|
|||||||
|
|
|
 |
|
|
Strumenti |
18-11-2004, 23:41
|
#1 |
|
Senior Member
Iscritto dal: Oct 2002
Città: Misterbianco (Catania)
Messaggi: 587
|
HIJACKTHIS LOG...HELP ME !!!
Ciao ragazzi...
sono disperato... il mio pc ultimamente da i numeri... una cosa soprattutto che non sopporto è una caz....di toolbar (mysearchnow) che mi si apre ogni volta che faccio partire explorer.... e tanti altri casini che sicuramente ci sono.... siccome non sono motlo esperto, volevo postarvi il log di hijackthis e se qualke anima pia potrebbe aiutarmi farebbe cosa gradita.... GRAZIEEEEEEE Daniele ....# **************LOG HIJACKTHIS*********** Logfile of HijackThis v1.98.2 Scan saved at 23.35.50, on 18/11/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\WINDOWS\System32\E_S00RP2.EXE C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~3\NORTON~1\NPROTECT.EXE C:\Programmi\ProxyPlus\ProxyPlus.exe C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe C:\WINDOWS\System32\tcpsvcs.exe C:\PROGRA~1\NORTON~3\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\SAgent4.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Commander Pro\UPServ.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe C:\Programmi\CpuIdle\cpuidle.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\ATI Technologies\ATI HydraVision\HydraDM.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Messenger Plus! 3\MsgPlus.exe C:\WINDOWS\DirectX3D.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programmi\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Creative\MediaSource\GO\CTCMSGo.exe C:\Programmi\Creative\MediaSource\RemoteControl\RCMan.EXE C:\WINDOWS\system32\wscntfy.exe C:\Programmi\TRUST BT120\Bluetooth Software\BTTray.exe C:\Programmi\National Datacomm Corporation\Instantwave HighRate Utility\ut11m_iw.exe C:\Programmi\Nokia\PC Suite for Nokia 6600\ConnMngmntBox.exe C:\Programmi\Nokia\PC Suite for Nokia 6600\ECTaskScheduler.exe C:\Programmi\Zone Labs\ZoneAlarm\zapro.exe C:\Programmi\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe C:\Programmi\TRUST BT120\Bluetooth Software\BTStackServer.exe C:\Programmi\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE C:\PROGRA~1\Nokia\PCSUIT~1\Elogerr.exe C:\PROGRA~1\Nokia\PCSUIT~1\BROADC~1.EXE C:\PROGRA~1\Nokia\PCSUIT~1\SCRFS.exe C:\Programmi\Internet Explorer\iexplore.exe c:\progra~1\intern~1\iexplore.exe C:\WINDOWS\System32\wisptis.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Commander Pro\UPS.EXE C:\Documents and Settings\DANIELSANN\Impostazioni locali\Temp\HijackThis.exe C:\Programmi\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.mdplpvoeyfkkbbgel.com/Yf4...mTafqYQ/H.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programmi\ICQToolbar\toolbaru.dll O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll O2 - BHO: (no name) - {E96A189A-54E8-F16D-0125-9C5374B89CCA} - C:\DOCUME~1\DANIEL~1\DATIAP~1\SOFTBE~1\find four.exe O3 - Toolbar: (no name) - {8E2FF476-C576-4637-9F73-5FFE2116CC12} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [WindowsXP Module] C:\WINDOWS\DirectX3D.exe O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /M "Stylus C64" /EF "HKCU" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [showfirst] C:\DOCUME~1\DANIEL~1\DATIAP~1\DRVFIL~1\road amok.exe O4 - Startup: Norton System Doctor.LNK = ? O4 - Global Startup: BTTray.lnk = ? O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Programmi\ICQToolbar\toolbaru.dll/SEARCH.HTML O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O10 - Hijacked Internet access by New.Net O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F594A33-72E0-444E-B318-E971F96DA83B}: NameServer = 212.210.251.2 O17 - HKLM\System\CCS\Services\Tcpip\..\{3119DCE7-12AD-4545-899F-73EC741F3A83}: NameServer = 192.168.0.1
__________________
Unn'è scuru stenni luci lu to visu villutatu,fa l'amaru cosa duci lu to labbru zzuccaratu E' na liffia la to vuci, l'okki to cielu stiddatu, la me vita è senza cruci si rispiru lu to ciatu S.J. |
|
|
|
18-11-2004, 23:52
|
#2 |
|
Senior Member
Iscritto dal: Feb 2003
Città: Pistoia
Messaggi: 4926
|
C:\WINDOWS\DirectX3D.exe
O4 - HKLM\..\Run: [WindowsXP Module] C:\WINDOWS\DirectX3D.exe A prima vista questa dovrebbe essere robaccia link O2 - BHO: (no name) - {E96A189A-54E8-F16D-0125-9C5374B89CCA} - C:\DOCUME~1\DANIEL~1\DATIAP~1\SOFTBE~1\find four.exe O3 - Toolbar: (no name) - {8E2FF476-C576-4637-9F73-5FFE2116CC12} - (no file) Questi sai cosa sono? O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s Questa andrebbe fixata. Comunque prima di tutto fai una bella scansione con ad-aware, spybot e magari con un antivirus on-line. Poi rifai un log e ripostalo qui. |
|
|
|
|
19-11-2004, 00:40
|
#3 |
|
Senior Member
Iscritto dal: Oct 2002
Città: Misterbianco (Catania)
Messaggi: 587
|
Gia fatta scansione con Adaware e SpyBot rigorosamente aggiornati....e Norton2004.
Daniele ....#
__________________
Unn'è scuru stenni luci lu to visu villutatu,fa l'amaru cosa duci lu to labbru zzuccaratu E' na liffia la to vuci, l'okki to cielu stiddatu, la me vita è senza cruci si rispiru lu to ciatu S.J. |
|
|
|
|
20-11-2004, 12:39
|
#4 |
|
Member
Iscritto dal: May 2001
Messaggi: 237
|
scusa vai sul sito http://www.hijackthis.de/ e te lo fai analizzare online il tuo log, e se dopo aver fatto tutte le prove hai qualche problema lancia hijack e fai il restore dei file che prima ti aveva detto di bloccare
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 05:57.
