PDA

View Full Version : C:\Programmi\webhancer\Programs\webhdll.dll

xamm63
20-04-2006, 18:33
aiutoooo non riesco a togliere questo exe che mi rindirizza in continuazione su siti improbabili.XOFTSPY lo trova ma non riesc ad eliminarlo perchè in uso

Logfile of HijackThis v1.99.1
Scan saved at 19.56.23, on 20/04/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWSB\SYSTEM\KERNEL32.DLL
C:\WINDOWSB\SYSTEM\MSGSRV32.EXE
C:\WINDOWSB\SYSTEM\mmtask.tsk
C:\WINDOWSB\SYSTEM\MPREXE.EXE
C:\WINDOWSB\SYSTEM\MSTASK.EXE
C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWSB\EXPLORER.EXE
C:\WINDOWSB\RUNDLL32.EXE
C:\WINDOWSB\TASKMON.EXE
C:\WINDOWSB\SYSTEM\SYSTRAY.EXE
C:\WINDOWSB\SYSTEM\RMCTRL.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWSB\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWSB\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - HKCU\..\RunServices: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\RunServices: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\RunServices: [Spyware Doctor] "C:\PROGRAMMI\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\TOOLS\IESDPB.DLL
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer


:mc: :mc: :mc: :mc: :mc: :mc: :mc: :mc: :mc: :mc:
Vittorio_Bo
20-04-2006, 18:46
CIao prova questo tool di rimozione (preferibilmente da lanciare in modalità provvisoria) : http://securityresponse.symantec.com/avcenter/venc/data/spyware.webhancer.html

poi dopo averlo scaricato e aggiornato uan scansione completa con EWIDO:
www.ewido.net
Stev-O
20-04-2006, 22:24
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe [che sia lui??? (il my doom???) :eek: ]
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

e metti almeno explorer 6.0