Ancora 10000 grazie!
-
milos - Neo Iscritto
- Messaggi: 15
- Iscritto il: mar feb 08, 2005 5:46 pm
da crazy.cat » gio ott 05, 2006 12:25 am
Possono tornare utili Ccleaner, Ewido.
Gli altri eliminali, anche Virit.
Se vuoi una buona protezione in tempo reale è Spywareterminator.
http://www.spywareterminator.com/
In italiano e gratis
Gli altri eliminali, anche Virit.
Se vuoi una buona protezione in tempo reale è Spywareterminator.
http://www.spywareterminator.com/
In italiano e gratis
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da crazy.cat » gio ott 05, 2006 12:37 am
Non lo conosco più di tanto ma forse ha anche cambiato nome
http://www.intermute.com/products/spysubtract.html
Ewido+spywareterminator fanno già un buon lavoro, se ci metti anche spywareblaster previeni già tantissime infezioni solo con quello.
http://www.intermute.com/products/spysubtract.html
Ewido+spywareterminator fanno già un buon lavoro, se ci metti anche spywareblaster previeni già tantissime infezioni solo con quello.
-
crazy.cat - MLI Hero
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
21 messaggi
• Pagina 1 di 2 • 1, 2
Chi c’è in linea
Visitano il forum: Nessuno e 11 ospiti
megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising