Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il LOG di hijack....grazie

mi controllate il LOG di hijack....grazie Opzioni
Topic Precedente · Topic Sucessivo
witko
Inviato: Friday, March 18, 2005 1:56:13 AM
Rank: Member

Iscritto dal : 3/9/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 1.49.40, on 18/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\nerocheck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programmi\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SADBLOCK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Galileo\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=StopThePopup:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {B5BCFE66-A8C3-4BD0-8925-1E2803643EA1} - [SABInprocServer32] (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [hKOxXclfmon.exe] C:\WINDOWS\hKOxXclfmon.exe
O4 - HKLM\..\Run: [XxBSmnvsvca32.exe] C:\WINDOWS\XxBSmnvsvca32.exe
O4 - HKLM\..\Run: [wHndsnvsvca32.exe] C:\WINDOWS\wHndsnvsvca32.exe
O4 - HKLM\..\Run: [UKOBrnvsvca32.exe] C:\WINDOWS\UKOBrnvsvca32.exe
O4 - HKLM\..\Run: [GrmcWclfmon.exe] C:\WINDOWS\GrmcWclfmon.exe
O4 - HKLM\..\Run: [UKwZaclfmon.exe] C:\WINDOWS\UKwZaclfmon.exe
O4 - HKLM\..\Run: [FHJGaclfmon.exe] C:\WINDOWS\FHJGaclfmon.exe
O4 - HKLM\..\Run: [ftTafclfmon.exe] C:\WINDOWS\ftTafclfmon.exe
O4 - HKLM\..\Run: [STaeEnvsvca32.exe] C:\WINDOWS\STaeEnvsvca32.exe
O4 - HKLM\..\Run: [pebjCnvsvca32.exe] C:\WINDOWS\pebjCnvsvca32.exe
O4 - HKLM\..\Run: [jYdTHclfmon.exe] C:\WINDOWS\jYdTHclfmon.exe
O4 - HKLM\..\Run: [EbxOeclfmon.exe] C:\WINDOWS\EbxOeclfmon.exe
O4 - HKLM\..\Run: [aXqnhclfmon.exe] C:\WINDOWS\aXqnhclfmon.exe
O4 - HKLM\..\Run: [SqPWnclfmon.exe] C:\WINDOWS\SqPWnclfmon.exe
O4 - HKLM\..\Run: [ZlTgGclfmon.exe] C:\WINDOWS\ZlTgGclfmon.exe
O4 - HKLM\..\Run: [gJdeMnvsvca32.exe] C:\WINDOWS\gJdeMnvsvca32.exe
O4 - HKLM\..\Run: [rUbucnvsvca32.exe] C:\WINDOWS\rUbucnvsvca32.exe
O4 - HKLM\..\Run: [mdGgenvsvca32.exe] C:\WINDOWS\mdGgenvsvca32.exe
O4 - HKLM\..\Run: [ZpTbDclfmon.exe] C:\WINDOWS\ZpTbDclfmon.exe
O4 - HKLM\..\Run: [DGhcXnvsvca32.exe] C:\WINDOWS\DGhcXnvsvca32.exe
O4 - HKLM\..\Run: [WCbYIclfmon.exe] C:\WINDOWS\WCbYIclfmon.exe
O4 - HKLM\..\Run: [ldFGlnvsvca32.exe] C:\WINDOWS\ldFGlnvsvca32.exe
O4 - HKLM\..\Run: [oDaYUclfmon.exe] C:\WINDOWS\oDaYUclfmon.exe
O4 - HKLM\..\Run: [eaTlynvsvca32.exe] C:\WINDOWS\eaTlynvsvca32.exe
O4 - HKLM\..\Run: [vDrhdclfmon.exe] C:\WINDOWS\vDrhdclfmon.exe
O4 - HKLM\..\Run: [TpTLdnvsvca32.exe] C:\WINDOWS\TpTLdnvsvca32.exe
O4 - HKLM\..\Run: [bkgvtnvsvca32.exe] C:\WINDOWS\bkgvtnvsvca32.exe
O4 - HKLM\..\Run: [ysYHrclfmon.exe] C:\WINDOWS\ysYHrclfmon.exe
O4 - HKLM\..\Run: [XUUwFnvsvca32.exe] C:\WINDOWS\XUUwFnvsvca32.exe
O4 - HKLM\..\Run: [XkhHNclfmon.exe] C:\WINDOWS\XkhHNclfmon.exe
O4 - HKLM\..\Run: [gcasServ] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [SheduIer] C:\WINDOWS\nerocheck.exe /i
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Technologies\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Programmi\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\trackzapper.com\tz spyware-remover\apptoport.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA95B99C-A12F-4DF2-BE5E-548DAAED652A}: NameServer = 217.141.254.206 151.99.125.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com -
Torna in alto
 
