Controllo log HiJack - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log HiJack

Controllo log HiJack

Opzioni

Topic Precedente · Topic Sucessivo

Ikks

Inviato: Friday, February 03, 2006 10:39:46 AM

Rank: Member

Iscritto dal : 11/16/2004
Posts: 4

Logfile of HijackThis v1.99.1
Scan saved at 10.37.21, on 03/02/2006
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\BHROOT\BIN\NT611SVC.EXE
C:\BHROOT\BIN\monitor.exe
C:\WINNT\System32\bmwebcfg.exe
C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\BHROOT\BIN\PORTMAP.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\shost.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\spnsrvnt.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\PROGRA~1\JAVASOFT\JRE\132E6D~1.1\bin\java.exe
C:\WINNT\System32\mspmspsv.exe
C:\BHROOT\BIN\DBMANG.EXE
C:\WINNT\Explorer.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINNT\System32\NeroFilter.EXE
C:\WINNT\System32\ntsfd.exe
C:\w3.exe
C:\WINNT\System32\mssetupconf.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINNT\elitemediapop.exe
C:\WINNT\System32\Isass.exe
C:\dm.exe
C:\winsysban5.exe
C:\WINNT\System32\updater.exe
C:\taskmgrs.exe
C:\Programmi\File comuni\Windows\services32.exe
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\Programmi\AVPersonal\AVGNT.EXE
C:\m\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINNT\System32\gebcd.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
O2 - BHO: Bytemobile BHO - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINNT\System32\bmbho.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINNT\System32\jkklm.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\wakccq.exe reg_run
O4 - HKLM\..\Run: [ihost.exe] C:\taskmgrs.exe
O4 - HKLM\..\Run: [System Update] mssetupconf.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINNT\elitemediapop.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\RunServices: [ff] wmd.exe
O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] updater.exe
O4 - HKCU\..\Run: [System Update] mssetupconf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKCU\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: gebcd - C:\WINNT\System32\gebcd.dll
O20 - Winlogon Notify: jkklm - C:\WINNT\SYSTEM32\jkklm.dll
O20 - Winlogon Notify: sstqq - C:\WINNT\SYSTEM32\sstqq.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAMMI\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\BHROOT\BIN\monitor.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\System32\bmwebcfg.exe
O23 - Service: COSIDS_TB - TransAction Software, D 81737 Munich - C:\PROGRA~1\COSIDS\BIN\TbMux32.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell - C:\BHROOT\BIN\DBMANG.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\System32\mapi32.exe (file missing)
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\BHROOT\BIN\PORTMAP.EXE
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINNT\shost.exe
O23 - Service: SentinelSuperProNet Server (SuperProServer) - Rainbow Technologies - C:\WINNT\System32\spnsrvnt.exe
O23 - Service: TIS 2000 Apache Web Server - Unknown owner - C:\PROGRA~1\COSIDS\APACHE~1\APACHE\ApchT2kW.exe
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINNT\csrss.exe (file missing)

Torna in alto

Sponsor

Inviato: Friday, February 03, 2006 10:39:46 AM

Torna in alto

alfonso

Inviato: Friday, February 03, 2006 12:00:58 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
-
O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINNT\System32\gebcd.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
-
O2 - BHO: (no name) - {EA32FB3B-21C9-42cc-B8EF-01A9B28EDB0D} - C:\WINNT\System32\jkklm.dll
-
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINNT\System32\WinNB57.dll
-
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\wakccq.exe reg_run
O4 - HKLM\..\Run: [ihost.exe] C:\taskmgrs.exe
O4 - HKLM\..\Run: [System Update] mssetupconf.exe
O4 - HKLM\..\Run: [elitemedia] C:\WINNT\elitemediapop.exe
O4 - HKLM\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
-
O4 - HKLM\..\RunServices: [ff] wmd.exe
O4 - HKLM\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKLM\..\RunServices: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKLM\..\RunServices: [System Update] mssetupconf.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] updater.exe
O4 - HKCU\..\Run: [System Update] mssetupconf.exe
O4 - HKCU\..\Run: [NTSF MICROSOFT SYSTEM] ntsfd.exe
O4 - HKCU\..\RunServices: [NeroCheck] NeroFilter.EXE
O4 - HKCU\..\RunServices: [System Update] mssetupconf.exe
-
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
-
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O20 - Winlogon Notify: gebcd - C:\WINNT\System32\gebcd.dll
O20 - Winlogon Notify: jkklm - C:\WINNT\SYSTEM32\jkklm.dll
O20 - Winlogon Notify: sstqq - C:\WINNT\SYSTEM32\sstqq.dll
-
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINNT\System32\bmwebcfg.exe
-
O23 - Service: MAPI Mail Client (MAPI) - Unknown owner - C:\WINNT\System32\mapi32.exe (file missing)
-
O23 - Service: Service Hosts (ServiceHost) - Unknown owner - C:\WINNT\shost.exe
-
O23 - Service: Windows Time Sync (wservtime) - Unknown owner - C:\WINNT\csrss.exe (file missing)
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
gebcd.dll
WinNB57.dll
jkklm.dll
wakccq.exe
taskmgrs.exe
mssetupconf.exe
elitemediapop.exe
ntsfd.exe
wmd.exe
NeroFilter.EXE
updater.exe
wuauclt.dll
sstqq.dll
bmwebcfg.exe
mapi32.exe
shost.exe
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Aggiorna il sistema dal Windows Update

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log HiJack

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded