Mi controllate il log di hijack per favore? - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log di hijack per favore?

Mi controllate il log di hijack per favore?

Opzioni

Topic Precedente · Topic Sucessivo

xelex

Inviato: Friday, February 03, 2006 5:52:59 PM

Rank: Member

Iscritto dal : 2/3/2006
Posts: 3

Mi cambia sempre la home page in automatico e in più l'antivirus mi rileva un virus "win32/swizzor" che però non riescie a eliminare!

Logfile of HijackThis v1.99.1
Scan saved at 17.46.53, on 03/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
C:\Programmi\Messenger Plus! 3\MsgPlus.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\PestPatrol\PPControl.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\dslagent.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\USER\Documenti\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ozoiywysptfnmzlfh.com/4TTbn9S6_C9k8qJhJRfJKVM168BD_nKh_im_sByY4gomQ2U2V5HpB0xpbJwHrGMj.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll (file missing)
O2 - BHO: (no name) - {B0F0503E-78EA-F5D7-E47C-B357E069F70B} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O2 - BHO: (no name) - {EB33A598-E534-F18F-B245-A8B124BC6FC7} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [CORNCAKELOGODRAW] C:\Documents and Settings\All Users\Dati applicazioni\Defaultbalmcorncake\BeepLoad.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianmarco\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Programmi\File comuni\Nokia\Tools\NclTray.exe
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Elements 4.0\apdproxy.exe"
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [Send Build Frag Warn] C:\Documents and Settings\All Users\Dati applicazioni\move defy send build\ERRORCITY.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [obj plus] C:\DOCUME~1\USER\DATIAP~1\FORAXI~1\CITY TEST MOVE.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: DataWay USB ADSL Modem.lnk = ?
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programmi\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096593617203
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1108765582000.kit.sexequalite.com/26653/CD/UltraSESSO.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{C368B228-7435-4D09-9B8A-0310F41EE541}: NameServer = 85.37.17.57 85.38.28.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Programmi\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\ISafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Internet Security Suite\eTrust EZ Antivirus\VetMsg.exe

Torna in alto

Sponsor

Inviato: Friday, February 03, 2006 5:52:59 PM

Torna in alto

alfonso

Inviato: Friday, February 03, 2006 7:45:19 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.ozoiywysptfnmzlfh.com/4TTbn9S6_C9k8qJhJRfJKVM168BD_nKh_im_sByY4gomQ2U2V5HpB0xpbJwHrGMj.htm
-
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O1 - Hosts: 66.98.226.177 auto.search.msn.com
O2 - BHO: LocalNRDObj Class - {00320615-B6C2-40A6-8F99-F1C52D674FAD} - C:\WINDOWS\localNRD.dll
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
-
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~1.DLL (file missing)
-
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
-
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\system32\bridge.dll (file missing)
O2 - BHO: (no name) - {B0F0503E-78EA-F5D7-E47C-B357E069F70B} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
O2 - BHO: (no name) - {EB33A598-E534-F18F-B245-A8B124BC6FC7} - C:\DOCUME~1\USER\DATIAP~1\MPEGGP~1\AUDIO MEMO.exe (file missing)
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll (file missing)
-
O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
O4 - HKLM\..\Run: [SearchUpgrader] C:\Programmi\Common files\SearchUpgrader\SearchUpgrader.exe
-
O4 - HKLM\..\Run: [CORNCAKELOGODRAW] C:\Documents and Settings\All Users\Dati applicazioni\Defaultbalmcorncake\BeepLoad.exe
-
O4 - HKLM\..\Run: [Uninstall_TBPS] C:\WINDOWS\Temp\TBuninst.exe /remove
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Gianmarco\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
-
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
-
O4 - HKLM\..\Run: [Send Build Frag Warn] C:\Documents and Settings\All Users\Dati applicazioni\move defy send build\ERRORCITY.exe
-
O4 - HKCU\..\Run: [obj plus] C:\DOCUME~1\USER\DATIAP~1\FORAXI~1\CITY TEST MOVE.exe
-
O4 - Global Startup: DataWay USB ADSL Modem.lnk = ?
-
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://1108765582000.kit.sexequalite.com/26653/CD/UltraSESSO.exe
-
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/closer/close.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CCS\Services\Tcpip\..\{C368B228-7435-4D09-9B8A-0310F41EE541}: NameServer = 85.37.17.57 85.38.28.80
O17 - HKLM\System\CS1\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O17 - HKLM\System\CS3\Services\Tcpip\..\{21DB781A-8EBE-4D5F-AF66-5540AA932FBB}: NameServer = 212.216.112.112
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
localNRD.dll
SEARCH~1.DLL
2_0_1browserhelper2.dll
bridge.dll
AUDIO MEMO.exe
msntb.dll
msbe.dll
ISTHTB.EXE
SearchUpgrader.exe
BeepLoad.exe
TBuninst.exe
IE4321.exe
EnergyPlugin.exe
E-nrgyPlus.exe
ERRORCITY.exe
CITY TEST MOVE.exe
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56
e disattiva l'inutile firewall di XP, leggi qui
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=160&SH=N

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log di hijack per favore?

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded