Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijackthis

mi controllate il log di hijackthis Opzioni
Topic Precedente · Topic Sucessivo
Zodyac
Inviato: Tuesday, September 06, 2005 12:47:11 AM
Rank: Member

Iscritto dal : 9/5/2005
Posts: 0
mi appare una conneccione "winmovieplugin"
hp fatto andare ad-awere, spyboot, cws ma continua a riapparire


Logfile of HijackThis v1.99.1
Scan saved at 0.39.06, on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec

Shared\ccApp.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hp

ztsb05.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Daily Weather

Forecast\weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search &

Destroy\TeaTimer.exe
C:\Programmi\Adobe\Acrobat

6.0\Distillr\acrotray.exe
C:\Programmi\Intel\ASF Agent\ASFAgent.exe
C:\Programmi\File comuni\Symantec

Shared\ccSetMgr.exe
C:\Programmi\Dell\OpenManage\Client\Iap.exe
C:\Programmi\File comuni\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton

AntiVirus\IWP\NPFMntor.exe
C:\Programmi\File comuni\Symantec

Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec

Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\zHotkey.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and

Settings\CLIZIA\Desktop\PROGRAMMIPERMALWARE\H

ijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.euro.dell.com/countries/it/ita/gen

/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.euro.dell.com/countries/it/ita/gen

/
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.euro.dell.com/countries/it/ita/gen

/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet

Connection Wizard,ShellNext =

http://www.euro.dell.com/countries/it/ita/gen

/
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName =

Collegamenti
R3 - URLSearchHook: ICQ Toolbar -

{855F3B16-6D32-4fe6-8A56-BBB695989046} -

C:\Programmi\ICQToolbar\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Programmi\Adobe\Acrobat

6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) -

{53707962-6F74-2D53-2644-206D7942484F} -

C:\Programmi\Spybot - Search &

Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class -

{AE7CD045-E861-484f-8273-0445EE161910} -

C:\Programmi\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper -

{BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus -

{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} -

C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF -

{47833539-D0C5-4125-9FA8-0819E2EAAC93} -

C:\Programmi\Adobe\Acrobat

6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ICQ Toolbar -

{855F3B16-6D32-4fe6-8A56-BBB695989046} -

C:\Programmi\ICQToolbar\toolbaru.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched]

C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File

comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver

Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe

/Consumer
O4 - HKLM\..\Run: [snpstd]

C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\system32\spool\drivers\w32x86\3\hp

ztsb05.exe
O4 - HKLM\..\Run: [iTunesHelper]

"C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task]

"C:\Programmi\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [Daily Weather Forecast]

C:\Programmi\Daily Weather

Forecast\weather.exe
O4 - HKCU\..\Run: [ctfmon.exe]

C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer]

C:\Programmi\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager]

"C:\Programmi\Yahoo!\Messenger\ypager.exe"

-quiet
O4 - Global Startup: Acrobat Assistant.lnk =

C:\Programmi\Adobe\Acrobat

6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk =

C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma

Loader.exe
O4 - Global Startup: Microsoft Office.lnk =

C:\Programmi\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &ICQ Toolbar

Search -

res://C:\Programmi\ICQToolbar\toolbaru.dll/SE

ARCH.HTML
O8 - Extra context menu item: &Search -

http://bar.mywebsearch.com/menusearch.html?p=

ZNxdm776YYIT
O8 - Extra context menu item: E&sporta in

Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE

/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04

.dll
O9 - Extra 'Tools' menuitem: Sun Java Console

- {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04

.dll
O9 - Extra button: Ricerche -

{92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite -

{B863453A-26C3-4e1f-A54D-A2CD196348E9} -

C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger

- {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Flash Decompiler SWF

Capture tool -

{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} -

C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O9 - Extra 'Tools' menuitem: Flash Decompiler

SWF Capture tool menu -

{86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} -

C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O16 - DPF:

{15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} -

http://static.windupdates.com/cab/DownloadAcc

ess/ie/bridge-c283.cab
O16 - DPF:

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://groups.msn.com/controls/PhotoUC/MsnPUp

ld.cab
O16 - DPF:

{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/msnmessenge

rsetupdownloader.cab
O17 -

HKLM\System\CCS\Services\Tcpip\..\{7B8DF195-C

BDE-4609-B024-20CF9860F26F}: NameServer =

62.211.69.150,212.48.4.15
O20 - Winlogon Notify: igfxcui -

C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown

owner - C:\Programmi\File comuni\Adobe

Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ASF Agent (ASFAgent) - Intel

Corporation - C:\Programmi\Intel\ASF

Agent\ASFAgent.exe
O23 - Service: Symantec Event Manager

(ccEvtMgr) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation

(ccPwdSvc) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager

(ccSetMgr) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\ccSetMgr.exe
O23 - Service: Iap - Dell Inc -

C:\Programmi\Dell\OpenManage\Client\Iap.exe
O23 - Service: iPod Service (iPodService) -

Apple Computer, Inc. -

C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service -

Macromedia - C:\Programmi\File

comuni\Macromedia Shared\Service\Macromedia

Licensing.exe
O23 - Service: Servizio Auto-Protect di

Norton AntiVirus (navapsvc) - Symantec

Corporation - C:\Programmi\Norton

AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc)

- Intel(R) Corporation -

C:\Programmi\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall

Monitor Service (NPFMntor) - Symantec

Corporation - C:\Programmi\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation

- C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service

(SBService) - Symantec Corporation -

C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ

.exe
O23 - Service: Symantec Network Drivers

Service (SNDSrvc) - Symantec Corporation -

C:\Programmi\File comuni\Symantec

Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) -

Symantec Corporation - C:\Programmi\File

comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec

Corporation - C:\Programmi\File

comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
Torna in alto
 
Sponsor
Inviato: Tuesday, September 06, 2005 12:47:11 AM

 
Torna in alto
 
alfonso
Inviato: Tuesday, September 06, 2005 11:05:18 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
-
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm776YYIT
-
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
-
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU)
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
ShowWnd.exe
iebt.dll
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Fai un ulteriore controllo antivirus on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » mi controllate il log di hijackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.