Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 8 su 8
  1. 12-09-2004, 22:18 #1
    bobix78
    bobix78 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2004
    Messaggi
    214

    Problemi di lentezza sospetti e log hijackthis

    Un mio amico sta avendo una marea di problemi col suo computer (tra i principali un'evidente lentezza e il fatto che internet explorer setta la pagina vuota come pagina principale). Gli ho fatto un log con HijackThis e lo posto qui. Qaulcuno saprebbe dirmi cosa devo fare?

    Logfile of HijackThis v1.98.2
    Scan saved at 19.32.20, on 12/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\MFCLS.EXE
    C:\WINDOWS\JAVAKJ32.EXE
    C:\WINDOWS\SYSTEM\D3QL.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SDKFC32.EXE
    C:\WINDOWS\MSON.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\SDKYQ32.EXE
    C:\WINDOWS\SYSCR.EXE
    C:\WINDOWS\ATLVN32.EXE
    C:\WINDOWS\APIKU32.EXE
    C:\WINDOWS\SYSTEM\APPXT32.EXE
    C:\WINDOWS\SYSTEM\NETWN.EXE
    C:\WINDOWS\ADDSN32.EXE
    C:\WINDOWS\JAVAQO.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\JAVAUE32.EXE
    C:\WINDOWS\IEXW32.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\SDKGY32.EXE
    C:\WINDOWS\ADDNE.EXE
    C:\WINDOWS\SYSTEM\WIFIDV.EXE
    C:\WINDOWS\D3LH.EXE
    C:\WINDOWS\SYSTEM\MFCHF.EXE
    C:\WINDOWS\SYSTEM\ROLG.EXE
    C:\WINDOWS\SYSTEM\CRBS32.EXE
    C:\WINDOWS\SYSTEM\D3QL.EXE
    C:\WINDOWS\SYSTEM\PSTORES.EXE
    C:\WINDOWS\SYSTEM\IPAO.EXE
    C:\WINDOWS\JAVAKJ32.EXE
    C:\WINDOWS\SYSTEM\IERS.EXE
    C:\PROGRAMMI\TINMESSENGER\TINMESSENGER.EXE
    C:\WINDOWS\WINZK32.EXE
    C:\WINDOWS\SYSTEM\NETTM.EXE
    C:\WINDOWS\ADDPI32.EXE
    C:\WINDOWS\SYSTEM\MFCPQ32.EXE
    C:\WINDOWS\SYSTEM\APILH.EXE
    C:\WINDOWS\SYSTEM\NTIT32.EXE
    C:\WINDOWS\SYSTEM\D3KN.EXE
    C:\WINDOWS\SYSTEM\IEEK32.EXE
    C:\WINDOWS\WINJA32.EXE
    C:\WINDOWS\ATLQQ32.EXE
    C:\WINDOWS\NTDB32.EXE
    C:\WINDOWS\NETUL.EXE
    C:\WINDOWS\SDKYJ32.EXE
    C:\WINDOWS\SYSTEM\CRWN32.EXE
    C:\WINDOWS\SYSTEM\D3WD32.EXE
    C:\WINDOWS\SYSTEM\ATLCU.EXE
    C:\WINDOWS\MSGQ.EXE
    C:\WINDOWS\JAVAYM.EXE
    C:\WINDOWS\APPVH.EXE
    C:\WINDOWS\SYSTEM\ATLBJ32.EXE
    C:\WINDOWS\SYSTEM\SDKEG32.EXE
    C:\WINDOWS\APPKQ32.EXE
    C:\WINDOWS\WINSL.EXE
    C:\WINDOWS\ADDSV32.EXE
    C:\WINDOWS\IPMQ32.EXE
    C:\WINDOWS\SYSTEM\MSVI32.EXE
    C:\WINDOWS\SYSTEM\IEHV.EXE
    C:\WINDOWS\SYSTEM\MSVQ32.EXE
    C:\WINDOWS\ADDBI32.EXE
    C:\WINDOWS\NETNY.EXE
    C:\WINDOWS\SYSTEM\ATLYK.EXE
    C:\WINDOWS\SYSTEM\WINFJ32.EXE
    C:\WINDOWS\D3HY.EXE
    C:\WINDOWS\SYSTEM\ATLJO.EXE
    C:\WINDOWS\SYSTEM\SDKJQ.EXE
    C:\WINDOWS\SDKAX32.EXE
    C:\WINDOWS\JAVAYI.EXE
    C:\WINDOWS\NTNI32.EXE
    C:\WINDOWS\SYSTZ.EXE
    C:\WINDOWS\SYSTEM\SDKMS.EXE
    C:\WINDOWS\SYSTEM\NETWA32.EXE
    C:\WINDOWS\ADDDZ.EXE
    C:\WINDOWS\SYSTEM\APIXE32.EXE
    C:\WINDOWS\APPCM32.EXE
    C:\WINDOWS\CRPC.EXE
    C:\WINDOWS\SYSTEM\NTNF.EXE
    C:\WINDOWS\APIEY32.EXE
    C:\WINDOWS\SYSTEM\MFCRP32.EXE
    C:\WINDOWS\SYSTEM\ADDUW.EXE
    C:\WINDOWS\SYSTEM\SDKPN32.EXE
    C:\WINDOWS\IPRT32.EXE
    C:\WINDOWS\MFCUZ.EXE
    C:\WINDOWS\SYSTEM\SPOOL32.EXE
    C:\WINDOWS\SAMSUNG\LASERSMMGR\SSMMGR.EXE
    C:\PROGRAMMI\SPYBOT - SEARCH & DESTROY\SPYBOTSD.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gqjuq.dll/sp.html#29126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {B02B1964-11BC-A8DE-0A5A-1B10D5D830D3} - C:\WINDOWS\APPAX.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] irmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SDKGY32.EXE] C:\WINDOWS\SYSTEM\SDKGY32.EXE
    O4 - HKLM\..\Run: [tunirxaltaydt] C:\WINDOWS\SYSTEM\wifidv.exe
    O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
    O4 - HKLM\..\Run: [D3TR.EXE] C:\WINDOWS\SYSTEM\D3TR.EXE
    O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [JAVAKJ32.EXE] C:\WINDOWS\JAVAKJ32.EXE
    O4 - HKLM\..\RunServices: [MFCLS.EXE] C:\WINDOWS\SYSTEM\MFCLS.EXE
    O4 - HKLM\..\RunServices: [D3QL.EXE] C:\WINDOWS\SYSTEM\D3QL.EXE
    O4 - HKLM\..\RunServices: [SDKFC32.EXE] C:\WINDOWS\SYSTEM\SDKFC32.EXE
    O4 - HKLM\..\RunServices: [MSON.EXE] C:\WINDOWS\MSON.EXE
    O4 - HKLM\..\RunServices: [SDKYQ32.EXE] C:\WINDOWS\SYSTEM\SDKYQ32.EXE
    O4 - HKLM\..\RunServices: [SYSCR.EXE] C:\WINDOWS\SYSCR.EXE
    O4 - HKLM\..\RunServices: [ATLVN32.EXE] C:\WINDOWS\ATLVN32.EXE
    O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\APIKU32.EXE
    O4 - HKLM\..\RunServices: [APPXT32.EXE] C:\WINDOWS\SYSTEM\APPXT32.EXE
    O4 - HKLM\..\RunServices: [NETWN.EXE] C:\WINDOWS\SYSTEM\NETWN.EXE
    O4 - HKLM\..\RunServices: [ADDSN32.EXE] C:\WINDOWS\ADDSN32.EXE
    O4 - HKLM\..\RunServices: [JAVAQO.EXE] C:\WINDOWS\JAVAQO.EXE
    O4 - HKLM\..\RunServices: [JAVAUE32.EXE] C:\WINDOWS\JAVAUE32.EXE
    O4 - HKLM\..\RunServices: [IEXW32.EXE] C:\WINDOWS\IEXW32.EXE
    O4 - HKLM\..\RunServices: [ADDNE.EXE] C:\WINDOWS\ADDNE.EXE
    O4 - HKLM\..\RunServices: [D3LH.EXE] C:\WINDOWS\D3LH.EXE
    O4 - HKLM\..\RunServices: [MFCHF.EXE] C:\WINDOWS\SYSTEM\MFCHF.EXE
    O4 - HKLM\..\RunServices: [CRBS32.EXE] C:\WINDOWS\SYSTEM\CRBS32.EXE
    O4 - HKLM\..\RunServices: [IPAO.EXE] C:\WINDOWS\SYSTEM\IPAO.EXE
    O4 - HKLM\..\RunServices: [IERS.EXE] C:\WINDOWS\SYSTEM\IERS.EXE
    O4 - HKLM\..\RunServices: [WINZK32.EXE] C:\WINDOWS\WINZK32.EXE
    O4 - HKLM\..\RunServices: [NETTM.EXE] C:\WINDOWS\SYSTEM\NETTM.EXE
    O4 - HKLM\..\RunServices: [ADDPI32.EXE] C:\WINDOWS\ADDPI32.EXE
    O4 - HKLM\..\RunServices: [MFCPQ32.EXE] C:\WINDOWS\SYSTEM\MFCPQ32.EXE
    O4 - HKLM\..\RunServices: [APILH.EXE] C:\WINDOWS\SYSTEM\APILH.EXE
    O4 - HKLM\..\RunServices: [NTIT32.EXE] C:\WINDOWS\SYSTEM\NTIT32.EXE
    O4 - HKLM\..\RunServices: [D3KN.EXE] C:\WINDOWS\SYSTEM\D3KN.EXE
    O4 - HKLM\..\RunServices: [IEEK32.EXE] C:\WINDOWS\SYSTEM\IEEK32.EXE
    O4 - HKLM\..\RunServices: [WINJA32.EXE] C:\WINDOWS\WINJA32.EXE
    O4 - HKLM\..\RunServices: [ATLQQ32.EXE] C:\WINDOWS\ATLQQ32.EXE
    O4 - HKLM\..\RunServices: [NTDB32.EXE] C:\WINDOWS\NTDB32.EXE
    O4 - HKLM\..\RunServices: [NETUL.EXE] C:\WINDOWS\NETUL.EXE
    O4 - HKLM\..\RunServices: [SDKYJ32.EXE] C:\WINDOWS\SDKYJ32.EXE
    O4 - HKLM\..\RunServices: [CRWN32.EXE] C:\WINDOWS\SYSTEM\CRWN32.EXE
    O4 - HKLM\..\RunServices: [D3WD32.EXE] C:\WINDOWS\SYSTEM\D3WD32.EXE
    O4 - HKLM\..\RunServices: [ATLCU.EXE] C:\WINDOWS\SYSTEM\ATLCU.EXE
    O4 - HKLM\..\RunServices: [MSGQ.EXE] C:\WINDOWS\MSGQ.EXE
    O4 - HKLM\..\RunServices: [JAVAYM.EXE] C:\WINDOWS\JAVAYM.EXE
    O4 - HKLM\..\RunServices: [APPVH.EXE] C:\WINDOWS\APPVH.EXE
    O4 - HKLM\..\RunServices: [ATLBJ32.EXE] C:\WINDOWS\SYSTEM\ATLBJ32.EXE
    O4 - HKLM\..\RunServices: [SDKEG32.EXE] C:\WINDOWS\SYSTEM\SDKEG32.EXE
    O4 - HKLM\..\RunServices: [APPKQ32.EXE] C:\WINDOWS\APPKQ32.EXE
    O4 - HKLM\..\RunServices: [WINSL.EXE] C:\WINDOWS\WINSL.EXE
    O4 - HKLM\..\RunServices: [ADDSV32.EXE] C:\WINDOWS\ADDSV32.EXE
    O4 - HKLM\..\RunServices: [IPMQ32.EXE] C:\WINDOWS\IPMQ32.EXE
    O4 - HKLM\..\RunServices: [MSVI32.EXE] C:\WINDOWS\SYSTEM\MSVI32.EXE
    O4 - HKLM\..\RunServices: [IEHV.EXE] C:\WINDOWS\SYSTEM\IEHV.EXE
    O4 - HKLM\..\RunServices: [MSVQ32.EXE] C:\WINDOWS\SYSTEM\MSVQ32.EXE
    O4 - HKLM\..\RunServices: [ADDBI32.EXE] C:\WINDOWS\ADDBI32.EXE
    O4 - HKLM\..\RunServices: [NETNY.EXE] C:\WINDOWS\NETNY.EXE
    O4 - HKLM\..\RunServices: [ATLYK.EXE] C:\WINDOWS\SYSTEM\ATLYK.EXE
    O4 - HKLM\..\RunServices: [WINFJ32.EXE] C:\WINDOWS\SYSTEM\WINFJ32.EXE
    O4 - HKLM\..\RunServices: [D3HY.EXE] C:\WINDOWS\D3HY.EXE
    O4 - HKLM\..\RunServices: [ATLJO.EXE] C:\WINDOWS\SYSTEM\ATLJO.EXE
    O4 - HKLM\..\RunServices: [SDKJQ.EXE] C:\WINDOWS\SYSTEM\SDKJQ.EXE
    O4 - HKLM\..\RunServices: [SDKAX32.EXE] C:\WINDOWS\SDKAX32.EXE
    O4 - HKLM\..\RunServices: [JAVAYI.EXE] C:\WINDOWS\JAVAYI.EXE
    O4 - HKLM\..\RunServices: [NTNI32.EXE] C:\WINDOWS\NTNI32.EXE
    O4 - HKLM\..\RunServices: [SYSTZ.EXE] C:\WINDOWS\SYSTZ.EXE
    O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
    O4 - HKLM\..\RunServices: [NETWA32.EXE] C:\WINDOWS\SYSTEM\NETWA32.EXE
    O4 - HKLM\..\RunServices: [ADDDZ.EXE] C:\WINDOWS\ADDDZ.EXE
    O4 - HKLM\..\RunServices: [APIXE32.EXE] C:\WINDOWS\SYSTEM\APIXE32.EXE
    O4 - HKLM\..\RunServices: [APPCM32.EXE] C:\WINDOWS\APPCM32.EXE
    O4 - HKLM\..\RunServices: [CRPC.EXE] C:\WINDOWS\CRPC.EXE
    O4 - HKLM\..\RunServices: [NTNF.EXE] C:\WINDOWS\SYSTEM\NTNF.EXE
    O4 - HKLM\..\RunServices: [APIEY32.EXE] C:\WINDOWS\APIEY32.EXE
    O4 - HKLM\..\RunServices: [MFCRP32.EXE] C:\WINDOWS\SYSTEM\MFCRP32.EXE
    O4 - HKLM\..\RunServices: [ADDUW.EXE] C:\WINDOWS\SYSTEM\ADDUW.EXE
    O4 - HKLM\..\RunServices: [SDKPN32.EXE] C:\WINDOWS\SYSTEM\SDKPN32.EXE
    O4 - HKLM\..\RunServices: [IPRT32.EXE] C:\WINDOWS\IPRT32.EXE
    O4 - HKLM\..\RunServices: [MFCUZ.EXE] C:\WINDOWS\MFCUZ.EXE
    O4 - HKCU\..\Run: [Srj] C:\WINDOWS\SYSTEM\rolg.exe
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: C6 Client.LNK = C:\Programmi\TinMessenger\TinMessenger.exe
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAMMI\SIDEFIND\SIDEFIND.DLL
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.clickspring.net
    O15 - Trusted Zone: *.blazefind.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.flingstone.com
    O15 - Trusted Zone: *.slotch.com
    O15 - Trusted Zone: *.xxxtoolbar.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O15 - Trusted Zone: *.searchbarcash.com
    O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab
    O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL
    Rispondi quotando Rispondi quotando
  2. 13-09-2004, 00:28 #2
    Cesar
    Cesar non è in linea
    Moderatore di Annunci siti web L'avatar di Cesar
    Registrato dal
    Dec 2001
    Messaggi
    3,446
    http://hijackthis.de/index.php?langselect=english

    Rispondi quotando Rispondi quotando
  3. 13-09-2004, 01:06 #3
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Non so più come scriverlo che l'analisi fatta servendosi di
    http://hijackthis.de/index.php?langselect=italian
    non è per nulla attendibile, anzi.
    Secondo il risultato dell'analisi nel log ci sarebbero qualcosa come (unità più, unità meno) 50 processi sconosciuti. Peccato che siano tutti processi riconducibili ad una rimozione errata di un hijacker il quale colloca in RunServices una serie di processi con nome random. E poi che dire della .dll MSOPT (ultimo valore) dato come "Probabilmente sicuro", peccato sia una .dll che viene collocata dal TROJ_SMALL.KQ

    Scaricati questi programmi
    sphjfix mettilo all'interno di una nuova cartella.
    AdAware Se 1.04
    CWShredder 1.59.1
    Una volta scaricati questi programmi, non fare più connettere ad internet quel pc finchè non sono stati rimossi tutti i valori.
    apri sphjfix e clicca su "Desinfektion starten"
    riavvia il pc e ripeti l'operazione.
    Riavvia in modalità provvisoria, apri AdAware e fai una scansione completa, elimina tutto quello che d'infetto viene trovato.
    Sempre dalla provvisoria apri CWShredder e clicca su Fix.
    Riavvia in mod. normale fai una nuova scansione con HJT e posta il log
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  4. 13-09-2004, 13:54 #4
    bobix78
    bobix78 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2004
    Messaggi
    214
    Originariamente inviato da amvinfe
    Non so più come scriverlo che l'analisi fatta servendosi di
    http://hijackthis.de/index.php?langselect=italian
    non è per nulla attendibile, anzi.
    Secondo il risultato dell'analisi nel log ci sarebbero qualcosa come (unità più, unità meno) 50 processi sconosciuti. Peccato che siano tutti processi riconducibili ad una rimozione errata di un hijacker il quale colloca in RunServices una serie di processi con nome random. E poi che dire della .dll MSOPT (ultimo valore) dato come "Probabilmente sicuro", peccato sia una .dll che viene collocata dal TROJ_SMALL.KQ

    Scaricati questi programmi
    sphjfix mettilo all'interno di una nuova cartella.
    AdAware Se 1.04
    CWShredder 1.59.1
    Una volta scaricati questi programmi, non fare più connettere ad internet quel pc finchè non sono stati rimossi tutti i valori.
    apri sphjfix e clicca su "Desinfektion starten"
    riavvia il pc e ripeti l'operazione.
    Riavvia in modalità provvisoria, apri AdAware e fai una scansione completa, elimina tutto quello che d'infetto viene trovato.
    Sempre dalla provvisoria apri CWShredder e clicca su Fix.
    Riavvia in mod. normale fai una nuova scansione con HJT e posta il log
    Il link di sphjfix non funziona in quanto mi manda ad una pagina di errore
    Rispondi quotando Rispondi quotando
  5. 14-09-2004, 00:25 #5
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    sphjfix

    ricordati di eseguire tutte le procedure e di non far connetere quel pc prima d'aver terminato le procedure di rimozione.
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  6. 14-09-2004, 10:12 #6
    bobix78
    bobix78 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2004
    Messaggi
    214
    ok grazie; appena rivedo il mio amico eseguo le operazioni descritte
    Rispondi quotando Rispondi quotando
  7. 21-09-2004, 23:32 #7
    bobix78
    bobix78 non è in linea
    Utente di HTML.it
    Registrato dal
    Mar 2004
    Messaggi
    214
    Logfile of HijackThis v1.98.2
    Scan saved at 20.55.59, on 21/09/2004
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v5.50 (5.50.4134.0100)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\IRMON.EXE
    C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SAMSUNG\LASERSMMGR\SSMMGR.EXE
    C:\PROGRAMMI\TINMESSENGER\TINMESSENGER.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Class - {4253994F-6825-77D6-AEE7-F03BCB81423C} - C:\WINDOWS\APIFO32.DLL
    O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [IrMon] irmon.exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Samsung LBP SM] "C:\WINDOWS\Samsung\LaserSMMgr\ssmmgr.exe" /autorun
    O4 - HKLM\..\Run: [NTWY32.EXE] C:\WINDOWS\NTWY32.EXE
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
    O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
    O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
    O4 - HKLM\..\RunServices: [JAVAKJ32.EXE] C:\WINDOWS\JAVAKJ32.EXE
    O4 - HKLM\..\RunServices: [MFCLS.EXE] C:\WINDOWS\SYSTEM\MFCLS.EXE
    O4 - HKLM\..\RunServices: [D3QL.EXE] C:\WINDOWS\SYSTEM\D3QL.EXE
    O4 - HKLM\..\RunServices: [SDKFC32.EXE] C:\WINDOWS\SYSTEM\SDKFC32.EXE
    O4 - HKLM\..\RunServices: [MSON.EXE] C:\WINDOWS\MSON.EXE
    O4 - HKLM\..\RunServices: [SDKYQ32.EXE] C:\WINDOWS\SYSTEM\SDKYQ32.EXE
    O4 - HKLM\..\RunServices: [SYSCR.EXE] C:\WINDOWS\SYSCR.EXE
    O4 - HKLM\..\RunServices: [ATLVN32.EXE] C:\WINDOWS\ATLVN32.EXE
    O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\APIKU32.EXE
    O4 - HKLM\..\RunServices: [APPXT32.EXE] C:\WINDOWS\SYSTEM\APPXT32.EXE
    O4 - HKLM\..\RunServices: [NETWN.EXE] C:\WINDOWS\SYSTEM\NETWN.EXE
    O4 - HKLM\..\RunServices: [ADDSN32.EXE] C:\WINDOWS\ADDSN32.EXE
    O4 - HKLM\..\RunServices: [JAVAQO.EXE] C:\WINDOWS\JAVAQO.EXE
    O4 - HKLM\..\RunServices: [JAVAUE32.EXE] C:\WINDOWS\JAVAUE32.EXE
    O4 - HKLM\..\RunServices: [IEXW32.EXE] C:\WINDOWS\IEXW32.EXE
    O4 - HKLM\..\RunServices: [ADDNE.EXE] C:\WINDOWS\ADDNE.EXE
    O4 - HKLM\..\RunServices: [D3LH.EXE] C:\WINDOWS\D3LH.EXE
    O4 - HKLM\..\RunServices: [MFCHF.EXE] C:\WINDOWS\SYSTEM\MFCHF.EXE
    O4 - HKLM\..\RunServices: [CRBS32.EXE] C:\WINDOWS\SYSTEM\CRBS32.EXE
    O4 - HKLM\..\RunServices: [IPAO.EXE] C:\WINDOWS\SYSTEM\IPAO.EXE
    O4 - HKLM\..\RunServices: [IERS.EXE] C:\WINDOWS\SYSTEM\IERS.EXE
    O4 - HKLM\..\RunServices: [WINZK32.EXE] C:\WINDOWS\WINZK32.EXE
    O4 - HKLM\..\RunServices: [NETTM.EXE] C:\WINDOWS\SYSTEM\NETTM.EXE
    O4 - HKLM\..\RunServices: [ADDPI32.EXE] C:\WINDOWS\ADDPI32.EXE
    O4 - HKLM\..\RunServices: [MFCPQ32.EXE] C:\WINDOWS\SYSTEM\MFCPQ32.EXE
    O4 - HKLM\..\RunServices: [APILH.EXE] C:\WINDOWS\SYSTEM\APILH.EXE
    O4 - HKLM\..\RunServices: [NTIT32.EXE] C:\WINDOWS\SYSTEM\NTIT32.EXE
    O4 - HKLM\..\RunServices: [D3KN.EXE] C:\WINDOWS\SYSTEM\D3KN.EXE
    O4 - HKLM\..\RunServices: [IEEK32.EXE] C:\WINDOWS\SYSTEM\IEEK32.EXE
    O4 - HKLM\..\RunServices: [WINJA32.EXE] C:\WINDOWS\WINJA32.EXE
    O4 - HKLM\..\RunServices: [ATLQQ32.EXE] C:\WINDOWS\ATLQQ32.EXE
    O4 - HKLM\..\RunServices: [NTDB32.EXE] C:\WINDOWS\NTDB32.EXE
    O4 - HKLM\..\RunServices: [NETUL.EXE] C:\WINDOWS\NETUL.EXE
    O4 - HKLM\..\RunServices: [SDKYJ32.EXE] C:\WINDOWS\SDKYJ32.EXE
    O4 - HKLM\..\RunServices: [CRWN32.EXE] C:\WINDOWS\SYSTEM\CRWN32.EXE
    O4 - HKLM\..\RunServices: [D3WD32.EXE] C:\WINDOWS\SYSTEM\D3WD32.EXE
    O4 - HKLM\..\RunServices: [ATLCU.EXE] C:\WINDOWS\SYSTEM\ATLCU.EXE
    O4 - HKLM\..\RunServices: [MSGQ.EXE] C:\WINDOWS\MSGQ.EXE
    O4 - HKLM\..\RunServices: [JAVAYM.EXE] C:\WINDOWS\JAVAYM.EXE
    O4 - HKLM\..\RunServices: [APPVH.EXE] C:\WINDOWS\APPVH.EXE
    O4 - HKLM\..\RunServices: [ATLBJ32.EXE] C:\WINDOWS\SYSTEM\ATLBJ32.EXE
    O4 - HKLM\..\RunServices: [SDKEG32.EXE] C:\WINDOWS\SYSTEM\SDKEG32.EXE
    O4 - HKLM\..\RunServices: [APPKQ32.EXE] C:\WINDOWS\APPKQ32.EXE
    O4 - HKLM\..\RunServices: [WINSL.EXE] C:\WINDOWS\WINSL.EXE
    O4 - HKLM\..\RunServices: [ADDSV32.EXE] C:\WINDOWS\ADDSV32.EXE
    O4 - HKLM\..\RunServices: [IPMQ32.EXE] C:\WINDOWS\IPMQ32.EXE
    O4 - HKLM\..\RunServices: [MSVI32.EXE] C:\WINDOWS\SYSTEM\MSVI32.EXE
    O4 - HKLM\..\RunServices: [IEHV.EXE] C:\WINDOWS\SYSTEM\IEHV.EXE
    O4 - HKLM\..\RunServices: [MSVQ32.EXE] C:\WINDOWS\SYSTEM\MSVQ32.EXE
    O4 - HKLM\..\RunServices: [ADDBI32.EXE] C:\WINDOWS\ADDBI32.EXE
    O4 - HKLM\..\RunServices: [NETNY.EXE] C:\WINDOWS\NETNY.EXE
    O4 - HKLM\..\RunServices: [ATLYK.EXE] C:\WINDOWS\SYSTEM\ATLYK.EXE
    O4 - HKLM\..\RunServices: [WINFJ32.EXE] C:\WINDOWS\SYSTEM\WINFJ32.EXE
    O4 - HKLM\..\RunServices: [D3HY.EXE] C:\WINDOWS\D3HY.EXE
    O4 - HKLM\..\RunServices: [ATLJO.EXE] C:\WINDOWS\SYSTEM\ATLJO.EXE
    O4 - HKLM\..\RunServices: [SDKJQ.EXE] C:\WINDOWS\SYSTEM\SDKJQ.EXE
    O4 - HKLM\..\RunServices: [SDKAX32.EXE] C:\WINDOWS\SDKAX32.EXE
    O4 - HKLM\..\RunServices: [JAVAYI.EXE] C:\WINDOWS\JAVAYI.EXE
    O4 - HKLM\..\RunServices: [NTNI32.EXE] C:\WINDOWS\NTNI32.EXE
    O4 - HKLM\..\RunServices: [SYSTZ.EXE] C:\WINDOWS\SYSTZ.EXE
    O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
    O4 - HKLM\..\RunServices: [NETWA32.EXE] C:\WINDOWS\SYSTEM\NETWA32.EXE
    O4 - HKLM\..\RunServices: [ADDDZ.EXE] C:\WINDOWS\ADDDZ.EXE
    O4 - HKLM\..\RunServices: [APIXE32.EXE] C:\WINDOWS\SYSTEM\APIXE32.EXE
    O4 - HKLM\..\RunServices: [APPCM32.EXE] C:\WINDOWS\APPCM32.EXE
    O4 - HKLM\..\RunServices: [CRPC.EXE] C:\WINDOWS\CRPC.EXE
    O4 - HKLM\..\RunServices: [NTNF.EXE] C:\WINDOWS\SYSTEM\NTNF.EXE
    O4 - HKLM\..\RunServices: [APIEY32.EXE] C:\WINDOWS\APIEY32.EXE
    O4 - HKLM\..\RunServices: [MFCRP32.EXE] C:\WINDOWS\SYSTEM\MFCRP32.EXE
    O4 - HKLM\..\RunServices: [ADDUW.EXE] C:\WINDOWS\SYSTEM\ADDUW.EXE
    O4 - HKLM\..\RunServices: [SDKPN32.EXE] C:\WINDOWS\SYSTEM\SDKPN32.EXE
    O4 - HKLM\..\RunServices: [IPRT32.EXE] C:\WINDOWS\IPRT32.EXE
    O4 - HKLM\..\RunServices: [MFCUZ.EXE] C:\WINDOWS\MFCUZ.EXE
    O4 - HKLM\..\RunServices: [NETOH32.EXE] C:\WINDOWS\SYSTEM\NETOH32.EXE
    O4 - HKLM\..\RunServices: [MFCVE.EXE] C:\WINDOWS\MFCVE.EXE
    O4 - HKLM\..\RunServices: [SDKFD32.EXE] C:\WINDOWS\SDKFD32.EXE
    O4 - HKLM\..\RunServices: [WINTS.EXE] C:\WINDOWS\WINTS.EXE
    O4 - HKLM\..\RunServices: [MSTB32.EXE] C:\WINDOWS\SYSTEM\MSTB32.EXE
    O4 - HKLM\..\RunServices: [APIOM32.EXE] C:\WINDOWS\APIOM32.EXE
    O4 - HKLM\..\RunServices: [APPUY.EXE] C:\WINDOWS\APPUY.EXE
    O4 - HKLM\..\RunServices: [APPTC.EXE] C:\WINDOWS\APPTC.EXE
    O4 - HKLM\..\RunServices: [SDKMC32.EXE] C:\WINDOWS\SDKMC32.EXE
    O4 - HKLM\..\RunServices: [MSEI.EXE] C:\WINDOWS\MSEI.EXE
    O4 - HKLM\..\RunServices: [MFCDH32.EXE] C:\WINDOWS\SYSTEM\MFCDH32.EXE
    O4 - HKLM\..\RunServices: [NTSQ32.EXE] C:\WINDOWS\SYSTEM\NTSQ32.EXE
    O4 - HKLM\..\RunServices: [MFCRE32.EXE] C:\WINDOWS\MFCRE32.EXE
    O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: C6 Client.LNK = C:\Programmi\TinMessenger\TinMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_fi...a29296baabe1d6
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file)

    Quando ho eseguito adaware il programma si blocca quando bisogna cancellare i file sospetti
    Rispondi quotando Rispondi quotando
  8. 22-09-2004, 01:58 #8
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    adaware probabilmente è stato corrotto dalla variante CoolWebSearch (quella con cui il pc del tuo amico è infetto).

    Scaricati la nuova versione di AdAware SE Personal, la 1.05. E' scaricabile dallo stesso URL.
    Inoltre scaricati AboutBuster ti servirà dopo, estrai il contenuto in una nuova cartella che chiamerai, ad es., AB
    1- lancia sphjfix (dev'essere all'interno di una nuova cartella)
    clicca su "Desinfektion starten"
    riavvia il pc e ripeti l'operazione.
    2- Riavvia in modalità provvisoria
    3- Apri HJT, fai lo scan metti la spunta al fianco dei valori e clicca su Fix cheched

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\zyfhk.dll/sp.html#29126
    R3 - Default URLSearchHook is missing
    O2 - BHO: Class - {4253994F-6825-77D6-AEE7-F03BCB81423C} - C:\WINDOWS\APIFO32.DLL
    O4 - HKLM\..\Run: [NTWY32.EXE] C:\WINDOWS\NTWY32.EXE
    O4 - HKLM\..\RunServices: [JAVAKJ32.EXE] C:\WINDOWS\JAVAKJ32.EXE
    O4 - HKLM\..\RunServices: [MFCLS.EXE] C:\WINDOWS\SYSTEM\MFCLS.EXE
    O4 - HKLM\..\RunServices: [D3QL.EXE] C:\WINDOWS\SYSTEM\D3QL.EXE
    O4 - HKLM\..\RunServices: [SDKFC32.EXE] C:\WINDOWS\SYSTEM\SDKFC32.EXE
    O4 - HKLM\..\RunServices: [MSON.EXE] C:\WINDOWS\MSON.EXE
    O4 - HKLM\..\RunServices: [SDKYQ32.EXE] C:\WINDOWS\SYSTEM\SDKYQ32.EXE
    O4 - HKLM\..\RunServices: [SYSCR.EXE] C:\WINDOWS\SYSCR.EXE
    O4 - HKLM\..\RunServices: [ATLVN32.EXE] C:\WINDOWS\ATLVN32.EXE
    O4 - HKLM\..\RunServices: [APIKU32.EXE] C:\WINDOWS\APIKU32.EXE
    O4 - HKLM\..\RunServices: [APPXT32.EXE] C:\WINDOWS\SYSTEM\APPXT32.EXE
    O4 - HKLM\..\RunServices: [NETWN.EXE] C:\WINDOWS\SYSTEM\NETWN.EXE
    O4 - HKLM\..\RunServices: [ADDSN32.EXE] C:\WINDOWS\ADDSN32.EXE
    O4 - HKLM\..\RunServices: [JAVAQO.EXE] C:\WINDOWS\JAVAQO.EXE
    O4 - HKLM\..\RunServices: [JAVAUE32.EXE] C:\WINDOWS\JAVAUE32.EXE
    O4 - HKLM\..\RunServices: [IEXW32.EXE] C:\WINDOWS\IEXW32.EXE
    O4 - HKLM\..\RunServices: [ADDNE.EXE] C:\WINDOWS\ADDNE.EXE
    O4 - HKLM\..\RunServices: [D3LH.EXE] C:\WINDOWS\D3LH.EXE
    O4 - HKLM\..\RunServices: [MFCHF.EXE] C:\WINDOWS\SYSTEM\MFCHF.EXE
    O4 - HKLM\..\RunServices: [CRBS32.EXE] C:\WINDOWS\SYSTEM\CRBS32.EXE
    O4 - HKLM\..\RunServices: [IPAO.EXE] C:\WINDOWS\SYSTEM\IPAO.EXE
    O4 - HKLM\..\RunServices: [IERS.EXE] C:\WINDOWS\SYSTEM\IERS.EXE
    O4 - HKLM\..\RunServices: [WINZK32.EXE] C:\WINDOWS\WINZK32.EXE
    O4 - HKLM\..\RunServices: [NETTM.EXE] C:\WINDOWS\SYSTEM\NETTM.EXE
    O4 - HKLM\..\RunServices: [ADDPI32.EXE] C:\WINDOWS\ADDPI32.EXE
    O4 - HKLM\..\RunServices: [MFCPQ32.EXE] C:\WINDOWS\SYSTEM\MFCPQ32.EXE
    O4 - HKLM\..\RunServices: [APILH.EXE] C:\WINDOWS\SYSTEM\APILH.EXE
    O4 - HKLM\..\RunServices: [NTIT32.EXE] C:\WINDOWS\SYSTEM\NTIT32.EXE
    O4 - HKLM\..\RunServices: [D3KN.EXE] C:\WINDOWS\SYSTEM\D3KN.EXE
    O4 - HKLM\..\RunServices: [IEEK32.EXE] C:\WINDOWS\SYSTEM\IEEK32.EXE
    O4 - HKLM\..\RunServices: [WINJA32.EXE] C:\WINDOWS\WINJA32.EXE
    O4 - HKLM\..\RunServices: [ATLQQ32.EXE] C:\WINDOWS\ATLQQ32.EXE
    O4 - HKLM\..\RunServices: [NTDB32.EXE] C:\WINDOWS\NTDB32.EXE
    O4 - HKLM\..\RunServices: [NETUL.EXE] C:\WINDOWS\NETUL.EXE
    O4 - HKLM\..\RunServices: [SDKYJ32.EXE] C:\WINDOWS\SDKYJ32.EXE
    O4 - HKLM\..\RunServices: [CRWN32.EXE] C:\WINDOWS\SYSTEM\CRWN32.EXE
    O4 - HKLM\..\RunServices: [D3WD32.EXE] C:\WINDOWS\SYSTEM\D3WD32.EXE
    O4 - HKLM\..\RunServices: [ATLCU.EXE] C:\WINDOWS\SYSTEM\ATLCU.EXE
    O4 - HKLM\..\RunServices: [MSGQ.EXE] C:\WINDOWS\MSGQ.EXE
    O4 - HKLM\..\RunServices: [JAVAYM.EXE] C:\WINDOWS\JAVAYM.EXE
    O4 - HKLM\..\RunServices: [APPVH.EXE] C:\WINDOWS\APPVH.EXE
    O4 - HKLM\..\RunServices: [ATLBJ32.EXE] C:\WINDOWS\SYSTEM\ATLBJ32.EXE
    O4 - HKLM\..\RunServices: [SDKEG32.EXE] C:\WINDOWS\SYSTEM\SDKEG32.EXE
    O4 - HKLM\..\RunServices: [APPKQ32.EXE] C:\WINDOWS\APPKQ32.EXE
    O4 - HKLM\..\RunServices: [WINSL.EXE] C:\WINDOWS\WINSL.EXE
    O4 - HKLM\..\RunServices: [ADDSV32.EXE] C:\WINDOWS\ADDSV32.EXE
    O4 - HKLM\..\RunServices: [IPMQ32.EXE] C:\WINDOWS\IPMQ32.EXE
    O4 - HKLM\..\RunServices: [MSVI32.EXE] C:\WINDOWS\SYSTEM\MSVI32.EXE
    O4 - HKLM\..\RunServices: [IEHV.EXE] C:\WINDOWS\SYSTEM\IEHV.EXE
    O4 - HKLM\..\RunServices: [MSVQ32.EXE] C:\WINDOWS\SYSTEM\MSVQ32.EXE
    O4 - HKLM\..\RunServices: [ADDBI32.EXE] C:\WINDOWS\ADDBI32.EXE
    O4 - HKLM\..\RunServices: [NETNY.EXE] C:\WINDOWS\NETNY.EXE
    O4 - HKLM\..\RunServices: [ATLYK.EXE] C:\WINDOWS\SYSTEM\ATLYK.EXE
    O4 - HKLM\..\RunServices: [WINFJ32.EXE] C:\WINDOWS\SYSTEM\WINFJ32.EXE
    O4 - HKLM\..\RunServices: [D3HY.EXE] C:\WINDOWS\D3HY.EXE
    O4 - HKLM\..\RunServices: [ATLJO.EXE] C:\WINDOWS\SYSTEM\ATLJO.EXE
    O4 - HKLM\..\RunServices: [SDKJQ.EXE] C:\WINDOWS\SYSTEM\SDKJQ.EXE
    O4 - HKLM\..\RunServices: [SDKAX32.EXE] C:\WINDOWS\SDKAX32.EXE
    O4 - HKLM\..\RunServices: [JAVAYI.EXE] C:\WINDOWS\JAVAYI.EXE
    O4 - HKLM\..\RunServices: [NTNI32.EXE] C:\WINDOWS\NTNI32.EXE
    O4 - HKLM\..\RunServices: [SYSTZ.EXE] C:\WINDOWS\SYSTZ.EXE
    O4 - HKLM\..\RunServices: [SDKMS.EXE] C:\WINDOWS\SYSTEM\SDKMS.EXE
    O4 - HKLM\..\RunServices: [NETWA32.EXE] C:\WINDOWS\SYSTEM\NETWA32.EXE
    O4 - HKLM\..\RunServices: [ADDDZ.EXE] C:\WINDOWS\ADDDZ.EXE
    O4 - HKLM\..\RunServices: [APIXE32.EXE] C:\WINDOWS\SYSTEM\APIXE32.EXE
    O4 - HKLM\..\RunServices: [APPCM32.EXE] C:\WINDOWS\APPCM32.EXE
    O4 - HKLM\..\RunServices: [CRPC.EXE] C:\WINDOWS\CRPC.EXE
    O4 - HKLM\..\RunServices: [NTNF.EXE] C:\WINDOWS\SYSTEM\NTNF.EXE
    O4 - HKLM\..\RunServices: [APIEY32.EXE] C:\WINDOWS\APIEY32.EXE
    O4 - HKLM\..\RunServices: [MFCRP32.EXE] C:\WINDOWS\SYSTEM\MFCRP32.EXE
    O4 - HKLM\..\RunServices: [ADDUW.EXE] C:\WINDOWS\SYSTEM\ADDUW.EXE
    O4 - HKLM\..\RunServices: [SDKPN32.EXE] C:\WINDOWS\SYSTEM\SDKPN32.EXE
    O4 - HKLM\..\RunServices: [IPRT32.EXE] C:\WINDOWS\IPRT32.EXE
    O4 - HKLM\..\RunServices: [MFCUZ.EXE] C:\WINDOWS\MFCUZ.EXE
    O4 - HKLM\..\RunServices: [NETOH32.EXE] C:\WINDOWS\SYSTEM\NETOH32.EXE
    O4 - HKLM\..\RunServices: [MFCVE.EXE] C:\WINDOWS\MFCVE.EXE
    O4 - HKLM\..\RunServices: [SDKFD32.EXE] C:\WINDOWS\SDKFD32.EXE
    O4 - HKLM\..\RunServices: [WINTS.EXE] C:\WINDOWS\WINTS.EXE
    O4 - HKLM\..\RunServices: [MSTB32.EXE] C:\WINDOWS\SYSTEM\MSTB32.EXE
    O4 - HKLM\..\RunServices: [APIOM32.EXE] C:\WINDOWS\APIOM32.EXE
    O4 - HKLM\..\RunServices: [APPUY.EXE] C:\WINDOWS\APPUY.EXE
    O4 - HKLM\..\RunServices: [APPTC.EXE] C:\WINDOWS\APPTC.EXE
    O4 - HKLM\..\RunServices: [SDKMC32.EXE] C:\WINDOWS\SDKMC32.EXE
    O4 - HKLM\..\RunServices: [MSEI.EXE] C:\WINDOWS\MSEI.EXE
    O4 - HKLM\..\RunServices: [MFCDH32.EXE] C:\WINDOWS\SYSTEM\MFCDH32.EXE
    O4 - HKLM\..\RunServices: [NTSQ32.EXE] C:\WINDOWS\SYSTEM\NTSQ32.EXE
    O4 - HKLM\..\RunServices: [MFCRE32.EXE] C:\WINDOWS\MFCRE32.EXE
    O15 - Trusted Zone: *.05p.com
    O15 - Trusted Zone: *.searchmiracle.com
    O15 - Trusted Zone: *.mt-download.com
    O15 - Trusted Zone: *.my-internet.info
    O15 - Trusted Zone: *.scoobidoo.com
    O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_f...8a29296baabe1d6
    O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - (no file

    4- Sempre dalla provvisoria elimina, se presenti i files


    C:\WINDOWS\APIFO32.DLL
    C:\WINDOWS\NTWY32.EXE
    C:\WINDOWS\JAVAKJ32.EXE
    C:\WINDOWS\SYSTEM\MFCLS.EXE
    C:\WINDOWS\SYSTEM\D3QL.EXE
    C:\WINDOWS\SYSTEM\SDKFC32.EXE
    C:\WINDOWS\MSON.EXE
    C:\WINDOWS\SYSTEM\SDKYQ32.EXE
    C:\WINDOWS\SYSCR.EXE
    C:\WINDOWS\ATLVN32.EXE
    C:\WINDOWS\APIKU32.EXE
    C:\WINDOWS\SYSTEM\APPXT32.EXE
    C:\WINDOWS\SYSTEM\NETWN.EXE
    C:\WINDOWS\ADDSN32.EXE
    C:\WINDOWS\JAVAQO.EXE
    C:\WINDOWS\JAVAUE32.EXE
    C:\WINDOWS\IEXW32.EXE
    C:\WINDOWS\ADDNE.EXE
    C:\WINDOWS\D3LH.EXE
    C:\WINDOWS\SYSTEM\MFCHF.EXE
    C:\WINDOWS\SYSTEM\CRBS32.EXE
    C:\WINDOWS\SYSTEM\IPAO.EXE
    C:\WINDOWS\SYSTEM\IERS.EXE
    C:\WINDOWS\WINZK32.EXE
    C:\WINDOWS\SYSTEM\NETTM.EXE
    C:\WINDOWS\ADDPI32.EXE
    C:\WINDOWS\SYSTEM\MFCPQ32.EXE
    C:\WINDOWS\SYSTEM\APILH.EXE
    C:\WINDOWS\SYSTEM\NTIT32.EXE
    C:\WINDOWS\SYSTEM\D3KN.EXE
    C:\WINDOWS\SYSTEM\IEEK32.EXE
    C:\WINDOWS\WINJA32.EXE
    C:\WINDOWS\ATLQQ32.EXE
    C:\WINDOWS\NTDB32.EXE
    C:\WINDOWS\NETUL.EXE
    C:\WINDOWS\SDKYJ32.EXE
    C:\WINDOWS\SYSTEM\CRWN32.EXE
    C:\WINDOWS\SYSTEM\D3WD32.EXE
    C:\WINDOWS\SYSTEM\ATLCU.EXE
    C:\WINDOWS\MSGQ.EXE
    C:\WINDOWS\JAVAYM.EXE
    C:\WINDOWS\APPVH.EXE
    C:\WINDOWS\SYSTEM\ATLBJ32.EXE
    C:\WINDOWS\SYSTEM\SDKEG32.EXE
    C:\WINDOWS\APPKQ32.EXE
    C:\WINDOWS\WINSL.EXE
    C:\WINDOWS\ADDSV32.EXE
    C:\WINDOWS\IPMQ32.EXE
    C:\WINDOWS\SYSTEM\MSVI32.EXE
    C:\WINDOWS\SYSTEM\IEHV.EXE
    C:\WINDOWS\SYSTEM\MSVQ32.EXE
    C:\WINDOWS\ADDBI32.EXE
    C:\WINDOWS\NETNY.EXE
    C:\WINDOWS\SYSTEM\ATLYK.EXE
    C:\WINDOWS\SYSTEM\WINFJ32.EXE
    C:\WINDOWS\D3HY.EXE
    C:\WINDOWS\SYSTEM\ATLJO.EXE
    C:\WINDOWS\SDKJQ.EXE
    C:\WINDOWS\SDKAX32.EXE
    C:\WINDOWS\JAVAYI.EXE
    C:\WINDOWS\NTNI32.EXE
    C:\WINDOWS\SYSTZ.EXE
    C:\WINDOWS\SYSTEM\SDKMS.EXE
    C:\WINDOWS\SYSTEM\NETWA32.EXE
    C:\WINDOWS\SYSTEM\ADDDZ.EXE
    C:\WINDOWS\SYSTEM\APIXE32.EXE
    C:\WINDOWS\APPCM32.EXE
    C:\WINDOWS\CRPC.EXE
    C:\WINDOWS\SYSTEM\NTNF.EXE
    C:\WINDOWS\APIEY32.EXE
    C:\WINDOWS\SYSTEM\MFCRP32.EXE
    C:\WINDOWS\SYSTEM\ADDUW.EXE
    C:\WINDOWS\SYSTEM\SDKPN32.EXE
    C:\WINDOWS\IPRT32.EXE
    C:\WINDOWS\MFCUZ.EXE
    C:\WINDOWS\SYSTEM\NETOH32.EXE
    C:\WINDOWS\MFCVE.EXE
    C:\WINDOWS\SDKFD32.EXE
    C:\WINDOWS\WINTS.EXE
    C:\WINDOWS\SYSTEM\MSTB32.EXE
    C:\WINDOWS\APIOM32.EXE
    C:\WINDOWS\APPUY.EXE
    C:\WINDOWS\APPTC.EXE
    C:\WINDOWS\SDKMC32.EXE
    C:\WINDOWS\MSEI.EXE
    C:\WINDOWS\SYSTEM\MFCDH32.EXE
    C:\WINDOWS\SYSTEM\NTSQ32.EXE
    C:\WINDOWS\MFCRE32.EXE

    5- Dalla provvisoria chiudi tutti i programmi lancia AboutBuster, clicca su Start e poi su OK ed esegui la scansione, alla fine della scansione, clicca su Save log (verrà salvato il log all'interno della cartella AB che avevi precedentemente creato).

    6- Apri sempre dalla provvisoria AdAware e fai una scansione completa, elimina tutto quello che ha trovato.

    7- Apri sempre dalla provvisoria CWShredder clicca su Fix.

    8- Riavvia in mod. normale

    9- Fai un nuovo scan con HJT, posta il nuovo log.

    10- Posta anche il log di AboutBuster che avevi precedentemente salvato.
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.