|
|||||||
|
|
|
 |
|
|
Strumenti |
20-07-2007, 16:37
|
#1 |
|
Member
Iscritto dal: Dec 2006
Città: Bologna
Messaggi: 71
|
italian.eazel.com
cosè??
sono 2 giorni che me lo sono ritrovato nel pc se da IE o da FIREFOX provo ad andare nella pagina home mi da questa schermata di eazel...inoltre se provo ad usare alcune funzioni della googletoolbar mi dice che ho il pc infetto e non me le fa eseguire outpust non mi ha detto niente...ho fatto la scansione e non ha detto nulla...stessa cosa con avast e search&destroy... come faccio x toglierlo?  Daniele |
|
|
|
20-07-2007, 17:37
|
#2 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Posta un log di hijackthis. Quel sito è molto sospetto.
|
|
|
|
|
20-07-2007, 17:41
|
#3 |
|
Member
Iscritto dal: Dec 2006
Città: Bologna
Messaggi: 71
|
Logfile of HijackThis v1.99.1
Scan saved at 18.40.38, on 20/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe C:\Program Files\Belkin\Belkin Power Management Software\Monw32.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\MSN Messenger\livecall.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\PROGRA~1\Mozilla Firefox\firefox.exe C:\Documents and Settings\Daniele\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe O4 - Global Startup: Rupsmon Daemon.lnk = ? O8 - Extra context menu item: Download Using &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{0FB4B365-F99C-4424-B03A-9FFED2E83C81}: NameServer = 29.253.128.10,29.253.128.11 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2 - Unknown owner - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: Rupsmon - Belkin - C:\Program Files\Belkin\Belkin Power Management Software\RupsMon.exe O23 - Service: USBMate - Mega Corp. - C:\Program Files\Belkin\Belkin Power Management Software\usbmate.exe |
|
|
|
|
20-07-2007, 18:07
|
#4 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Il log è pulito... comunque se ho capito il tuo problema c'è qualcosa che ti cambia la pagina iniziale di IE e Firefox? E anche se la cambi torna uguale quella?
|
|
|
|
|
20-07-2007, 18:46
|
#5 |
|
Member
Iscritto dal: Dec 2006
Città: Bologna
Messaggi: 71
|
mmm adesso funziona...
non so...cmq non mi faceva tradurre le pagine dalla google toolbar anche se cmq ho delle icone di programmi sonosciuti in giro nel sistema... |
|
|
|
|
20-07-2007, 18:50
|
#6 |
|
Senior Member
Iscritto dal: Jan 2007
Messaggi: 308
|
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://italian.eazel.com/index.php?rvs=hompag
questo va fixato ... quello è un sito spazzatura. Ne avevo parlato tempo fa nel mio blog E la java virtual machine aggiornata
__________________
maipiugromozon.blogspot.com |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 03:13.
