Mi controllate il LOG di Hijack - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di Hijack

Mi controllate il LOG di Hijack

Opzioni

Topic Precedente · Topic Sucessivo

federico1977

Inviato: Saturday, February 12, 2005 10:21:40 AM

Rank: Member

Iscritto dal : 1/31/2005
Posts: 1

Logfile of HijackThis v1.99.0
Scan saved at 10.18.40, on 12/02/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\System32\sistray.EXE
C:\WINDOWS\System32\Linksts.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\DSB\DSB.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\downlo~1\0iaw63v\alglm6f0.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Amministratore\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4EF11506-B56F-23B2-8071-17550FA3286A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A6F42CAD-2559-48DF-AF30-89E480AF5DFA} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E41AD5F1-2FD3-47D8-8FC0-3437F2AFA162} - C:\WINDOWS\System32\pcc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44"
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\DSB.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll,DllInstall
O4 - Startup: Microsoft Data Helper.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O15 - Trusted Zone: http://admin.191.it
O15 - Trusted Zone: http://smart.191.it
O15 - Trusted Zone: http://www.kataweb.it
O15 - Trusted Zone: http://www.nutrisport.it
O15 - Trusted Zone: http://my.qxl.it
O15 - Trusted Zone: http://www.topvideofriuli.it
O15 - Trusted Zone: http://www.unicreditbanca.it
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.187/winsearchie32.chm::/winsearchie32.exe
O16 - DPF: {446A606F-1DAF-4EA1-A6E6-522883C44908} - https://www.unibanking.it/common/applet/libRegistry.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108137767421
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://agentsetup.paginebianche.virgilio.it/PBCab/msxml4.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9D0A9D98-5221-430A-A02D-76F0827C82D1} - http://www.dialer-shop.com/im6/hentai.cab
O16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} (myActiveXCOM Class) - http://www.web-gratis.net/modules/registrazione/activex/ActiveXCOM1.0.0.10.cab
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://www.xpehbam.biz/t/load.exe
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {FA6B2C55-F067-4895-A0D0-536168798883} - http://agentsetup.paginebianche.virgilio.it/PBCab/install.cab
O16 - DPF: {FFFF0027-0001-101A-A3C9-08002B2F49FB} - http://www.newmeteo.com/39A001.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BEF289D8-1E45-4419-A7E3-01AEACB6A3D4}: NameServer = 151.99.229.225,212.216.112.112
O18 - Filter: text/html - {B71123A0-908B-4719-BA11-88095A23D35F} - C:\WINDOWS\System32\pcc.dll
O18 - Filter: text/plain - {B71123A0-908B-4719-BA11-88095A23D35F} - C:\WINDOWS\System32\pcc.dll
O19 - User stylesheet: (file missing)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Torna in alto

Sponsor

Inviato: Saturday, February 12, 2005 10:21:40 AM

Torna in alto

alfonso

Inviato: Saturday, February 12, 2005 11:45:03 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
R3 - Default URLSearchHook is missing
-
O2 - BHO: (no name) - {4EF11506-B56F-23B2-8071-17550FA3286A} - (no file)
-
O2 - BHO: (no name) - {A6F42CAD-2559-48DF-AF30-89E480AF5DFA} - (no file)
-
O2 - BHO: (no name) - {E41AD5F1-2FD3-47D8-8FC0-3437F2AFA162} - C:\WINDOWS\System32\pcc.dll
-
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\DSB.exe
-
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\AMMINI~1\IMPOST~1\Temp\se.dll,DllInstall
-
O15 - Trusted Zone: http://admin.191.it
O15 - Trusted Zone: http://smart.191.it
O15 - Trusted Zone: http://www.kataweb.it
O15 - Trusted Zone: http://www.nutrisport.it
O15 - Trusted Zone: http://my.qxl.it
O15 - Trusted Zone: http://www.topvideofriuli.it
O15 - Trusted Zone: http://www.unicreditbanca.it
O16 - DPF: {11010101-1001-1111-1000-110112345678} - ms-its:mhtml:file://c:\nosuch.mht!http://69.31.79.187/winsearchie32.chm::/winsearchie32.exe
-
O16 - DPF: {9D0A9D98-5221-430A-A02D-76F0827C82D1} - http://www.dialer-shop.com/im6/hentai.cab
O16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} (myActiveXCOM Class) - http://www.web-gratis.net/modules/registrazione/activex/ActiveXCOM1.0.0.10.cab
O16 - DPF: {AD688740-5246-40C3-AF27-090006046834} - http://www.xpehbam.biz/t/load.exe
-
O16 - DPF: {FFFF0027-0001-101A-A3C9-08002B2F49FB} - http://www.newmeteo.com/39A001.exe
-
O18 - Filter: text/html - {B71123A0-908B-4719-BA11-88095A23D35F} - C:\WINDOWS\System32\pcc.dll
O18 - Filter: text/plain - {B71123A0-908B-4719-BA11-88095A23D35F} - C:\WINDOWS\System32\pcc.dll
O19 - User stylesheet: (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
pcc.dll
DSB.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il LOG di Hijack

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded