Condividi:        

RICHFIND qualcuno mi aiuta?

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Postdi piercing » 16/04/05 18:16

pippox.... fai quello che ti ho detto... non mi far ripetere le cose tre volte... sono anziano ;)

piercing ha scritto:fai un log di hijack nella sezione Misc Tools -> Generate Startup List Log attivando List Also Minor Sections
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Sponsor
 

Postdi pippox » 16/04/05 18:24

:D

Logfile of HijackThis v1.99.1
Scan saved at 19.23.34, on 16/04/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\Programmi\Shareaza\Shareaza.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Real\RealPlayer\realplay.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\regedit.exe
C:\Programmi\Acoustica MP3 Audio Mixer\iMix.exe
C:\Documents and Settings\NICOLA\Documenti\HijackThis\HijackThis.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.richfind.com/ie/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "C:\Programmi\TrojanHunter 4.1\THGuard.exe"
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1956b8e2403 ... 601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5737202328
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnme ... loader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{62ACC6C7-E32D-4116-8EDF-45AA5013F310}: NameServer = 85.37.17.16 151.99.125.1
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi piercing » 16/04/05 18:34

pippox... ma mi leggi o no????? fai quello che ti ho detto...

è un log diverso quello che ti ho chiesto...


cmq fai anche questa prova... killa il processo di rundll dal taskmanager (se non si chiude insisti un pò) e poi cancella la chiave... non dovrebbe più ricrearsi...
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi pippox » 16/04/05 18:37

ho aperto HijackThis
sono andato su config Misc Tools -> Generate Startup List Log attivando List Also Minor Sections
poi gli ho fatto fare la scansione....dove ho sbagliato?
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi pippox » 16/04/05 18:40

arieccomi

StartupList report, 16/04/2005, 19.40.18
StartupList version: 1.52.2
Started from : C:\Documents and Settings\NICOLA\Documenti\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Yahoo!\Messenger\YPager.exe
C:\Programmi\Shareaza\Shareaza.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Symantec Shared\NMain.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Programmi\Real\RealPlayer\realplay.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\WINDOWS\regedit.exe
C:\Programmi\Acoustica MP3 Audio Mixer\iMix.exe
C:\Documents and Settings\NICOLA\Documenti\HijackThis\HijackThis.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\OPScan.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
EPSON SMART PANEL for Scanner.lnk = C:\Programmi\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
type32 = "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
IntelliPoint = "C:\Programmi\Microsoft IntelliPoint\point32.exe"
TkBellExe = "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
AWMON = "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
THGuard = "C:\Programmi\TrojanHunter 4.1\THGuard.exe"
EPSON Stylus C46 Series = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
CTHelper = CTHELPER.EXE
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\System32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = %SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Programmi\DAP\DAPBHO.dll - {0000CC75-ACF3-4cac-A0A9-DD3868E06852}
(no name) - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
Norton Internet Security - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

BB872AF69268D83A.job
Norton AntiVirus - NICO - NICOLA.job
Norton AntiVirus - Scansione del computer - NICOLA.job
Symantec NetDetect.job
XoftSpy.job

--------------------------------------------------

Enumerating Download Program Files:

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zone.msn.com/binary/ms ... b31267.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Me ... b31267.cab

[iCC Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\pcpConnCheck.dll
CODEBASE = http://www.pcpitstop.com/internet/pcpConnCheck.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/Shar ... vSniff.cab

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdat ... t/opuc.cab

[RdxIE Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\RdxIE.dll
CODEBASE = http://software-dl.real.com/1956b8e2403 ... 601_it.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v ... 5737202328

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/Shar ... /cabsa.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zone.msn.com/binary/Me ... b31267.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/msnme ... loader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zone.msn.com/binary/ZI ... b32846.cab

[CBreakshotControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Banksht2.dll
CODEBASE = http://messenger.zone.msn.com/binary/Ba ... b31267.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/get/sh ... wflash.cab

[MSN Chat Control 4.5]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MSNChat45.ocx
CODEBASE = http://chat.msn.com/bin/msnchat45.cab

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Browser di computer: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Event Manager: "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Programmi\File comuni\Symantec Shared\ccProxy.exe" (autostart)
Symantec Settings Manager: "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe" (autostart)
Servizi di crittografia: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Utilità di avvio processo server DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Gestione dischi logici: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
ElbyCDIO Driver: System32\Drivers\ElbyCDIO.sys (autostart)
Registro eventi: %SystemRoot%\system32\services.exe (autostart)
Guida in linea e supporto tecnico: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
HID Input Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
ISSvc: C:\Programmi\Norton Internet Security\ISSVC.exe (autostart)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Helper NetBIOS di TCP/IP: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Servizio Auto-Protect di Norton AntiVirus: "C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe" (autostart)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Servizi IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Archiviazione protetta: %SystemRoot%\system32\lsass.exe (autostart)
Registro di sistema remoto: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
RPC (Remote Procedure Call): %SystemRoot%\system32\svchost -k rpcss (autostart)
Gestione account di protezione (SAM): %SystemRoot%\system32\lsass.exe (autostart)
ScriptBlocking Service: C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Utilità di pianificazione: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accesso secondario: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notifica eventi di sistema: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows Firewall / Condivisione connessione Internet (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Rilevamento hardware shell: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Symantec Network Drivers Service: "C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe" (autostart)
Spooler di stampa: %SystemRoot%\system32\spoolsv.exe (autostart)
Servizio Ripristino configurazione di sistema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Acquisizione di immagini di Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Symantec Core LC: C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
symlcbrd: \??\C:\WINDOWS\System32\drivers\symlcbrd.sys (autostart)
Temi: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Manutenzione collegamenti distribuiti client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Windows User Mode Driver Framework: C:\WINDOWS\System32\wdfmgr.exe (autostart)
Ora di Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Strumentazione gestione Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Centro sicurezza PC: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Aggiornamenti automatici: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Zero Configuration reti senza fili: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 15.583 bytes
Report generated in 2,094 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi piercing » 16/04/05 18:47

cos'è quel job (= operazione pianificata) formata da tutti numeri? prova ad aprirne le proprietà e a vedere cosa lancia...
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi pippox » 16/04/05 19:26

l'ho trovato sul registro nello stesso percorso dove ho trovato rundll32


HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603


ora sto provando con "cerca file o cartelle" per vedere come posso avviarlo
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi piercing » 16/04/05 19:28

non lo devi avviare... ho chiesto solo di andare nelle operazioni pianificate e vedere cos'è...


ma hai killato il rundll e visto se la chiave si ricrea?? è importante che tu lo faccia, almeno ci focalizziamo su qualcosa
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi pippox » 16/04/05 19:29

provvedo immediatamente
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi pippox » 16/04/05 19:51

operazioni pianificate

http://img236.echo.cx/my.php?image=screen9no.jpg

ho killato rundll32 ma la chiave su

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search

http://www.richfind.com/ie
si ricrea
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi piercing » 16/04/05 20:14

hai attivato la visualizzazione dei file nascosti anche qui???

altirmenti cerca su tutto il disco con chiave *.job
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi pippox » 16/04/05 20:17

attivato su tutte le cartelle "visualizza file nascosti"....procedo alla ricerca dei file *job...
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi pippox » 16/04/05 20:25

di questo BB872AF69268D83A.job
nessuna traccia
sono presenti altri file tipo

wmipjobj.dll
wmipjobj.mfl
wmipjobj.mof
JOB_INFO_1.class fino al 3
stop
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi piercing » 17/04/05 14:46

piercing ha scritto:altirmenti cerca su tutto il disco con chiave *.job


non mi sembra la stessa cosa di

pippox ha scritto:procedo alla ricerca dei file *job


hai deciso che mi vuoi mandare al manicomio? 8) :evil:
Avatar utente
piercing
Moderatore
 
Post: 7569
Iscritto il: 10/04/02 10:34
Località: Roma

Postdi pippox » 17/04/05 23:06

fatto con *.job
mi ha trovato nessun file .job ma mi ha evidenziato il contenuto della cartella OPERAZIONI PIANIFICATE
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi pippox » 19/04/05 08:44

c'è nessunooooooooooooooooooooooooooooooo?
pippox
Utente Senior
 
Post: 135
Iscritto il: 21/10/02 15:42

Postdi Tomas Milian » 19/04/05 11:28

Io stavo dando una rapida occhiata al tuo log chilometrico e per ora ho trovato qualcosa di interessante riguardo questa voce:(no name) - C:\Programmi\DAP\DAPBHO.dll - {0000CC75-ACF3-4cac-A0A9-DD3868E06852}

Il sito è http://sarc.com/avcenter/venc/data/pf/adware.dap.html
"Chi caca sotto la neve, pure se fa la buca e poi la copre, quando la neve se scioglie la m**da viè sempre fuori!"
Avatar utente
Tomas Milian
Utente Senior
 
Post: 211
Iscritto il: 18/02/05 20:25
Località: Roma

Postdi Dylan666 » 19/04/05 11:40

Non hai letto tutto il topic evidentemente:
http://www.pc-facile.com/forum/viewtopi ... 045#193045

;)
Avatar utente
Dylan666
Moderatore
 
Post: 39988
Iscritto il: 18/11/03 16:46

Postdi Tomas Milian » 19/04/05 12:05

Hai ragione! :lol:

Evidentemente se dopo 6 pagine di topic quella voce era ancora lì vuol dire che si era stabilito di non eliminarla!
"Chi caca sotto la neve, pure se fa la buca e poi la copre, quando la neve se scioglie la m**da viè sempre fuori!"
Avatar utente
Tomas Milian
Utente Senior
 
Post: 211
Iscritto il: 18/02/05 20:25
Località: Roma

Postdi Tomas Milian » 19/04/05 12:19

A me questo sembra un problema simile a se.dll.

Dato che tra le varie dll ho visto che c'è anche cfbobaa.dll, prova a fare come ha fatto Alpha:

Alpha ha scritto:Come eliminare definitivamente se.dll?
Bene, per fare questo bisogna eliminare la "TESTA" e la testa è:
cfbobaa.dll allocata in system32.

Per fare questo bisogna andare in MODALITA' PROVISORIA, qundi, selezionare la directory : c:\winnt\system32 e cancellare la TESTA
con : del cfbobaa.dll.

Ripartite con windows eliminate con i gli "specchi" ( se.dll, HOMEOldSP,sp etc) usando un qualsiasi programma anti spay ( tipo hijack) e tutto tornerà
normale.
ciao a tutti
alpha
"Chi caca sotto la neve, pure se fa la buca e poi la copre, quando la neve se scioglie la m**da viè sempre fuori!"
Avatar utente
Tomas Milian
Utente Senior
 
Post: 211
Iscritto il: 18/02/05 20:25
Località: Roma

PrecedenteProssimo

Torna a Sicurezza e Privacy


Topic correlati a "RICHFIND qualcuno mi aiuta?":


Chi c’è in linea

Visitano il forum: Nessuno e 50 ospiti