mi contrallate il log di hijackthis - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi contrallate il log di hijackthis

mi contrallate il log di hijackthis

Opzioni

Topic Precedente · Topic Sucessivo

flyingover86

Inviato: Thursday, March 31, 2005 3:08:23 PM

Rank: Member

Iscritto dal : 3/31/2005
Posts: 0

ho la homepage di ie fissa su hotoffers e non riesco a toglierla con nessun antivurs ne spyware...oltre tutto mi si apre in banner anche installando firefox e netscape...please help me!! (a scendere c'è il log file)

^-^-^-^-^-^-^-^-^-^-^-^-^-^-^

Logfile of HijackThis v1.99.1
Scan saved at 14.56.56, on 31/03/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Programmi\Creative\ShareDLL\CtNotify.exe
C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Creative\SBLive\AudioHQ\ahqrun.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Programmi\Symantec\LiveUpdate\luall.exe
C:\PROGRA~1\MOZILLA\FIREFOX\FIREFOX.EXE
C:\Documents and Settings\Alessio\Impostazioni locali\Temp\Directory

temporanea 3 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.hotoffers.info/194/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.tele2.it/redirect/dial_up
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title =

Microsoft Internet Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName

= Collegamenti
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} -

C:\Programmi\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: Norton Internet Security -

{9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File

comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -

C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O3 - Toolbar: Norton Internet Security -

{0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File

comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Disc Detector]

C:\Programmi\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ]

C:\Programmi\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]

C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [msnappau] "C:\Programmi\MSN

Apps\Updater\01.02.3000.1001\it\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec

Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run: [AutoEA]

C:\Programmi\Creative\SBLive\AudioHQ\ahqrun.exe

"C:\Programmi\Creative\SBLive\AudioHQ\AHQ\CTAutoEA.ahq" 0
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche -

{9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File

comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} -

C:\Programmi\File comuni\Microsoft Shared\Encarta Search

Bar\ENCSBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper -

{5852BF57-E652-4159-9D29-0B12C4C89589} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -

{5852BF57-E652-4159-9D29-0B12C4C89589} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software

AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software

AutoUpdate Support Package) -

http://www.creative.com/su/ocx/15010/CTPID.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{E16E96E1-E924-481C-A6A4-E9BAB6B1D15D

}: NameServer = 212.151.136.246 130.244.127.169
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation

- C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology

Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ISSvc (ISSVC) - Symantec Corporation -

C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) -

Symantec Corporation - C:\Programmi\Norton Internet Security\Norton

AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton

Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation -

C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

Torna in alto

Sponsor

Inviato: Thursday, March 31, 2005 3:08:23 PM

Torna in alto

alfonso

Inviato: Thursday, March 31, 2005 3:31:24 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotoffers.info/194/
-
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
O1 - Hosts: 69.50.173.4 altavista.com
O1 - Hosts: 69.50.173.4 www.altavista.com
O1 - Hosts: 69.50.173.4 amazon.com
O1 - Hosts: 69.50.173.4 www.amazon.com
O1 - Hosts: 69.50.173.4 aol.com
O1 - Hosts: 69.50.173.4 www.aol.com
O1 - Hosts: 69.50.173.4 earthlink.net
O1 - Hosts: 69.50.173.4 www.earthlink.net
O1 - Hosts: 69.50.173.4 ebay.com
O1 - Hosts: 69.50.173.4 www.ebay.com
O1 - Hosts: 69.50.173.4 go.com
O1 - Hosts: 69.50.173.4 www.go.com
O1 - Hosts: 69.50.173.4 icq.com
O1 - Hosts: 69.50.173.4 www.icq.com
O1 - Hosts: 69.50.173.4 lycos.com
O1 - Hosts: 69.50.173.4 www.lycos.com
-
O9 - Extra button: Microsoft AntiSpyware helper -
{5852BF57-E652-4159-9D29-0B12C4C89589} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper -
{5852BF57-E652-4159-9D29-0B12C4C89589} - (no file) (HKCU)
-
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
==================================

da pannello di controllo clicca su OPZIONI INTERNET nella finestra clicca sui tre pulsanti
ELIMINA COOKIE - ELIMINA FILE - CANCELLA CRONOLOGIA

utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Devi installare gli aggiornamenti sulla sicurezza da Windows Update.

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi contrallate il log di hijackthis

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded