PDA

Visualizza versione completa : "XXX adult key"... che fare?


johnmyung86
28-06-2006, 16.41.32
Oggi mi sono connesso per scaricare la posta come faccio tutti i giorni, ma poi è comparsa una finestra con il titolo "XXX ADULT KEY"... accompagnata da un programma che si chiama "e1xplorer" (con l'icona simile a quella di internet explorer) che se provo ad aprirlo mi apre internet explorer mandandomi su una pagina che credo sia un sito porno o qualcosa del genere (x sicurezza mi sono staccato dalla rete prima di aprirlo, per evitare dialer vari). Il problema è che non riesco a liberarmi di questo schifo... e anche quando faccio la scansione con l'antivirus (McAfee vers, 8.0) questa roba è invisibile...

Come faccio a sbarazzarmene??!?!?!?!?!

Grazie

Semi.genius
28-06-2006, 16.47.37
Non bisogna aprire i file allegati se non sicuri...

adesso bisogna capire che tipo di malware/virus ti abbia colpito... Allora, da quanto leggo da internet è un dialer, perciò se hai una connessione analogica, controlla attentamente di non connetterti con un numero 899 o simili.

http://forum.html.it/forum/showthread.php?s=&threadid=995181&goto=nextnewest

guarda qui per info

Gergio
28-06-2006, 16.49.25
presumo che la finestra che ti si e' aperta sia il servizio messenger, che puoi tranqllamente disabilitare: non e' l'msn che si usa per chattare. Qsto per evitare problemi simili in futuro.
Per risolvere il tuo problema immediato potresti provare a dare una passata con hijackthis (www.hijackthis.de) e togliere le schifezze che trovi. Eventualmente dai anche una passata con cwshredder (http://www.intermute.com/spysubtract/cwshredder_download.html)

johnmyung86
28-06-2006, 17.37.59
Non c'erano allegati da aprire...
Io ho una connessione via radio con router... mi sembra difficile che sia un dialer!

La finestra è senza nessun bordo... e non ho messenger... se guardo sulla barra degli strumenti, vicino all start c'è il pulsante che apre la finestra, ma non c'è modo di chiuderla!

crazy.cat
28-06-2006, 18.05.14
"e1xplorer" è di solito collegato al winmovie plugin che è un dialer.
Posta il log di hijackthis e vediamo dove si nasconde.

johnmyung86
28-06-2006, 18.44.21
Ok... potreste spiegarmi un attimo come si usa hijackthis? l'ho appena installato e non so da dove cominciare...

crazy.cat
28-06-2006, 18.52.31
Non cancellare niente per il momento
Hijackthis questo sconosciuto (http://www.megalab.it/articoli.php?id=453)

johnmyung86
28-06-2006, 19.02.31
Ho letto l'articolo su hijackthis... se dico che non c'ho capito quasi niente faccio la figura dell'imbecille?!

Un altro problema è che da quando è comparsa 'sta cosa il sistema non sta più in piedi... i programmi non si aprono, o si aprono lentamente, si chiudono da soli... il virusScan continua a farmi vedere sempre le stesse cose pur dicendogli di interrompere... Sta morendo lentamente?!

crazy.cat
28-06-2006, 19.11.09
Premi Do a system scan only
Poi premi Scan
quando ha finito la scansione premi Save log.
Ti viene salvato il risultato in un file di testo, lo apri con notepad, selezioni tutto il testo e poi fai Copia e Incolla qui nella discussione.

johnmyung86
28-06-2006, 19.16.36
ECCOLO:

Logfile of HijackThis v1.99.1
Scan saved at 19.13.40, on 28/06/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\hidserv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\wltrysvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\bcmwltry.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\dmimlstr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\SOUNDMAN.EXE
C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Programmi\McAfee.com\VSO\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINNT\system32\winamp.exe
C:\WINNT\AGRSMMSG.exe
C:\WINNT\system32\spoolsvc.exe
C:\Programmi\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINNT\system32\dcomcfg.exe
C:\Programmi\McAfee.com\VSO\oasclnt.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\PROGRA~1\mcafee.com\mps\mscifapp.exe
C:\WINNT\system32\internat.exe
C:\Programmi\eMule\emule.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Ciccio\Programmi\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe,dmimlstr.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\s ystem32\dmimlstr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: McBrwHelper Class - {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} - c:\programmi\mcafee.com\mps\mcbrhlpr.dll
O2 - BHO: McAfee PopupKiller - {3EC8255F-E043-4cae-8B3B-B191550C2A22} - c:\programmi\mcafee.com\mps\popupkiller.dll
O2 - BHO: McAfee Anti-Phishing Filter - {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} - c:\programmi\mcafee\spamkiller\mcapfbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CIEPl Object - {6BB18EFE-F2C7-457C-81FE-705757171FA0} - C:\WINNT\system32\fdconfig.dll
O2 - BHO: (no name) - {99181F8F-5610-4853-8E36-8302D4346F08} - C:\WINNT\system32\kjeqbhir.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\ZyXEL\ADSL USB Modem\CnxDslTb.exe"
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\mcafee\SPAMKI~1\mskagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [VirusScan Online] C:\Programmi\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\system32\winamp.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Update Protocol] C:\WINNT\system32\dmimlstr.exe
O4 - HKLM\..\Run: [McAfee Guardian] C:\Programmi\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [OASClnt] C:\Programmi\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MPSExe] c:\PROGRA~1\mcafee.com\mps\mscifapp.exe /embedding
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Update Protocol] C:\WINNT\system32\dmimlstr.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll
O9 - Extra 'Tools' menuitem: McAfee Anti-Phishing Filter - {39FD89BF-D3F1-45b6-BB56-3582CCF489E1} - c:\programmi\mcafee\spamkiller\mcapfbho.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A07058C3-4875-4AC9-9DC0-269B483EF653}: NameServer = 62.149.128.4,62.149.132.4
O20 - Winlogon Notify: fdconfig - C:\WINNT\SYSTEM32\fdconfig.dll
O21 - SSODL: IEFilter - {9BB6ABAC-138B-4F43-813F-0DE4D61986FF} - C:\WINNT\system32\IEFilter.dll
O21 - SSODL: Connection Meeting - {8255E12A-E05A-444A-AF3B-7E84FAE15252} - C:\WINNT\system32\ntim0_32.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: McAfee SpamKiller Server (MskService) - McAfee Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\system32\wltrysvc.exe

crazy.cat
28-06-2006, 19.40.07
Hai parecchi problemi...mcafee è stato bucato alla grande questa volta.
Se vuoi provare a combattere, rifai la scansione con hijackthis e metti il flag nelle caselline delle righe che ti ho indicato qui sotto e poi premi fix.

Per i file indicati in rosso, puoi usare delete doctor
http://www.diskcleaners.com/files/deletedr.exe
con browse selezioni file in rosso e poi premi Delete file on system Restart,
e riavvii il pc.

Io concluderei poi con una scansione dalla modalità provvisoria
http://www.wintricks.it/manuali/tools_rapidi.html
con sysclean.

F2 - REG:system.ini: Shell=Explorer.exe,dmimlstr.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\s ystem32\dmimlstr.exe
O2 - BHO: CIEPl Object - {6BB18EFE-F2C7-457C-81FE-705757171FA0} - C:\WINNT\system32\fdconfig.dll
O2 - BHO: (no name) - {99181F8F-5610-4853-8E36-8302D4346F08} - C:\WINNT\system32\kjeqbhir.dll
O4 - HKLM\..\Run: [Systems] C:\WINNT\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Update Protocol] C:\WINNT\system32\dmimlstr.exe
O4 - HKCU\..\Run: [Update Protocol] C:\WINNT\system32\dmimlstr.exe
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O20 - Winlogon Notify: fdconfig - C:\WINNT\SYSTEM32\fdconfig.dll
O21 - SSODL: IEFilter - {9BB6ABAC-138B-4F43-813F-0DE4D61986FF} - C:\WINNT\system32\IEFilter.dll
O21 - SSODL: Connection Meeting - {8255E12A-E05A-444A-AF3B-7E84FAE15252} - C:\WINNT\system32\ntim0_32.dll (file missing)

Sospetti
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\system32\winamp.exe (non dovrebbe essere in questa cartella)

(hai una rete wireless??)
O23 - Service: WLTRYSVC - Unknown owner - C:\WINNT\system32\wltrysvc.exe

Se ti sei spaventato, buona formattazione.....

johnmyung86
28-06-2006, 20.38.16
No no!!! Che formattazione...?! Non ci penso neanche! Provo a fare quello che dici tu... Grazie... Farò sapere com'è andata...

johnmyung86
28-06-2006, 21.40.26
Ho provato, ma non è cambiato nulla.... e sysclean non parte (dice che manca il file tsc.bin)... Poi ho altri 2 problemi:

1) non riesco ad aprire Mozilla Firefox; cioè, lui non parte, ma se apro il task manager ovviamente c'è, e da lì non riesco a chiuderlo...

2) circa ogni 10 secondi McAfee VirusScan apre una finestrella con scritto: "gli ultimi messaggi di posta elettronica inviati contenevano un oggetto o un contenuto simile: save up to 70% on the meds you need#"... E' ovvio che non so di cosa stia parlando...

Devo formattare?! No, vero...?!

Lionsquid
29-06-2006, 00.34.25
rifai il lavoro in modalità provvisoria e usa PROCX o PROCESS EXPLORER per terminare i servizi sospetti.... dopo aver flaggato correttamente , approfitta per rimuiovere il mcafee che ormai ha l'utilità di una scarpa bucata,... svuota anche i file temp di interner (sia di IE che di FFox)

i suggerimenti che hai avuto dovrebbero bastare...

in ogni caso.. al riavvio rifai il log con hijackthis

come ulteriore attacco puoi usare EWIDO per rimuovere i rimasugli

johnmyung86
29-06-2006, 15.27.25
Grazie... ma quello che non capisco è come abbia fatto a bucarmi il mcafee, se l'ho installato solo ieri... E' durato mezz'ora?! Com'è possibile?!

Gergio
29-06-2006, 15.38.06
... credo sia un sito porno o qualcosa del genere (x sicurezza mi sono staccato dalla rete prima di aprirlo, per evitare dialer vari).
Grazie

potrebbe essere per qsto?

johnmyung86
29-06-2006, 16.12.30
gergio non capisco cosa vuoi dire... prima di capire dove portava quel collegamento mi sono disconnesso... cosa c'è di sbagliato?!

Gergio
29-06-2006, 16.19.48
accompagnata da un programma che si chiama "e1xplorer" (con l'icona simile a quella di internet explorer) che se provo ad aprirlo mi apre internet explorer
Grazie

scusa, hai ragione: intendevo qsto

Gergio
29-06-2006, 16.22.29
tra l'altro, ti chiederei di fare un controllo:
[premessa]: hai winXP?
se la risposta e' SI', controlla tra i servizi che hai attivi (pannello di controllo, strumenti di amministrazione, servizi) se c'e' anche un servizio chiamato messenger: sono ancora convinto che la finestrella che ti e' apparsa sia dovuta a qsto

johnmyung86
29-06-2006, 16.39.00
Ho windows 2000 professional... Ma tanto ho deciso di salvarmi tutta la roba che mi interessa su dei dvd e FORMATTARE tutto... se contate che ci sto mettendo più o meno 10 minuti x scrivere questo messaggio perchè il sistema non mi sta dietro... direi che la formattazione sia l'unica soluzione... GRAZIE per tutti i consigli che mi sono arrivati, ma non il computer non è decisamente il mio migliore amico... vi farò sapere se almeno così avrò risolto qualcosa...

UG0_BOSS
13-07-2006, 03.06.28
se provo ad aprirlo

Ecco a voi il peggior virus mai esistito nella storia dei pc...

johnmyung86
15-07-2006, 16.13.47
Direi che ho risolto brillantemente... Ho installato Linux!!! :act: Non c'è paragone..... Devo ancora capirlo bene, ma mi piace... e non ha bisogno di antivirus... :jump:

UG0_BOSS
15-07-2006, 23.15.40
Direi che ho risolto brillantemente... Ho installato Linux!!! :act: Non c'è paragone..... Devo ancora capirlo bene, ma mi piace... e non ha bisogno di antivirus... :jump:

(Y) Wow! anche tu sei diventanto un principiante linuxiano! ;)

ghandalf sarà contento :)

SAHRK
17-07-2006, 00.01.20
lol raga nn so kome ci sono arrivato.. ma nakio ho lo stesso problema

kosa devo skarkare?xD

zagl
06-08-2006, 20.25.15
Anch'io stesso problema! Ho win98.

Lionsquid
07-08-2006, 00.26.13
leggetevi il post #7 e #14 per fare in fretta, oppure leggete tutti i post per comprendere quali strumenti usare e come usarli ...


in ogni caso, senza un LOG di Hijackthis è impossible darvi dei consigli mirati

ciao

cristina87
07-08-2006, 16.04.30
Ho usato hijackthis e il log è:
Logfile of HijackThis v1.99.1
Scan saved at 15.47.01, on 07/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\Multimedia Combo Set\MouseDrv.exe
C:\Programmi\Multimedia Combo Set\PS2USBKbdDrv.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\Documents and Settings\User\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\User\IMPOST~1\Temp\Rar$EX00.578\Hijack This.exe

cristina87
07-08-2006, 16.05.05
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\ccfdv.dll
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - C:\WINDOWS\system32\msx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [WireLessMouse] C:\Programmi\Multimedia Combo Set\MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Multimedia Combo Set\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb1 0.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\User\Dati applicazioni\ratorefaci\sysrtmvs.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file://E:\components\hidinputmonitorx.ocx
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://inter98ronaldinho.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file://E:\components\A9.ocx
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file://E:\components\wmvhdrating.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EA1FA5E9-9FC8-4721-ABE8-353CD8D58E2C}: NameServer = 85.37.17.11 85.38.28.69
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

che faccio ora????

cristina87
07-08-2006, 16.12.59
CIAO HO POSTATO IL MIO LOG POTRESTI DARCI UN OCCHIATA NON SO CHE FARE

crazy.cat
07-08-2006, 16.21.26
CIAO HO POSTATO IL MIO LOG POTRESTI DARCI UN OCCHIATA NON SO CHE FARE

La prossima volta non scrivere tutto in maiuscolo, equivale ad urlare.

Utilizzando scangui o sysclean c'è da fare una scansione per i virus dalla modalità provvisoria
http://www.wintricks.it/manuali/tools_rapidi.html

Rifai la scansione con hijackthis e metti il flag su queste righe e premi fix.
Il dialer è quello che ti indico in rosso, tutti gli altri exe o dll sono dei probabili virus, controlla alla fine delle scansioni che spariscano tutti i file.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O2 - BHO: Oddbot - {2B896072-F6E3-4FF7-ADE6-43D5BEC6557C} - C:\WINDOWS\system32\ccfdv.dll
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - C:\WINDOWS\system32\msx.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\User\Dati applicazioni\ratorefaci\sysrtmvs.exe
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name

Se non hai fatto tu queste modifiche elimina anche queste righe
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM

Lionsquid
07-08-2006, 16.46.49
si.. ci sono degli exe da rimuovere:

C:\WINDOWS\system32\spoolsvc.exe > eliminare, il processo si chiama SPOOLSV (senza la c)

sospetta > C:\WINDOWS\system32\dcomcfg.exe (è probabilmente unvirus)

con la procedura sopradescritta dovresti risolvere

cristina87
07-08-2006, 17.15.42
grazie mille ho risolto!! :)

brugna
08-08-2006, 09.20.22
Ciao a tutti.. volevo chiedervi un aiuto.. ho lo stesso problema degli altri con xxx adult key.. vi posto il log di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 9.09.58, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Aspire Arcade\PCMService.exe
C:\Programmi\CRW\shwicon.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\Programmi\ICQLite\ICQLite.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Brugnara\IMPOST~1\Temp\Rar$EX00.704\Hi jackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/free
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = proxy.ing.unitn:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 213.52.217.67 www.sportingbet.com
O1 - Hosts: 209.200.162.49 it.sportingbet.com
O1 - Hosts: 62.99.138.61 www.expekt.com
O1 - Hosts: 193.203.227.100 www.betandwin.com
O1 - Hosts: 216.152.164.80 www.pinnaclesports.com
O1 - Hosts: 65.110.63.50 www.swapbets.com
O1 - Hosts: 213.33.111.50 www.jokerbets.com
O1 - Hosts: 64.69.65.80 www.casinopokerlasvegas.com
O1 - Hosts: 62.7.228.141 www.eurobet.com
O1 - Hosts: 213.212.82.185 www.globet.com
O1 - Hosts: 203.115.210.212 www.007bets.com
O1 - Hosts: 65.110.63.50 www.007sportsbetting.com
O1 - Hosts: 209.200.128.25 www.07sports.com
O1 - Hosts: 65.36.221.8 www.1001casino.com
O1 - Hosts: 66.199.173.138 www.100kcasino.com
O1 - Hosts: 65.110.63.50 www.101-casino.com
O1 - Hosts: 217.205.136.249 www.10bet.com
O1 - Hosts: 216.73.126.55 www.10handpokercasino.com
O1 - Hosts: 209.200.134.78 www.1luckygambler.com
O1 - Hosts: 64.202.189.170 www.1on1footballsportsbetting.com
O1 - Hosts: 64.158.29.134 www.1sportbook.com
O1 - Hosts: 205.234.139.66 www.1st-free-casino-online.com
O1 - Hosts: 64.70.249.150 www.1stlines.com
O1 - Hosts: 213.171.193.23 www.1stonlineinternetcasino.com
O1 - Hosts: 209.5.113.67 www.24caratcasino.com
O1 - Hosts: 213.48.117.163 www.24dogs.com
O1 - Hosts: 217.168.174.75 www.24hbet.com
O1 - Hosts: 217.168.174.32 www.24hpoker.com
O1 - Hosts: 209.200.153.133 www.2betdsi.com
O1 - Hosts: 64.40.109.33 www.4platinumsportsbook.com
O1 - Hosts: 83.138.185.248 www.4sportsbetting.com
O1 - Hosts: 200.122.156.227 www.4sportspicks.com
O1 - Hosts: 205.134.188.247 www.52bet.com
O1 - Hosts: 209.200.134.25 www.5dimes.com
O1 - Hosts: 207.228.229.110 www.7-11-casino.com
O1 - Hosts: 205.234.137.214 www.7onlinecasino.com
O1 - Hosts: 209.200.134.16 www.7palms.com
O1 - Hosts: 213.219.54.201 www.888.com
O1 - Hosts: 62.73.185.77 www.888casino.com
O1 - Hosts: 69.57.144.67 www.888casinoonnet.com
O1 - Hosts: 217.160.150.102 www.888-free-casino-games.com
O1 - Hosts: 217.160.150.102 www.888-online-casino.com
O1 - Hosts: 82.165.163.231 www.88sportsbetting.com
O1 - Hosts: 67.131.69.149 www.abcislands.com
O1 - Hosts: 205.134.188.246 www.acescasino.net
O1 - Hosts: 217.33.121.206 www.acropoliscasinos.com
O1 - Hosts: 80.120.174.220 www.admiralbet.com
O1 - Hosts: 207.139.91.25 www.advantagesportsbetting.com
O1 - Hosts: 217.15.106.34 www.aldocoppolacasino.com
O1 - Hosts: 66.48.40.229 www.allbetsrus.com
O1 - Hosts: 69.90.108.200 www.allprosportsbook.com
O1 - Hosts: 209.51.142.30 www.allsportscasino.com
O1 - Hosts: 64.69.65.202 www.AllSportsMarket.com
O1 - Hosts: 205.134.188.247 www.allstarsportsbook.com
O1 - Hosts: 195.151.143.10 www.allytab.com
O1 - Hosts: 212.227.34.3 www.americancasinoonline.com
O1 - Hosts: 64.37.97.67 www.americas-onlinecasino.com
O1 - Hosts: 65.36.221.8 www.anguilla-casino.com
O1 - Hosts: 69.90.47.118 www.anytimewager.com
O1 - Hosts: 66.235.220.191 www.apexsportsbook.com
O1 - Hosts: 212.56.159.148 www.astrabet.com
O1 - Hosts: 204.174.223.205 www.athomesportsbook.com
O1 - Hosts: 213.146.146.67 www.attheraces.co.uk
O1 - Hosts: 195.173.72.99 www.attheraces.com
O1 - Hosts: 209.200.134.78 www.aztecgaming.com
O1 - Hosts: 66.199.173.138 www.baccaratcasino.com
O1 - Hosts: 217.160.95.49 www.backandlay.com
O1 - Hosts: 64.94.93.43 www.bcbets.com
O1 - Hosts: 205.134.188.246 www.belmontcasino.com
O1 - Hosts: 205.134.188.247 www.bestecasino.com
O1 - Hosts: 201.224.248.54 www.bestlinesports.com
O1 - Hosts: 65.36.221.8 www.best-online-casinos.1001casino.com
O1 - Hosts: 217.168.174.41 www.bestpoker.com
O1 - Hosts: 87.248.209.102 www.bet19.com
O1 - Hosts: 217.168.162.99 www.bet24.com
O1 - Hosts: 62.44.67.142 www.bet247.co.uk
O1 - Hosts: 83.245.54.203 www.Bet365.com
O1 - Hosts: 62.169.147.100 www.betabet.com
O1 - Hosts: 130.228.4.60 www.betandgame.com
O1 - Hosts: 80.243.162.175 www.bet-at-home.com
O1 - Hosts: 64.15.78.40 www.betaustralia.com
O1 - Hosts: 209.200.128.45 www.betbet.com
O1 - Hosts: 216.194.173.58 www.betbuckeyesports.com
O1 - Hosts: 212.100.245.26 www.betbug.com
O1 - Hosts: 212.100.224.208 www.betbutler.com
O1 - Hosts: 217.168.161.19 www.betchance.com
O1 - Hosts: 212.56.134.12 www.betclass.co.uk
O1 - Hosts: 212.56.134.12 www.betclass.net
O1 - Hosts: 212.56.134.12 www.betclassltd.com
O1 - Hosts: 216.194.167.101 www.betcom.com
O1 - Hosts: 209.200.153.132 www.betcris.com
O1 - Hosts: 65.110.63.50 www.betcris.gameaccount.com
O1 - Hosts: 196.40.69.101 www.Betcsl.com
O1 - Hosts: 200.26.201.36 www.betcurnet.com
O1 - Hosts: 62.25.109.146 www.betdaq.com
O1 - Hosts: 206.246.91.7 www.betdirect.co.uk
O1 - Hosts: 62.44.67.141 www.betdirect.net
O1 - Hosts: 209.200.153.130 www.betdon.com
O1 - Hosts: 64.40.98.90 www.betempire.com
O1 - Hosts: 68.142.83.14 www.beteuro.com
O1 - Hosts: 212.62.21.228 www.betfair.com

brugna
08-08-2006, 09.20.59
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - C:\WINDOWS\system32\msx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Aspire Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLFL32.EXE
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Programmi\Corel\Corel Graphics 12\Languages\IT\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=071606 serial=DR12WEX-1504397-KTY lang=IT
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ICQ Lite] C:\Programmi\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipStunt] "C:\Programmi\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized
O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk =
C:\Programmi\File comuni\Autodesk Shared\acstart16.exe
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ 4.0 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/free
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com
O16 - DPF: {39D420B3-E0EB-424C-89AA-C24F8DE7EF79} (KooPlayer Control) - http://www.coolstreaming.us/webtv/tvkoo/KooPlayer.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1144063227171
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ing.unitn.it
O17 - HKLM\Software\..\Telephony: DomainName = ing.unitn.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{8450787F-3B55-4397-AA07-F9EE9883030C}: NameServer = 193.205.203.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ing.unitn.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ing.unitn.it
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe

Lionsquid
08-08-2006, 12.23.36
voci da fixare con hijackthis

tutti gli "O1 - Hosts:" vanno eliminati, tutti!! (bella collezione, la userò nel mio hosts per bloccarli)
O2 - BHO: Duplex - {4D8603D1-E19F-4DB9-B841-CF0B3AECF967} - C:\WINDOWS\system32\Apparat.dll
O2 - BHO: m1a2 - {81566074-267F-41e3-A51B-2599A3AC9EC3} - C:\WINDOWS\system32\msx.dll
O2 - BHO: FastRX - {E09962E7-A39E-4F60-8003-66D57BED27B7} - C:\WINDOWS\system32\fastRX.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe (rimuovere, è un falso servizio)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: *.aflashcounter.com


vedo che hai installato ewido.... ma sembra non riuscire a debellare l'intruso.. potrebbe essere non aggiornato oppure corrotto,.. ti conviene disinstallarlo e reinstallarlo dopo aver ripulito il pc

Lionsquid
08-08-2006, 12.36.17
dopo aver fixato, devi riavviare in modalità provvisoria e verificare nuovamente con hijackthis se qualche voce ricompare...

ti consiglio di utilizzare questi tools per ulteriori controlli

http://www.wintricks.it/manuali/tools_rapidi.html

brugna
08-08-2006, 15.33.50
Grazie.. risolto tutto.. ciaooo

Lionsquid
09-08-2006, 02.36.55
Grazie.. risolto tutto.. ciaooo


(Y) ;)

maryl
09-08-2006, 19.15.13
:act: Scusate sono nuova e ho già un problema, vi posto il log di hijackthis così non ci perdiamo in chiacchere e aggiungo che anke a me rimane fissa una finestra sul desktop "xxx adult key" e poi mi cambia sempre la pagina di iniziale
allego il file log fatemi sapere
:act:

Semi.genius
09-08-2006, 19.21.54
devi fixare
C:\Documents and Settings\admin\Dati applicazioni\ratorefaci\sysrtmvs.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\DOCUME~1\admin\IMPOST~1\Temp\s3q4.1.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O15 - Trusted Zone: www.1987324.com
O15 - Trusted Zone: www.adslconnection.name
O15 - Trusted Zone: *.aflashcounter.com
O15 - Trusted Zone: www.softlab.name
O15 - Trusted Zone: www.xxx-content.name
O4 - HKCU\..\Run: [rasgate] C:\DOCUME~1\admin\IMPOST~1\Temp\s3q4.1.exe -a
O4 - HKLM\..\Run: [aouei] C:\Documents and Settings\admin\Dati applicazioni\ratorefaci\sysrtmvs.exe

maryl
10-08-2006, 01.34.17
Grazie tante Semi.Genius, ora sembra si sia risolto tutto .. o almeno spero...ti rigrazio ancora tanto mi sei stato davvero di grande aiuto :) :) :act: :act:

fraser
10-08-2006, 14.18.25
HO LETTO CHE NN SONO LA SOLA CHE HA QUESTO MALEDETTO PROBLEMA MA PURTROPPO SONO AL QUANTO NEGATA NEL RISOLVERLO...SONO ANDATA SU Hijack This Log... ma poi non capisco quallo che devo fare...
VI PREGO C'E' QUALCUNO COSI GENTILE CHE MI PUO' GUIDARE NELL'ELIMINAZIONE DI TUTTO QUESTO SCHIFO? :crying: :wall: :mm:

fraser
10-08-2006, 14.20.18
CIAO MARYL ANCHE TU AVEVI IL PROBLEMA DEL XXX ADULT KEY?

crazy.cat
10-08-2006, 14.48.15
CIAO MARYL ANCHE TU AVEVI IL PROBLEMA DEL XXX ADULT KEY?

Non scrivere in maiuscolo la prossima volta equivale ad urlare.

Fai la scansione con hijackthis, alla fine premi Save log, salvi il file sul tuo pc, lo apri con Notepad o un editor qualsiasi, ti copi tutto il testo e lo incolli qui in questa discussione.

maryl
10-08-2006, 17.09.42
si Fraser, ma vedo che crazy.cat ti ha gia dato una mano :)
Dev'essere che questo problema sta colpendo un pò tutti.... (W)

UG0_BOSS
10-08-2006, 17.26.10
dovremmo rinominare il thread in "pronto soccorso thread - esaminiamo log di hijackthis aggratis - venghino signori venghino" :D

Semi.genius
10-08-2006, 17.30.11
dovremmo rinominare il thread in "pronto soccorso thread - esaminiamo log di hijackthis aggratis - venghino signori venghino" :D
..dovremmo però dare un premio al possessore del log più disperato... :mm:

niclas
15-08-2006, 09.27.24
ho "xxx adult key" in piu' ho un collegamento a explorer che si è autoinstallata cosa devo fare? aiutatemi attendo risposte. grazie

crazy.cat
15-08-2006, 09.34.38
Posta un log della scansione di hijackthis per avere qualcosa su cui lavorare.

Pochi post sotto il tuo, tanti con lo stesso problema.
http://www.wintricks.it/forum/showthread.php?t=108262

Bartimaeus
15-08-2006, 20.21.38
Salve a tutti, anche io mi sono imbattuta nello stesso problema e dopo aver constatato che con spybot search&destroy non ho risolto nulla mi appello alla vostra clemenza per cercare di eliminare questo maledetto adult key XXX dal mio computer.
Il log di Hijackthis è questo:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\programmi\canon\qttask.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\3.0\Apps\apdproxy.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\boot32.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\slrundll.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\DOCUME~1\gina\IMPOST~1\Temp\Directory temporanea 2 per hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmi\canon\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [ImInstaller_Magentic] C:\DOCUME~1\gina\IMPOST~1\Temp\ImInstaller\Magenti c\magentic_install[1].exe -startup -product Magentic -skip_dialog language
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\system32\dllcache\services.exe

grazie in anticipo per le risposte e l'aiuto!

Bartimaeus
15-08-2006, 20.22.33
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.aflashcounter.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF197CDD-8988-4D69-B13C-55A60F20E7B0}: NameServer = 193.70.152.25 193.70.192.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe


(postato in due parti perchè troppo lungo)
Grazie ancora!

prandot
15-08-2006, 22.13.05
hai sicuramente un bel pò di schifezze...
da fixare:
C:\WINDOWS\system32\dcomcfg.exe
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O4 - HKLM\..\Run: [SERVICES.EXE] C:\WINDOWS\system32\dllcache\services.exe
O15 - Trusted Zone: *.aflashcounter.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{AF197CDD-8988-4D69-B13C-55A60F20E7B0}: NameServer = 193.70.152.25 193.70.192.25 (se non é un indirizzo IP che conosci)
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
dopo bisogna fare una bella passata con antivirus

niclas
15-08-2006, 22.45.29
ho scaricato runalyzer ma non so cosa fare puoi aiutarmi? grazie

Bartimaeus
15-08-2006, 23.26.28
Sì, me ne ero resa conto, curiosando sul forum mi sono scaricata AVG, il quale ha trovato la bellezza di 9 virus sul pc. Dopodichè ho scaricati VirIT Explorer Lite 6.1.6, il quale ha trovato per ora la bellezza di 10 virus (sta ancora scansionando), di cui varie varianti di Trojan.Win32.Agent.SP e .SQ ed un bel BHO.MuchoCool.Q e 4 errori nel registro Per ora ho eliminato con Hijackthis i file che mi hai detto (non c'erano tutti dopo la prima scansione con l'antivirus). Appena ha finito riposterò il doc. A quanto pare Adult Key XXX non era il mio unico problema :P

Grazie ancora :)

Bartimaeus
16-08-2006, 00.36.08
Rieccomi, ho fatto una nuova scansione con l'antivirus e dice che è tutto scomparso, per sicurezza vi posto il nuovo log di hijackthis. L'unico problema che permane è che quando il sistema si avvia mi appare una finestra pop up che dice che è impossibile trovare il file SERVICES.EXE. Ho paura che sia stato cancellato un file di sistema :mm:
Grazie ancora per l'aiuto :)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\RunDll32.exe
C:\programmi\canon\qttask.exe
C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\WINDOWS\system32\netdde.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\clipsrv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\DOCUME~1\gina\IMPOST~1\Temp\Directory temporanea 4 per hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll

Bartimaeus
16-08-2006, 00.41.47
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Programmi\Macrogaming\SweetIMBarForIE\toolbar.d ll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\programmi\canon\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [ImInstaller_Magentic] C:\DOCUME~1\gina\IMPOST~1\Temp\ImInstaller\Magenti c\magentic_install[1].exe -startup -product Magentic -skip_dialog language
O4 - HKLM\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Programmi\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

prandot
16-08-2006, 07.42.33
sembrerebbe tutto a posto
per services, probabilmente in avvio é rimasto il richiamo al programma che é stato eliminato, che non era un programma di windows
ciao

crazy.cat
16-08-2006, 08.25.13
Rifai la scansione e metti il flag su queste righe e poi premi Fix
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\SERVICES.EXE
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,C:\WIND OWS\SERVICES.EXE

Dll molto sospette
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O4 - HKLM\..\Run: [VF0070 STISvc] RunDLL32.exe V0070Pin.dll,RunDLL32EP 513

Questo penso sia eliminabile, sembra un rimasuglio di qualche installazione
O4 - HKLM\..\Run: [ImInstaller_Magentic] C:\DOCUME~1\gina\IMPOST~1\Temp\ImInstaller\Magenti c\magentic_install[1].exe -startup -product Magentic -skip_dialog language

crazy.cat
16-08-2006, 08.26.29
Preferisco il log di hijackthis da quello di capisce quasi tutto e meglio

Flying Luka
16-08-2006, 10.22.02
Threads doppi. Uniti.

Bartimaeus
16-08-2006, 17.20.25
ho fatt quello che mi hai consigliato crazy.cat e quando ho finito mi si è aperto un certo EXPLORER.EXE che cercava di spedire delle mail senza testo in giro @_@

prandot
16-08-2006, 21.12.23
a questo punto penso sia meglio un bel format...

Lionsquid
17-08-2006, 12.01.27
rifai il log e postalo... l'eliminazione delle righe consigliate da crazy.cat non portano a problemi simili, piuttosto mi sembra che l'ospite sia in compagnia e sta cercando di sopravvivere
PS: il tuo explorer.exe che data ha e che versione è?? che SO hai installato?? hai effettuato l'update?? fino a quale KB??

astarte
28-08-2006, 14.57.57
salve a tutti,
sono incappata in questo forum perchè anche io ho questo problema di XXX ADULT KEY...
vi prego aiutatemi.

ho già fatto la scansioen con hijack e ho rimosso i file in rosso che il sito di hijack mi consigliava di togliere.
Ora quei file che hijack segnbala in rosso non ci sono più ma la maledetta finsetra di XXX ADULT KEY continua a esserci ancora!!!

Vi prego ditemi qualcosa, sto scrivendo la tesi su questo pc e ho paura che si mangi tutto...
vi posto l'attuale log di hijack, il sistema operativo eè win98... :-(

Logfile of HijackThis v1.99.1
Scan saved at 15.22.27, on 28/08/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM32\DRIVERS\KODAKCCS.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\IT\MSNAPPAU.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAMMI\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\WINDOWS\SYSTEM\SYSMON.EXE
C:\WINDOWS\ptsnoop.exe
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SYSFIND.EXE
C:\PROGRAMMI\KODAK\KODAK EASYSHARE SOFTWARE\BIN\EASYSHARE.EXE
C:\PROGRAMMI\KODAK\KODAK SOFTWARE UPDATER\7288971\PROGRAM\KODAK SOFTWARE UPDATER.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\ALICE TI AIUTA\BIN\MPBTN.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE
C:\PROGRAMMI\ALICE\ALICE ENTERNET\APP\ENTERNET.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE /Consumer
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [KodakCCS] C:\WINDOWS\System32\Drivers\KodakCCS.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\it\msnappau.exe"
O4 - HKLM\..\Run: [BearShare] "C:\PROGRAMMI\BEARSHARE\BEARSHARE.EXE" /pause
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HDAudio] C:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\SYSTEM\sysmon.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB918547] C:\WINDOWS\SYSTEM\KB918547\KB918547.EXE
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Startup: Kodak software updater.lnk = C:\Programmi\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: www.1987324.com
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/11a0417f2be56fe11517/netzip/RdxIE601_it.cab

crazy.cat
28-08-2006, 18.27.35
vi prego aiutatemi.
Devi cancellare questi file exe e con hijackthis le righe indicate.

C:\WINDOWS\SYSTEM\SYSFIND.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O4 - HKLM\..\Run: [lich] lich.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\SYSTEM\sysmon.exe
O15 - Trusted Zone: www.1987324.com

I file li puoi eliminare dal dos prima di avviare windows o dalla modalità provvisoria vedi come ti trovi meglio.

Lionsquid
29-08-2006, 00.00.57
Benvenuto, astarte (D)

crazy.cat ti ha già dato i suggerimenti giusti,... ti consiglio in aggiunta di leggerti tutto il thread poichè ci sono altri link e tools utili per combattere infezioni simili ;)

ciao

johnmyung86
02-09-2006, 17.23.40
WOW!!! :eek: Quando ho aperto questa discussione non pensavo che avrebbe avuto così tanto successo! Un consiglio per tutti quelli che hanno avuto il mio stesso problema e che adesso si stanno disperando: INSTALLATE LINUX!!!!!!!! :act: Come ho fatto io...
Gli altri sistemi operativi fanno aggiornamenti per migliorarsi, Windows li fa per la sicurezza... :mm: Non basta per convincervi?! ;)

Lionsquid
02-09-2006, 18.32.41
...cut...
Gli altri sistemi operativi fanno aggiornamenti per migliorarsi, Windows li fa per la sicurezza... :mm: Non basta per convincervi?! ;)


No, non basta!

Ho intrapreso la conoscenza delle varie distro linux tempo addietro... ma alla fine torno sempre a Win... sarà pigrizia... sarà perchè mi diverto comunque... boh! :D

g1aco
13-09-2006, 14.12.48
questo è quello che vi serve per darmi una mano?
Logfile of HijackThis v1.99.1
Scan saved at 14.18.03, on 13/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\autoclk.exe
c:\progra~1\intern~1\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ADSL\StarModem ADSL USB MODEM\dslmon.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sysmon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Computer\Desktop\hijackthis_199\HijackThi s.exe
C:\WINDOWS\system32\mmc.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe,nvinbios.exe,bidiadve.exe,olesw in.exe,nvwr0000.exe,cardshrm.exe,1252uota.exe,asct rcwp.exe,rdpsdgae.exe,kbdu_865.exe,scp3tkey.exe,ac ludmod.exe,cdoslbar.exe,1252filt.exe,sxsmevr.exe,n etesvrp.exe,proqh400.exe,dplaonfg.exe,ieak3x40.exe ,nvwrrbis.exe,$windeca.exe,msdarsde.exe,netmhelp.e xe,kbdttvid.exe,msscfg32.exe,pcloenr.exe,msgssnpn. exe,sceccons.exe,mibonfg.exe,ntmsa3d.exe,ncutlmon. exe,mouscoin.exe,mapixt32.exe,msstinst.exe,mdwmvwa v.exe,vbaibdno.exe,charhare.exe,mmcstlog.exe,batms rad.exe,inetroxy.exe,mslsconf.exe,kbdbsec6.exe,sor tbdbu.exe,poweat10.exe,ie4utnet.exe,msr2pgrd.exe,m fc4xbar.exe,lmrtdfrg.exe,cdfvpi32.exe,crypkman.exe ,clbkmba.exe,licwdraw.exe,fontsr2c.exe,evengapi.ex e,sbeietup.exe,locabase.exe,midifmon.exe,comrtmib. exe,win3ipto.exe,ntosdoff.exe,msnerint.exe,l_insap i.exe,c_87xml2.exe,nchtrsvc.exe,shmgpcl.exe,msor2s pl.exe,autolace.exe,browbdgr.exe,kbda110b.exe,ntma rsar.exe,perfjava.exe,asctetup.exe,divxaxui.exe,ws tpsext.exe,nwcxt32.exe,qedilist.exe,opendmoe.exe,n cht
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\System32\nvinbios.exe,C:\WINDOWS\System32\bidia dve.exe,C:\WINDOWS\System32\oleswin.exe,C:\WINDOWS \System32\nvwr0000.exe,C:\WINDOWS\System32\cardshr m.exe,C:\WINDOWS\System32\1252uota.exe,C:\WINDOWS\ System32\asctrcwp.exe,C:\WINDOWS\System32\rdpsdgae .exe,C:\WINDOWS\System32\kbdu_865.exe,C:\WINDOWS\S ystem32\scp3tkey.exe,C:\WINDOWS\System32\acludmod. exe,C:\WINDOWS\System32\cdoslbar.exe,C:\WINDOWS\Sy stem32\1252filt.exe,C:\WINDOWS\System32\sxsmevr.ex e,C:\WINDOWS\System32\netesvrp.exe,C:\WINDOWS\Syst em32\proqh400.exe,C:\WINDOWS\System32\dplaonfg.exe ,C:\WINDOWS\System32\ieak3x40.exe,C:\WINDOWS\Syste m32\nvwrrbis.exe,C:\WINDOWS\System32\$windeca.exe, C:\WINDOWS\System32\msdarsde.exe,C:\WINDOWS\System 32\netmhelp.exe,C:\WINDOWS\System32\kbdttvid.exe,C :\WINDOWS\System32\msscfg32.exe,C:\WINDOWS\System3 2\pcloenr.exe,C:\WINDOWS\System32\msgssnpn.exe,C:\ WINDOWS\System32\sceccons.exe,C:\WINDOWS\System32\ mibonfg.exe,C:\WINDOWS\System32\ntmsa3d.exe,C:\WIN DOW
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

g1aco
13-09-2006, 14.13.23
O2 - BHO: (no name) - {181A9F34-6366-CA38-0D05-1628F8591588} - C:\DOCUME~1\Computer\DATIAP~1\MEOWMU~1\size poll.exe
O2 - BHO: (no name) - {2176CF59-3025-4218-8573-7885DD9DE486} - C:\WINDOWS\System32\ytlbcjay.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O2 - BHO: CIEPl Object - {6BB18EFE-F2C7-457C-81FE-705757171FA0} - C:\WINDOWS\System32\service.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [remoteplatformchinsect] C:\Documents and Settings\All Users\Dati applicazioni\SETTINGS STYLE REMOTE PLATFORM\Bindactive.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\spoolsvc.exe
O4 - HKLM\..\Run: [Access Media] C:\WINDOWS\system32\c_10rand.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [More The] C:\DOCUME~1\Computer\DATIAP~1\GLOBAL~1\procaxis.ex e
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Access Media] C:\WINDOWS\system32\c_10rand.exe
O4 - Startup: PartMetBackup.lnk = C:\Programmi\Java\jre1.5.0_06\bin\javaw.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Programmi\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Programmi\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Programmi\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Programmi\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Programmi\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153560159578
O17 - HKLM\System\CCS\Services\Tcpip\..\{A5AF26BA-FB65-4595-9AA0-A65958A1DA5E}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: service - service.dll (file missing)
O21 - SSODL: WebControl Player - {C6B8480F-D4C6-4E2F-B298-0BFF87E86349} - C:\WINDOWS\system32\ati2kman.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\WINDOWS\System32\nvsvc32.exe (file missing)
attendo risposta...grazie

UG0_BOSS
13-09-2006, 14.29.44
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O2 - BHO: (no name) - {181A9F34-6366-CA38-0D05-1628F8591588} - C:\DOCUME~1\Computer\DATIAP~1\MEOWMU~1\size poll.exe


Questi non so cosa siano ma non mi piacciono, mi sa che in system32 hai l'intero database mondiale di virus...
F2 - REG:system.ini: Shell=Explorer.exe,nvinbios.exe,bidiadve.exe,olesw in.exe,nvwr0000.exe,cardshrm.exe,1252uota.exe,asct rcwp.exe,rdpsdgae.exe,kbdu_865.exe,scp3tkey.exe,ac ludmod.exe,cdoslbar.exe,1252filt.exe,sxsmevr.exe,n etesvrp.exe,proqh400.exe,dplaonfg.exe,ieak3x40.exe ,nvwrrbis.exe,$windeca.exe,msdarsde.exe,netmhelp.e xe,kbdttvid.exe,msscfg32.exe,pcloenr.exe,msgssnpn. exe,sceccons.exe,mibonfg.exe,ntmsa3d.exe,ncutlmon. exe,mouscoin.exe,mapixt32.exe,msstinst.exe,mdwmvwa v.exe,vbaibdno.exe,charhare.exe,mmcstlog.exe,batms rad.exe,inetroxy.exe,mslsconf.exe,kbdbsec6.exe,sor tbdbu.exe,poweat10.exe,ie4utnet.exe,msr2pgrd.exe,m fc4xbar.exe,lmrtdfrg.exe,cdfvpi32.exe,crypkman.exe ,clbkmba.exe,licwdraw.exe,fontsr2c.exe,evengapi.ex e,sbeietup.exe,locabase.exe,midifmon.exe,comrtmib. exe,win3ipto.exe,ntosdoff.exe,msnerint.exe,l_insap i.exe,c_87xml2.exe,nchtrsvc.exe,shmgpcl.exe,msor2s pl.exe,autolace.exe,browbdgr.exe,kbda110b.exe,ntma rsar.exe,perfjava.exe,asctetup.exe,divxaxui.exe,ws tpsext.exe,nwcxt32.exe,qedilist.exe,opendmoe.exe,n cht
2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDO WS\System32\nvinbios.exe,C:\WINDOWS\System32\bidia dve.exe,C:\WINDOWS\System32\oleswin.exe,C:\WINDOWS \System32\nvwr0000.exe,C:\WINDOWS\System32\cardshr m.exe,C:\WINDOWS\System32\1252uota.exe,C:\WINDOWS\ System32\asctrcwp.exe,C:\WINDOWS\System32\rdpsdgae .exe,C:\WINDOWS\System32\kbdu_865.exe,C:\WINDOWS\S ystem32\scp3tkey.exe,C:\WINDOWS\System32\acludmod. exe,C:\WINDOWS\System32\cdoslbar.exe,C:\WINDOWS\Sy stem32\1252filt.exe,C:\WINDOWS\System32\sxsmevr.ex e,C:\WINDOWS\System32\netesvrp.exe,C:\WINDOWS\Syst em32\proqh400.exe,C:\WINDOWS\System32\dplaonfg.exe ,C:\WINDOWS\System32\ieak3x40.exe,C:\WINDOWS\Syste m32\nvwrrbis.exe,C:\WINDOWS\System32\$windeca.exe, C:\WINDOWS\System32\msdarsde.exe,C:\WINDOWS\System 32\netmhelp.exe,C:\WINDOWS\System32\kbdttvid.exe,C :\WINDOWS\System32\msscfg32.exe,C:\WINDOWS\System3 2\pcloenr.exe,C:\WINDOWS\System32\msgssnpn.exe,C:\ WINDOWS\System32\sceccons.exe,C:\WINDOWS\System32\ mibonfg.exe,C:\WINDOWS\System32\ntmsa3d.exe,C:\WIN DOW


riprendiamo...

O2 - BHO: (no name) - {2176CF59-3025-4218-8573-7885DD9DE486} - C:\WINDOWS\System32\ytlbcjay.dll
O2 - BHO: CIEPl Object - {6BB18EFE-F2C7-457C-81FE-705757171FA0} - C:\WINDOWS\System32\service.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe
O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe
O4 - HKLM\..\Run: [remoteplatformchinsect] C:\Documents and Settings\All Users\Dati applicazioni\SETTINGS STYLE REMOTE PLATFORM\Bindactive.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [More The] C:\DOCUME~1\Computer\DATIAP~1\GLOBAL~1\procaxis.ex e
O4 - HKCU\..\Run: [autoclk] autoclk.exe
O4 - HKCU\..\Run: [Access Media] C:\WINDOWS\system32\c_10rand.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe (solo se non usi l'iPod)

Nell'elenco ho incluso voci che pur non essendo pericolose credo siano inutili e mangiarisorse. (aggirnamenti in background etc. etc.). Buona fortuna! :devil:

tommyangelo23
28-09-2006, 19.32.36
RAGAZZI MI SONO APPENA REGISTRATO...HO LO STESO PROBLEMA DI JOHN....VI POSSO POSTERE IL LOG DI HIJACKTHIS?VI PREGO AIUTATEMI

crazy.cat
28-09-2006, 19.53.00
RAGAZZI MI SONO APPENA REGISTRATO...HO LO STESO PROBLEMA DI JOHN....VI POSSO POSTERE IL LOG DI HIJACKTHIS?VI PREGO AIUTATEMI

Non solo puoi postarlo, ma devi farlo altrimenti non è possibile aiutarti.......la prossima volta non scrivere tutto in maiuscolo perchè equivale ad urlare.

railoca
04-10-2006, 18.27.36
Vi posto il mio log di hijack, ho il problema "adult key xxx" ma forse anche altri! fatemi sapre qualcosa, vi prego!

Logfile of HijackThis v1.99.1
Scan saved at 18.26.28, on 04/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\cisvc.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\DualPointUtility\TEDTray.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\Programmi\Toshiba\Toshiba Applet\tpwrsave.exe
C:\Programmi\Toshiba\Toshiba Applet\TMEPROP.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Documents and Settings\g-locatelli\Documenti\Lorenzo\hijackthis\HijackThis. exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [DpUtil] C:\Programmi\TOSHIBA\DualPointUtility\TEDTray.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TPWRSAVE] C:\Programmi\Toshiba\Toshiba Applet\tpwrsave.exe -S
O4 - HKLM\..\Run: [TMEPROP] C:\Programmi\Toshiba\Toshiba Applet\TMEPROP.exe -S
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\\spoolsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vecchioporco.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D61F537-AED4-4A11-8446-303E46E02716}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{60271A7C-6662-484C-BFCC-37AA4557D2E6}: NameServer = 193.70.192.25,193.70.152.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

Piledriver
04-10-2006, 20.28.30
allora:togli con hijackthis fixxando oppure fallo manualmente..

C:\WINDOWS\system32\spoolsvc.exe
C:\WINDOWS\system32\dcomcfg.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.1987324.com?301
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\system32\\spoolsvc.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D61F537-AED4-4A11-8446-303E46E02716}: NameServer = 193.70.192.25,193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{60271A7C-6662-484C-BFCC-37AA4557D2E6}: NameServer = 193.70.192.25,193.70.152.25