Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
altro log hijack
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
goodgod
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/06/06 10:43
Messaggi: 82
MessaggioInviato: 08 Giu 2006 21:44    Oggetto: altro log hijack Rispondi citando
eccolo qua.. è carico, mi sa..


Logfile of HijackThis v1.99.1
Scan saved at 21.20.41, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
F:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
F:\Programmi\Messenger Plus! 3\MsgPlus.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\Programmi\ClamWin\bin\ClamTray.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\Programmi\MSN Messenger\msnmsgr.exe
F:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
F:\Programmi\CountDown\CountDown.exe
F:\WINDOWS\system32\wuauclt.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.it/redirect/dial_up
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84} - F:\Programmi\LinkOptimizer\LinkOptimizer.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winnet] F:\PROGRA~1\COMMON~2\Toolbar\winnet.exe
O4 - HKLM\..\Run: [Omnipage] F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ClamWin] "F:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ATICCC] "F:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CountDown.lnk = F:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb02944US
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3356EBB5-CDF2-42F9-8F66-E317334A5FDF}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BACF0108-C31D-4DF1-B87B-210866CC3E90}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D19402-D380-479E-A2CF-F4E7F2E8B795}: NameServer = 212.216.112.112,194.243.154.62
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - F:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - f:\oracle\ora9\bin\omtsreco.exe
O23 - Service: OracleOraHome9Agent - Oracle Corporation - f:\oracle\ora9\bin\agntsrvc.exe
O23 - Service: OracleOraHome9ClientCache - Unknown owner - f:\oracle\ora9\BIN\ONRSD.EXE
O23 - Service: OracleOraHome9HTTPServer - Unknown owner - f:\oracle\ora9\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome9PagingServer - Unknown owner - f:\oracle\ora9/bin/pagntsrv.exe
O23 - Service: OracleOraHome9SNMPPeerEncapsulator - Unknown owner - f:\oracle\ora9\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome9SNMPPeerMasterAgent - Unknown owner - f:\oracle\ora9\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome9TNSListener - Unknown owner - f:\oracle\ora9\BIN\TNSLSNR.exe
O23 - Service: OracleServiceOMNIA - Oracle Corporation - f:\oracle\ora9\bin\ORACLE.EXE
Top
Profilo Invia messaggio privato
holifay
Dio maturo
Dio maturo


Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
MessaggioInviato: 09 Giu 2006 20:13    Oggetto: Rispondi citando
Per favore, metti in un file zip questo file:
Citazione:
F:\\Programmi\\LinkOptimizer\\LinkOptimizer.dll
e invialo a Suspectfile. Per trovarlo abilita se necessario la visualizzazione dei file nascosti/sistema:
Citazione:
- apri gestione risorse
- dal menu seleziona strumenti >> opzioni cartella
- seleziona il tab visualizzazione
- metti la spunta alla casella visualizza file e cartelle nascoste
- togli la spunta alla casella nascondi file di sistema (consigliato)
- clicca Si poi Applica, poi OK.


Avvia HijackThis, poi chiudi tutte le finestre lasciando aperto solo HijackThis. Clicca Do a System Scan only, metti un segno di spunta sulla casella accanto a queste voci e al temine premi Fix checked
Citazione:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {184726FC-0A5F-1C4B-02D0-96C8A7EC9D84} - F:\\Programmi\\LinkOptimizer\\LinkOptimizer.dll
O4 - HKLM\\..\\Run: [winnet] F:\\PROGRA~1\\COMMON~2\\Toolbar\\winnet.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb02944US
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup 1.0.0.8.cab


Riavvia in modalità provvisoria: premi F8 al Boot subito dopo il caricamento del BIOS e dal menu che comparirà seleziona modalità Provvisoria (safe mode)

Vai nel Pannello di Controllo installazione applicazioni e disinstalla (se le trovi) le voci relative a linkoptimizer e CommonName

Cerca ed elimina (se presenti) queste cartelle:
Citazione:
F:\\Programmi\\LinkOptimizer
F:\\PROGRAMMI\\COMMON~2 (qualcosa tipo commonname...)


Riavvia in modalità notmale e ricontrolla con HijackThis se le voci cancellate sono scomparse, altrimenti ripeti il fix.

Poi posta un nuovo log di HijackThis

Ciao Smile
Top
Profilo Invia messaggio privato
goodgod
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/06/06 10:43
Messaggi: 82
MessaggioInviato: 11 Giu 2006 11:50    Oggetto: Rispondi citando
ecco qua il nuovo log... nn so se ha seguito alla lettera le tue istruzioni..


Logfile of HijackThis v1.99.1
Scan saved at 11.43.10, on 11/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Ati2evxx.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\inetsrv\inetinfo.exe
F:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
F:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
F:\Programmi\Messenger Plus! 3\MsgPlus.exe
F:\Programmi\File comuni\Real\Update_OB\realsched.exe
F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
F:\Programmi\ClamWin\bin\ClamTray.exe
F:\Programmi\ATI Technologies\ATI.ACE\cli.exe
F:\WINDOWS\Temp\tsoy1.exe
F:\WINDOWS\Temp\tsoy2.exe
F:\Programmi\MSN Messenger\msnmsgr.exe
F:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
F:\Programmi\CountDown\CountDown.exe
F:\WINDOWS\system32\wuauclt.exe
F:\Documents and Settings\Gabriele\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.it/redirect/dial_up
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - F:\Programmi\LinkOptimizer\LinkOptimizer.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ClamWin] "F:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ATICCC] "F:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [tsoy1.exe] F:\WINDOWS\Temp\tsoy1.exe
O4 - HKLM\..\Run: [tsoy2.exe] F:\WINDOWS\Temp\tsoy2.exe
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "F:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Adobe Gamma.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CountDown.lnk = F:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O17 - HKLM\System\CCS\Services\Tcpip\..\{3356EBB5-CDF2-42F9-8F66-E317334A5FDF}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BACF0108-C31D-4DF1-B87B-210866CC3E90}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D19402-D380-479E-A2CF-F4E7F2E8B795}: NameServer = 212.216.112.112,194.243.154.62
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - F:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - f:\oracle\ora9\bin\omtsreco.exe
O23 - Service: OracleOraHome9Agent - Oracle Corporation - f:\oracle\ora9\bin\agntsrvc.exe
O23 - Service: OracleOraHome9ClientCache - Unknown owner - f:\oracle\ora9\BIN\ONRSD.EXE
O23 - Service: OracleOraHome9HTTPServer - Unknown owner - f:\oracle\ora9\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome9PagingServer - Unknown owner - f:\oracle\ora9/bin/pagntsrv.exe
O23 - Service: OracleOraHome9SNMPPeerEncapsulator - Unknown owner - f:\oracle\ora9\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome9SNMPPeerMasterAgent - Unknown owner - f:\oracle\ora9\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome9TNSListener - Unknown owner - f:\oracle\ora9\BIN\TNSLSNR.exe
O23 - Service: OracleServiceOMNIA - Oracle Corporation - f:\oracle\ora9\bin\ORACLE.EXE


che ne dici?
Top
Profilo Invia messaggio privato
holifay
Dio maturo
Dio maturo


Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
MessaggioInviato: 11 Giu 2006 19:14    Oggetto: Rispondi citando
qualcosa è andato bene, quallcosa invece è nato appena adesso.

Scarica ATF cleaner sul desktop

Scarica Ewido e installalo. Durante l´installazione nel menu Additional Options deseleziona Install background guard e Install scan via context menu. Avvialo e aggiornalo (bottone Start Update) online, ma non usarlo ancora.

Stampa per comodità queste istruzioni.

Riavvia in modalità provvisoria (F8 al boot).

Avvia HijackThis e con tutte le applicazioni e le finestre chiuse, metti un segno di spunta accanto a queste voci e premi fix checked
Citazione:
O2 - BHO: Class - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - F:\\Programmi\\LinkOptimizer\\LinkOptimizer.dll
O4 - HKLM\\..\\Run: [tsoy1.exe] F:\\WINDOWS\\Temp\\tsoy1.exe
O4 - HKLM\\..\\Run: [tsoy2.exe] F:\\WINDOWS\\Temp\\tsoy2.exe


Controlla con un altro log se la eliminazione è andata a buon fine, altrimenti riprova.

Poi avvia ATFCleaner. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.

Cerca ed elimina la cartella LinkOptimizer (in F:\\Programmi). Poi controlla che sia stata svuotata la cartella F:\\WINDOWS\\Temp, altrimenti fallo tu.

Ora avvia Ewido e cancella tutto quello che trova

Finalmente riavvia in modalità normale e collegati al sito di Kaspersky per una scansione online, da fare con modalità estesa e con scansione degli archivi di posta abilitata. Al termine posta:
- un nuovo log di HijackThis
- il log di Ewido
- il log di Kaspersky

Ciao
Top
Profilo Invia messaggio privato
holifay
Dio maturo
Dio maturo


Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
MessaggioInviato: 11 Giu 2006 19:35    Oggetto: Rispondi citando
Grazie per aver inviato il file linkoptimizer.dll . Come puoi vedere dal link si tratta di una nuova variante del trojan Agent, ancora molto poco riconosciuta: http://www.suspectfile.com/forum/viewtopic.php?t=105
Top
Profilo Invia messaggio privato
goodgod
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 06/06/06 10:43
Messaggi: 82
MessaggioInviato: 13 Giu 2006 17:41    Oggetto: Rispondi citando
allora.. ecco qui i due log, il primo di hijack e il secondo di ewido.. per quello di kaspersky ci sarà da aspettare un po', ma intanto puoi farti un'idea..


Logfile of HijackThis v1.99.1
Scan saved at 13.49.01, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Documents and Settings\Gabriele\Desktop\hijackthis_199\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2.it/redirect/dial_up
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - TELE2Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Programmi\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] F:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [NeroFilterCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Omnipage] F:\Programmi\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [LVCOMS] F:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] F:\Programmi\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] F:\Programmi\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [TkBellExe] "F:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "F:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ATIPTA] F:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ClamWin] "F:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ATICCC] "F:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "F:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "F:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Adobe Gamma.lnk = F:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: CountDown.lnk = F:\Programmi\CountDown\CountDown.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = F:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti nel file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://F:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: F:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2.it/redirect/dial_up
O17 - HKLM\System\CCS\Services\Tcpip\..\{3356EBB5-CDF2-42F9-8F66-E317334A5FDF}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{BACF0108-C31D-4DF1-B87B-210866CC3E90}: NameServer = 212.216.112.112,194.243.154.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{C4D19402-D380-479E-A2CF-F4E7F2E8B795}: NameServer = 212.216.112.112,194.243.154.62
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - F:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: qrev - {9DE24BAC-FC3C-42C4-9FC4-76B3FAFDBD90} - F:\PROGRA~1\QUESTS~1\TOAD\RNetPin.dll
O23 - Service: Adobe LM Service - Adobe Systems - F:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - F:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - F:\WINDOWS\system32\ati2sgag.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - F:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - F:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - F:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - f:\oracle\ora9\bin\omtsreco.exe
O23 - Service: OracleOraHome9Agent - Oracle Corporation - f:\oracle\ora9\bin\agntsrvc.exe
O23 - Service: OracleOraHome9ClientCache - Unknown owner - f:\oracle\ora9\BIN\ONRSD.EXE
O23 - Service: OracleOraHome9HTTPServer - Unknown owner - f:\oracle\ora9\Apache\Apache\apache.exe" --ntservice (file missing)
O23 - Service: OracleOraHome9PagingServer - Unknown owner - f:\oracle\ora9/bin/pagntsrv.exe
O23 - Service: OracleOraHome9SNMPPeerEncapsulator - Unknown owner - f:\oracle\ora9\BIN\ENCSVC.EXE
O23 - Service: OracleOraHome9SNMPPeerMasterAgent - Unknown owner - f:\oracle\ora9\BIN\AGNTSVC.EXE
O23 - Service: OracleOraHome9TNSListener - Unknown owner - f:\oracle\ora9\BIN\TNSLSNR.exe
O23 - Service: OracleServiceOMNIA - Oracle Corporation - f:\oracle\ora9\bin\ORACLE.EXE





---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 19.26.22, 12/06/2006
+ Report-Checksum: 6C0F8EB8

+ Risultati scansione:

F:\Documents and Settings\All Users\.clamwin\quarantine\ar3.jar-76821bb8-1af77d35.zip/Gummy.class -> Not-A-Virus.Exploit.ByteVerify : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\Clone CD 5 versions with keygens(2).exe/Clone CD 5 versions with keygens/Clone CD 3.06.01+crack+db.zip/Clone CD 3.06.1+crack+db/clonedb_2002.exe -> Worm.Hybris.b : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\NDNuninstall4_85-1.exe -> Adware.NewDotNet : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\NDNuninstall5_48.exe -> Adware.NewDotNet : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\NDNuninstall5_64.exe -> Adware.NewDotNet : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\NDNuninstall6_10.exe -> Adware.NewDotNet : Pulito con Backup
F:\Documents and Settings\All Users\.clamwin\quarantine\Nero 6.rar/Nero 6\clone\Clone CD 5 versions with keygens\Clone CD 3.06.01+crack+db.zip/Clone CD 3.06.1+crack+db/clonedb_2002.exe -> Worm.Hybris.b : Pulito con Backup
F:\Documents and Settings\Gabriele\Desktop\Software\CloneDVD.v2.4.3.5_Incl.Keygen.zip/reg.exe -> Dropper.Delf.fl : Errore durante la pulizia
F:\Programmi\CommonName -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\babe.dat -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\createbookmark.htm -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\createnote.htm -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\dfs.dat -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\emaillink.htm -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\exit.dat -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\navigate.htm -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\unins.exe -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\url2.dat -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\url8.dat -> Adware.CommonName : Pulito con Backup
F:\Programmi\CommonName\Toolbar\url9.dat -> Adware.CommonName : Pulito con Backup
F:\Programmini\CD\Software\Utility\MsgPlus-210a.exe/70000010.exe -> Downloader.Swizzor.g : Errore durante la pulizia


::Fine Rapporto

ciaociao
Top
Profilo Invia messaggio privato
holifay
Dio maturo
Dio maturo


Registrato: 08/03/05 10:48
Messaggi: 2912
Residenza: Milano
MessaggioInviato: 14 Giu 2006 13:01    Oggetto: Rispondi
Ehm, sbaglio o hai installato software craccati? Con loro il rischio di infettarsi è altissimo Rolling Eyes

Controlla su www.virustotal.com questi file:
Citazione:
reg.exe in F:>Documents and Settings>Gabriele>Desktop>Software>CloneDVD.v2.4.3.5_Incl.Keygen.zip
70000010.exe in F:>Programmini>CD>Software>Utility>MsgPlus-210a.exe


Cancella se non l´hai ancora fatto questa cartella: F:>Programmi>CommonName

Elimina con HijackThis anche questa voce:
Citazione:
O2 - BHO: (no name) - {2E0D5FFC-1A9D-7CEB-D9B8-C7775B2E25AA} - (no file)



Come ti sembra che vada il PC? Poi aspetto il log di Kaspersky.

Ciao Smile
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi