Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » per alfonso mi controlli il log?

per alfonso mi controlli il log? Opzioni
Topic Precedente · Topic Sucessivo
ciccino
Inviato: Saturday, April 30, 2005 11:22:22 AM
Rank: Member

Iscritto dal : 4/21/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 11.18.29, on 30/04/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\REALVNC\WINVNC\WINVNC.EXE
C:\PROGRAMMI\NETSUPPORT SCHOOL\CLIENT32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\NETSUPPORT SCHOOL\wclientw.exe
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAMMI\DSB\DSB.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\DESKTOP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\DESKTOP\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {78E3B901-8BE2-11D9-A42D-0050F0726384} - C:\WINDOWS\SYSTEM\CKIK.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\REALVNC\WINVNC\WINVNC.EXE" -service
O4 - HKLM\..\RunServices: [NetSupport Client] C:\Programmi\NetSupport School\client32.exe *
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MST" /I "C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MSI" WISE_SETUP_EXE_PATH="D:\INSTALL_CABRI_II_PLUS.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//lfcruot//zbavycf//mfilsxg//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605689.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_53_it.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} -
O16 - DPF: DigiChat Applet - http://host5.digichat.com/DigiChat/DigiClasses/Client_IE.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.125.3
O18 - Filter: text/html - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL
O18 - Filter: text/plain - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL
Torna in alto
 
Sponsor
Inviato: Saturday, April 30, 2005 11:22:22 AM

 
Torna in alto
 
ciccino
Inviato: Monday, May 02, 2005 8:50:09 AM
Rank: Member

Iscritto dal : 4/21/2005
Posts: 0
ciao alfonso io non trovo nessuna istruzione anche se nella home page mi indica 14 risposte dove li trovo?
Torna in alto
 
alfonso
Inviato: Monday, May 02, 2005 6:58:17 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {78E3B901-8BE2-11D9-A42D-0050F0726384} - C:\WINDOWS\SYSTEM\CKIK.DLL
-
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
-
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
-
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC TRANSFORMS="C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MST" /I "C:\Programmi\File comuni\Wise Installation Wizard\WISE45873F4AB2D473F9CBB78125F4BF624_1_2_0.MSI" WISE_SETUP_EXE_PATH="D:\INSTALL_CABRI_II_PLUS.EXE"
-
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//lfcruot//zbavycf//mfilsxg//irkqpg//IT//arct.chm::/painter.exe
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605689.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_53_it.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} -
-
O18 - Filter: text/html - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL
O18 - Filter: text/plain - {78E3B900-8BE2-11D9-A42D-00509F3EC61F} - C:\WINDOWS\SYSTEM\CKIK.DLL
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
CKIK.DLL
dsb.exe
==================================

SVUOTA LA CARTELLA - c:\windows\TEMP

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE . CANCELLA CRONOOLOGIA
clicca inoltre sul pulsante PAGINA PREDEFINITA e poi su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.


BLOCCO QUESTO FORUM PERCHE' CI SONO LINK CHE FANNO CARICARE VIRUS, APRI UN NUOVO MESSAGGIO PER REPLICARE.

Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » per alfonso mi controlli il log?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.