Sponsor
Inviato: Friday, March 18, 2005 1:56:13 AM

 
Torna in alto
 
alfonso
Inviato: Friday, March 18, 2005 10:31:02 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=StopThePopup:8100
-
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
-
O2 - BHO: C:\WINDOWS\lbbho.dll - {B5BCFE66-A8C3-4BD0-8925-1E2803643EA1} - [SABInprocServer32] (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\system32\azesearch.ocx
-
O4 - HKLM\..\Run: [hKOxXclfmon.exe] C:\WINDOWS\hKOxXclfmon.exe
O4 - HKLM\..\Run: [XxBSmnvsvca32.exe] C:\WINDOWS\XxBSmnvsvca32.exe
O4 - HKLM\..\Run: [wHndsnvsvca32.exe] C:\WINDOWS\wHndsnvsvca32.exe
O4 - HKLM\..\Run: [UKOBrnvsvca32.exe] C:\WINDOWS\UKOBrnvsvca32.exe
O4 - HKLM\..\Run: [GrmcWclfmon.exe] C:\WINDOWS\GrmcWclfmon.exe
O4 - HKLM\..\Run: [UKwZaclfmon.exe] C:\WINDOWS\UKwZaclfmon.exe
O4 - HKLM\..\Run: [FHJGaclfmon.exe] C:\WINDOWS\FHJGaclfmon.exe
O4 - HKLM\..\Run: [ftTafclfmon.exe] C:\WINDOWS\ftTafclfmon.exe
O4 - HKLM\..\Run: [STaeEnvsvca32.exe] C:\WINDOWS\STaeEnvsvca32.exe
O4 - HKLM\..\Run: [pebjCnvsvca32.exe] C:\WINDOWS\pebjCnvsvca32.exe
O4 - HKLM\..\Run: [jYdTHclfmon.exe] C:\WINDOWS\jYdTHclfmon.exe
O4 - HKLM\..\Run: [EbxOeclfmon.exe] C:\WINDOWS\EbxOeclfmon.exe
O4 - HKLM\..\Run: [aXqnhclfmon.exe] C:\WINDOWS\aXqnhclfmon.exe
O4 - HKLM\..\Run: [SqPWnclfmon.exe] C:\WINDOWS\SqPWnclfmon.exe
O4 - HKLM\..\Run: [ZlTgGclfmon.exe] C:\WINDOWS\ZlTgGclfmon.exe
O4 - HKLM\..\Run: [gJdeMnvsvca32.exe] C:\WINDOWS\gJdeMnvsvca32.exe
O4 - HKLM\..\Run: [rUbucnvsvca32.exe] C:\WINDOWS\rUbucnvsvca32.exe
O4 - HKLM\..\Run: [mdGgenvsvca32.exe] C:\WINDOWS\mdGgenvsvca32.exe
O4 - HKLM\..\Run: [ZpTbDclfmon.exe] C:\WINDOWS\ZpTbDclfmon.exe
O4 - HKLM\..\Run: [DGhcXnvsvca32.exe] C:\WINDOWS\DGhcXnvsvca32.exe
O4 - HKLM\..\Run: [WCbYIclfmon.exe] C:\WINDOWS\WCbYIclfmon.exe
O4 - HKLM\..\Run: [ldFGlnvsvca32.exe] C:\WINDOWS\ldFGlnvsvca32.exe
O4 - HKLM\..\Run: [oDaYUclfmon.exe] C:\WINDOWS\oDaYUclfmon.exe
O4 - HKLM\..\Run: [eaTlynvsvca32.exe] C:\WINDOWS\eaTlynvsvca32.exe
O4 - HKLM\..\Run: [vDrhdclfmon.exe] C:\WINDOWS\vDrhdclfmon.exe
O4 - HKLM\..\Run: [TpTLdnvsvca32.exe] C:\WINDOWS\TpTLdnvsvca32.exe
O4 - HKLM\..\Run: [bkgvtnvsvca32.exe] C:\WINDOWS\bkgvtnvsvca32.exe
O4 - HKLM\..\Run: [ysYHrclfmon.exe] C:\WINDOWS\ysYHrclfmon.exe
O4 - HKLM\..\Run: [XUUwFnvsvca32.exe] C:\WINDOWS\XUUwFnvsvca32.exe
O4 - HKLM\..\Run: [XkhHNclfmon.exe] C:\WINDOWS\XkhHNclfmon.exe
-
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} (CParamWr Class) - http://toolbar.azesearch.com/install/azesearch.cab
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
lbbho.dll
azesearch.ocx
hKOxXclfmon.exe
XxBSmnvsvca32.exe
wHndsnvsvca32.exe
UKOBrnvsvca32.exe
GrmcWclfmon.exe
UKwZaclfmon.exe
FHJGaclfmon.exe
ftTafclfmon.exe
STaeEnvsvca32.exe
pebjCnvsvca32.exe
jYdTHclfmon.exe
EbxOeclfmon.exe
aXqnhclfmon.exe
SqPWnclfmon.exe
ZlTgGclfmon.exe
gJdeMnvsvca32.exe
rUbucnvsvca32.exe
mdGgenvsvca32.exe
ZpTbDclfmon.exe
DGhcXnvsvca32.exe
WCbYIclfmon.exe
ldFGlnvsvca32.exe
oDaYUclfmon.exe
eaTlynvsvca32.exe
vDrhdclfmon.exe
TpTLdnvsvca32.exe
bkgvtnvsvca32.exe
ysYHrclfmon.exe
XUUwFnvsvca32.exe
XkhHNclfmon.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.
Collaboratore Aiutamici
Torna in alto
 
witko
Inviato: Sunday, March 20, 2005 2:38:29 AM
Rank: Member

Iscritto dal : 3/9/2005
Posts: 0
grazie mille alfonso
l'unica cosa e che quando faccio la scansione con spybot,escono sempre queste due voci che non riesco ad eliminare
coolwwwsearch
DSO exploit
che posso fare?
grazie ancora
Torna in alto
 
alfonso
Inviato: Sunday, March 20, 2005 3:33:44 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Per il DSOexploit usa questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1159

per l'altro, rimetti il log aggiornato.
Collaboratore Aiutamici
Torna in alto
 
witko
Inviato: Monday, March 21, 2005 1:29:23 AM
Rank: Member

Iscritto dal : 3/9/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 1.28.47, on 21/03/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\shch.exe
C:\WINDOWS\gaSrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ATI Technologies\main\launchpd.exe
C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
C:\Programmi\EPSON\EPSON CardMonitor\EPSON CardMonitor1.0.exe
C:\Programmi\FinePixViewer\QuickDCF.exe
C:\Programmi\Sony Ericsson\Mobile\audevicemgr.exe
C:\Programmi\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
c:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\MROUTE~2.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SABSVC.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\Galileo\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.it/news?ned=it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=StopThePopup:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: SuperAdBlockerBHO Class - {00000000-6C30-11D8-9363-000AE6309654} - C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SABBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Super Ad Blocker Toolbar - {B4B3001E-0F56-4E51-8250-BDE11547EC55} - C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\sabtb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Programmi\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Technologies\main\launchpd.exe"
O4 - HKCU\..\Run: [RemoteCenter] C:\Programmi\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [SuperAdBlocker] C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\SAdBlock.exe
O4 - HKCU\..\RunOnce: [__GSCAdditionalInstallation__] "D:\Giochi\alexander\SetupDemo.exe" -AdditionalInstall
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON CardMonitor.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Monitor conn. telefonica.lnk = ?
O4 - Global Startup: Run BBDTMngr.exe.lnk = C:\Programmi\Bright Bug Software\Shared\Screen Savers\BBDTMngr.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\programmi\trackzapper.com\tz spyware-remover\apptoport.dll' missing
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/DownloadAccess/ie/bridge-c283.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BA95B99C-A12F-4DF2-BE5E-548DAAED652A}: NameServer = 217.141.254.206 151.99.125.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Super Ad Blocker Service (SABSVC) - SuperAdBlocker.com - C:\Programmi\SuperAdBlocker.com\Super Ad Blocker\
Torna in alto
 
alfonso
Inviato: Monday, March 21, 2005 12:02:24 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O4 - HKLM\..\Run: [Nero] C:\WINDOWS\shch.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
-
O10 - Broken Internet access because of LSP provider 'c:\programmi\trackzapper.com\tz spyware-remover\apptoport.dll' missing
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
shch.exe
gaSrv.exe
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.
Collaboratore Aiutamici
Torna in alto
 
witko
Inviato: Wednesday, March 23, 2005 1:02:18 AM
Rank: Member

Iscritto dal : 3/9/2005
Posts: 0
ciao alfonso ho fatto come mi hai consigliato ma il rigo 010 non me lo elimina..e alla scansione con spybot DOS exploit compare sempre. grazie ancora
Torna in alto
 
alfonso
Inviato: Wednesday, March 23, 2005 11:44:45 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Il DSO Exploit non e un problema grave, se Spybot non lo risolve usa questo programmino
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1159

Per il resto fai un controllo antivirus on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il LOG di hijack....grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.