riecco new access.biz

lipana · 02-09-2005, 22:13

ciao ragazzi
sono incasinato al massimo con questo dialer??
ho provato con scansione norton
ewido
cclear
nada de nada dopo uno o due gioni ritorna sparisce la pagina di google e compare ***.newaccess.biz
vi posto il log in formato txt di hijack
grazie per la pazienza!!!!
Logfile of HijackThis v1.99.1
Scan saved at 21.57.05, on 02/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
D:\Programmi\ewido\security suite\ewidoctrl.exe
D:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\ESM2\SAgentNT.exe
C:\WINNT\system32\stisvc.exe
C:\ESM2\EBRR.EXE
C:\WINNT\TSI32\tsircusr.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\WFXSVC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
D:\programmi\Symantec\WinFax\WFXMOD32.EXE
D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
D:\Programmi\MemoRex\MemoRex.exe
C:\Programmi\Common Files\LapLink\Scheduler\LLSCHED.EXE
C:\Programmi\Common Files\LapLink\Scheduler\LLSCHENG.EXE
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Daily Weather Forecast\weather.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
D:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\ANDREA\IMPOST~1\Temp\Rar$EX00.058\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.new-access.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [MemoREX] "D:\Programmi\MemoRex\MemoRexStart.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programmi\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Programmi\Common Files\LapLink\Scheduler\LLSCHED.EXE"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: EPSON Controllo in background.lnk = C:\ESM2\Stms.exe
O4 - Global Startup: Microsoft Office.lnk = D:\programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//ku...::/painter.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63DCCB8-B898-4AE3-9067-C803711BDE34}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE
O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

ATi7500 · 02-09-2005, 22:43

fixa:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painte r.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing)

cancella anche tutti e 4 gli O17, sono relativi alla tua connessione ma dovrebbe essercene solo uno

bYeZ!

wgator · 02-09-2005, 22:45

Ciao,

si, c'è parecchia porcheria in quel log. Ti consiglio prima di "fixare" a mano, di cancellare tutti i file temporanei di internet ed il contenuto delle cartelle temporanee. Con Ewido hai già provato, tuttavia dopo aver vuotato i temp, fai un nuovo passaggio. Controlla poi da strumenti ->opzioni Internet -> Protezione di rimettere tutte le aree su "predefinito" con particolare attenzione all'area "siti attendibili" perchè si sono inseriti quei siti schifezza.

Ti consiglio anche di scaricare la trial di spysweeper http://www.webroot.com/consumer/?WRS...9c8a74a478dabb e di fare un passaggio anche con quello. Appena fatto, riavvia e senza aprire nessun programma fai un altro log e postalo

lipana · 03-09-2005, 15:09

rieccomi...
e riecco il log
Logfile of HijackThis v1.99.1
Scan saved at 15.07.06, on 03/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
D:\Programmi\ewido\security suite\ewidoctrl.exe
D:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\ESM2\SAgentNT.exe
C:\WINNT\TSI32\tsircusr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\ESM2\EBRR.EXE
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\system32\WFXSVC.EXE
D:\programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\DOCUME~1\ANDREA\IMPOST~1\Temp\Rar$EX00.466\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//ku...::/painter.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

FOXYLADY · 03-09-2005, 15:19

Fixa
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painte r.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB

lipana · 03-09-2005, 15:50

non funge piu norton
Logfile of HijackThis v1.99.1
Scan saved at 15.48.41, on 03/09/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\System32\svchost.exe
D:\Programmi\ewido\security suite\ewidoctrl.exe
D:\Programmi\ewido\security suite\ewidoguard.exe
C:\WINNT\system32\hidserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
D:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\ESM2\SAgentNT.exe
C:\WINNT\TSI32\tsircusr.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\ESM2\EBRR.EXE
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINNT\System32\TSIRCSRV.EXE
C:\WINNT\system32\WFXSVC.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
D:\programmi\Symantec\WinFax\WFXMOD32.EXE
C:\WINNT\system32\svchost.exe
C:\Documents and Settings\ANDREA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

andorra24 · 04-09-2005, 13:14

Fixa queste 2 voci:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f2...RdxIE601_it.cab

juninho85 · 04-09-2005, 17:01

ripristina il precedente backup fatto con hijackthis e cancella le voci seguenti

C:\ESM2\EBRR.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.new-access.biz
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O15 - Trusted Zone: www.contentcooler.biz
O15 - Trusted Zone: www.new-access.biz
O16 - DPF: TradinGear - https://streaming1.imiweb.it/intern...Application.cab
O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painter.exe
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing)

controlla che:
"O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63DCCB8-B898-4AE3-9067-C803711BDE34}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62"

siano effettivamente i dns del tuo provider
per analizzarvi DA SOLI i vostri log,visto che si tratta di un operazione tutt'altro che difficile,avvaletevi di quanto detto in questo,questo e quest'altro thread's,in modo da rendere questa sezione magari un poco più scorrevole da leggere e poter trovare tutte le soluzioni del vari log in un unico thread,rendendo le informazioni fruibili a tutta la comunità

andorra24 · 04-09-2005, 18:39

Quote:

Originariamente inviato da juninho85

controlla che:
"O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C63DCCB8-B898-4AE3-9067-C803711BDE34}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62
O17 - HKLM\System\CS3\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62"

siano effettivamente i dns del tuo provider

Sono i DNS di Alice.

lipana · 09-09-2005, 10:19

ok ragazzi sembrerebbe funzionare tutto grazie mille spero di non fare piu casini
baci a tutti

02-09-2005, 22:13	#1
lipana Junior Member Iscritto dal: May 2005 Messaggi: 5	riecco new access.biz ciao ragazzi sono incasinato al massimo con questo dialer?? ho provato con scansione norton ewido cclear nada de nada dopo uno o due gioni ritorna sparisce la pagina di google e compare **.newaccess.biz vi posto il log in formato txt di hijack grazie per la pazienza!!!! Logfile of HijackThis v1.99.1 Scan saved at 21.57.05, on 02/09/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe D:\Programmi\ewido\security suite\ewidoctrl.exe D:\Programmi\ewido\security suite\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe D:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe D:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\ESM2\SAgentNT.exe C:\WINNT\system32\stisvc.exe C:\ESM2\EBRR.EXE C:\WINNT\TSI32\tsircusr.exe C:\WINNT\System32\TSIRCSRV.EXE C:\WINNT\Explorer.EXE C:\WINNT\system32\WFXSVC.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe D:\programmi\Symantec\WinFax\WFXMOD32.EXE D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe D:\Programmi\MemoRex\MemoRex.exe C:\Programmi\Common Files\LapLink\Scheduler\LLSCHED.EXE C:\Programmi\Common Files\LapLink\Scheduler\LLSCHENG.EXE C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe C:\Programmi\Microsoft IntelliPoint\point32.exe C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe C:\WINNT\system32\RUNDLL32.EXE C:\Programmi\Daily Weather Forecast\weather.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\system32\ZoneLabs\vsmon.exe D:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\ANDREA\IMPOST~1\Temp\Rar$EX00.058\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.new-access.biz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [Zone Labs Client] D:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [MemoREX] "D:\Programmi\MemoRex\MemoRexStart.exe" O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "D:\Programmi\RivaTuner\RivaTuner.exe" /S O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [LapLink Scheduler] "C:\Programmi\Common Files\LapLink\Scheduler\LLSCHED.EXE" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Daily Weather Forecast] C:\Programmi\Daily Weather Forecast\weather.exe O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - Global Startup: EPSON Controllo in background.lnk = C:\ESM2\Stms.exe O4 - Global Startup: Microsoft Office.lnk = D:\programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O15 - Trusted Zone: www.contentcooler.biz O15 - Trusted Zone: www.new-access.biz O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//ku...::/painter.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CCS\Services\Tcpip\..\{C63DCCB8-B898-4AE3-9067-C803711BDE34}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS3\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing) O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE Ultima modifica di wgator : 02-09-2005 alle 22:53. Motivo: Editato link pericoloso perchè non sia cliccabile*

02-09-2005, 22:43	#2
ATi7500 Senior Member Iscritto dal: Nov 2002 Città: Budapest Messaggi: 19133	fixa: R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O15 - Trusted Zone: www.contentcooler.biz O15 - Trusted Zone: www.new-access.biz O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painte r.exe O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing) cancella anche tutti e 4 gli O17, sono relativi alla tua connessione ma dovrebbe essercene solo uno bYeZ! __________________ Improvise, adapt, overcome.

02-09-2005, 22:45	#3
wgator Senior Member Iscritto dal: Mar 2004 Città: Rimini Messaggi: 10296	Ciao, si, c'è parecchia porcheria in quel log. Ti consiglio prima di "fixare" a mano, di cancellare tutti i file temporanei di internet ed il contenuto delle cartelle temporanee. Con Ewido hai già provato, tuttavia dopo aver vuotato i temp, fai un nuovo passaggio. Controlla poi da strumenti ->opzioni Internet -> Protezione di rimettere tutte le aree su "predefinito" con particolare attenzione all'area "siti attendibili" perchè si sono inseriti quei siti schifezza. Ti consiglio anche di scaricare la trial di spysweeper http://www.webroot.com/consumer/?WRS...9c8a74a478dabb e di fare un passaggio anche con quello. Appena fatto, riavvia e senza aprire nessun programma fai un altro log e postalo __________________ sometimes they come back * Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3"** I5 2435M SSD Samsung 830-256GB

03-09-2005, 15:19	#5
FOXYLADY Senior Member Iscritto dal: Oct 2004 Città: Milano Messaggi: 2641	Fixa O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painte r.exe O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB __________________ FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci

03-09-2005, 15:09	#4
lipana Junior Member Iscritto dal: May 2005 Messaggi: 5	rieccomi... e riecco il log Logfile of HijackThis v1.99.1 Scan saved at 15.07.06, on 03/09/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe D:\Programmi\ewido\security suite\ewidoctrl.exe D:\Programmi\ewido\security suite\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe D:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe D:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\ESM2\SAgentNT.exe C:\WINNT\TSI32\tsircusr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\stisvc.exe C:\ESM2\EBRR.EXE C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINNT\System32\TSIRCSRV.EXE C:\WINNT\system32\WFXSVC.EXE D:\programmi\Symantec\WinFax\WFXMOD32.EXE C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\svchost.exe C:\DOCUME~1\ANDREA\IMPOST~1\Temp\Rar$EX00.466\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//ku...::/painter.exe O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} - http://download.rfwnad.com/cab/crack.CAB O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

03-09-2005, 15:50	#6
lipana Junior Member Iscritto dal: May 2005 Messaggi: 5	non funge piu norton Logfile of HijackThis v1.99.1 Scan saved at 15.48.41, on 03/09/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\cisvc.exe C:\WINNT\System32\svchost.exe D:\Programmi\ewido\security suite\ewidoctrl.exe D:\Programmi\ewido\security suite\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe D:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\nvsvc32.exe C:\WINNT\system32\regsvc.exe D:\Programmi\Norton AntiVirus\SAVScan.exe C:\WINNT\system32\MSTask.exe C:\ESM2\SAgentNT.exe C:\WINNT\TSI32\tsircusr.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\stisvc.exe C:\ESM2\EBRR.EXE C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINNT\System32\TSIRCSRV.EXE C:\WINNT\system32\WFXSVC.EXE C:\WINNT\System32\WBEM\WinMgmt.exe D:\programmi\Symantec\WinFax\WFXMOD32.EXE C:\WINNT\system32\svchost.exe C:\Documents and Settings\ANDREA\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,C:\WINNT\TSI32\tsircusr.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O16 - DPF: TradinGear - https://streaming1.imiweb.it/interna...pplication.cab O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/SU/ocx/12110/CTSUEng.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f26...dxIE601_it.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124177025656 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - D:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - D:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - D:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Epson Printer Status Agent (StatusAgent) - SEIKO EPSON CORPORATION - C:\ESM2\SAgentNT.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TSI Remote Control Service (TSIRCSRV) - LapLink, Inc. - C:\WINNT\System32\TSIRCSRV.EXE O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINNT\system32\WFXSVC.EXE

04-09-2005, 13:14	#7
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Fixa queste 2 voci: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/21a2d5aa2b87f2...RdxIE601_it.cab

04-09-2005, 17:01	#8
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 29028	ripristina il precedente backup fatto con hijackthis e cancella le voci seguenti C:\ESM2\EBRR.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.new-access.biz R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O15 - Trusted Zone: www.contentcooler.biz O15 - Trusted Zone: www.new-access.biz O16 - DPF: TradinGear - https://streaming1.imiweb.it/intern...Application.cab O16 - DPF: {11120607-1001-1111-1000-110199901123} - ms-its:mhtml:file://C:\foo.mht!http://69.57.146.110/b/it.chm::/11449.exe O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ptjdaya//k...m::/painter.exe O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB O23 - Service: UPSMON_Service - Unknown owner - D:\PROGRA~1\UPSMON\UPSSRV.EXE (file missing) controlla che: "O17 - HKLM\System\CCS\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CCS\Services\Tcpip\..\{C63DCCB8-B898-4AE3-9067-C803711BDE34}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS2\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62 O17 - HKLM\System\CS3\Services\Tcpip\..\{2A3A0277-2909-4AA9-B377-A0EA829485B6}: NameServer = 212.216.112.112,212.216.172.62" siano effettivamente i dns del tuo provider per analizzarvi DA SOLI i vostri log,visto che si tratta di un operazione tutt'altro che difficile,avvaletevi di quanto detto in questo,questo e quest'altro thread's,in modo da rendere questa sezione magari un poco più scorrevole da leggere e poter trovare tutte le soluzioni del vari log in un unico thread,rendendo le informazioni fruibili a tutta la comunità

09-09-2005, 10:19	#10
lipana Junior Member Iscritto dal: May 2005 Messaggi: 5	ok ragazzi sembrerebbe funzionare tutto grazie mille spero di non fare piu casini baci a tutti

Strumenti
Mostra una versione stampabile Invia questa pagina per email