Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il Log Hijack

Mi controllate il Log Hijack Opzioni
Topic Precedente · Topic Sucessivo
lukkio
Inviato: Sunday, June 26, 2005 8:09:12 PM
Rank: Member

Iscritto dal : 6/26/2005
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 20.06.22, on 26/06/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAMMI\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\PROGRAMMI\LEXMARK X1100 SERIES\LXBKBMGR.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\LEXMARK X1100 SERIES\LXBKBMON.EXE
C:\PROGRAMMI\TRUST\280KS KEYBOARD & WIRELESS OPTICAL MOUSE\KEYBOARD\IKEYMAIN.EXE
C:\PROGRAMMI\TRUST\280KS KEYBOARD & WIRELESS OPTICAL MOUSE\MOUSE\AMOUMAIN.EXE
C:\WINDOWS\SYSTEM\LEXBCES.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAMMI\FREE SURFER\FS20.EXE
C:\WINDOWS\SYSTEM\LEXPPS.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kemdmommsx.net/BtoDrhShPcUst_KaK5Yb1/ZmgYPPzkP_IjZ2rBRFOpAElGnijhFXWwlpL/6BCAUv.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: - {A4B47C20-1975-11D9-A6FF-00C0DFEF4351} - C:\WINDOWS\LBBHO.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O2 - BHO: (no name) - {56A49276-A1A4-17BE-3C27-0716C2043277} - C:\WINDOWS\APPLICATION DATA\WAVEENCBORE\COOL EQ.EXE
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\WEBDIR.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAMMI\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAMMI\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL (file missing)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [LexStart] lexstart.exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\TRUST\280KSK~1\KEYBOARD\IKEYMAIN.EXE
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\TRUST\280KSK~1\MOUSE\AMOUMAIN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [Filetopia] C:\FILETOPIA3\FILETOPIA.EXE /TRAY
O4 - HKLM\..\Run: [ProPort StartUp] C:\WINDOWS\TEMP\PROPORT.exe /StartUp
O4 - HKLM\..\Run: [freesurfer] C:\PROGRAMMI\FREE SURFER\fs20.exe
O4 - HKLM\..\Run: [Soft logo media film] C:\WINDOWS\Application Data\SKIP COMP SOFT LOGO\Way acid.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Zone Labs Client] "C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE"
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\WINDOWS\TEMP\ImInstaller\IncrediMail\INCREDIMAIL_INSTALL-2.EXE -startup -product IncrediMail
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [WinFrag] C:\WINDOWS\DATIAP~1\POPMES~1\mpeg real.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Download with Go!Zilla - file://C:\PROGRAMMI\GO!ZILLA\download-with-gozilla.html
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Programmi\Free Surfer\FS20.exe
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Programmi\Free Surfer\FS20.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: http://*.msn.it
O15 - Trusted Zone: http://it.bitdefender.com
O15 - Trusted Zone: www.softwin.ro
O15 - Trusted Zone: http://www.bitdefender.ro
O15 - Trusted Zone: http://www.pandasoftware.it
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: www.ilsoftware.it
O15 - Trusted Zone: http://housecall.antivirus.com
O15 - Trusted Zone: www.zonelab.com
O15 - Trusted Zone: http://download.zonelabs.com
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: http://www.todiscoassicurazioni.it
O15 - Trusted Zone: www.gourmet-cat.it
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
Torna in alto
 
Sponsor
Inviato: Sunday, June 26, 2005 8:09:12 PM

 
Torna in alto
 
a.roselli
Inviato: Monday, June 27, 2005 7:28:55 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,052
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.kemdmommsx.net/BtoDrhShPcUst_KaK5Yb1/ZmgYPPzkP_IjZ2rBRFOpAElGnijhFXWwlpL/6BCAUv.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
-
R3 - Default URLSearchHook is missing
O2 - BHO: - {A4B47C20-1975-11D9-A6FF-00C0DFEF4351} - C:\WINDOWS\LBBHO.DLL
-
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll (file missing)
-
O2 - BHO: (no name) - {56A49276-A1A4-17BE-3C27-0716C2043277} - C:\WINDOWS\APPLICATION DATA\WAVEENCBORE\COOL EQ.EXE
O2 - BHO: CWebDirObj Object - {C003C49F-53E4-4A72-B7D6-0B2B9997392F} - C:\WINDOWS\WEBDIR.DLL
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAMMI\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL (file missing)
-
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll (file missing)
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\PROGRAMMI\IMESHBAR\BAR\1.BIN\IMESHBAR.DLL (file missing)
-
O4 - HKLM\..\Run: [Soft logo media film] C:\WINDOWS\Application Data\SKIP COMP SOFT LOGO\Way acid.exe
-
O4 - HKCU\..\Run: [WinFrag] C:\WINDOWS\DATIAP~1\POPMES~1\mpeg real.exe
-
O15 - Trusted Zone: http://*.msn.it
O15 - Trusted Zone: http://it.bitdefender.com
O15 - Trusted Zone: www.softwin.ro
O15 - Trusted Zone: http://www.bitdefender.ro
O15 - Trusted Zone: http://www.pandasoftware.it
O15 - Trusted Zone: http://www.pandasoftware.com
O15 - Trusted Zone: www.ilsoftware.it
O15 - Trusted Zone: http://housecall.antivirus.com
O15 - Trusted Zone: www.zonelab.com
O15 - Trusted Zone: http://download.zonelabs.com
O15 - Trusted Zone: http://messenger.msn.com
O15 - Trusted Zone: http://www.todiscoassicurazioni.it
O15 - Trusted Zone: www.gourmet-cat.it
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
LBBHO.DLL
COOL EQ.EXE
WEBDIR.DLL
IMESHBAR.DLL
Way acid.exe
mpeg real.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.
alfonso_aiutamici@hotmail.it
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il Log Hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.