Log di hijackthis

**Robbb** · 29-08-2004, 12:16

A ogni connessione mi cambia la homepage e mi aggiunge dei preferiti a siti porno anche dopo aver fatto girare hijackthis.

Logfile of HijackThis v1.98.2
Scan saved at 12.08.38, on 29/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PANDA\APVXDWIN.EXE
D:\OPENOFFICE.ORG1.1.1\PROGRAM\SOFFICE.EXE
D:\PANDA\WEBPROXY.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
D:\HI JACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {ECAD9C14-ED46-D58A-E847-ADBEFC8D37EB} - C:\WINDOWS\SYSTEM\IBHO2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\ACROBAT\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {710C47C1-F95B-11D8-A887-4445E2D0DB7B} - C:\WINDOWS\SYSTEM\BMG.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [APVXDWIN] "D:\Panda\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O4 - HKLM\..\RunServices: [PavProc] "C:\Programmi\File comuni\Panda Software\PavShld\PavPrS9x.exe"
O4 - Startup: OpenOffice.org 1.1.1.lnk = D:\OpenOffice.org1.1.1\program\quickstart.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Broken Internet access because of LSP provider 'c:\programmi\panda software\panda titanium antivirus 2004\pavlsp.dll' missing
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/helpexpress/...ivePreQual.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {710C47C0-F95B-11D8-A887-44458D9C7EE0} - C:\WINDOWS\SYSTEM\BMG.DLL
O18 - Filter: text/plain - {710C47C0-F95B-11D8-A887-44458D9C7EE0} - C:\WINDOWS\SYSTEM\BMG.DLL
O19 - User stylesheet: C:\WINDOWS\color.css

Grazie ciao

**antares11** · 29-08-2004, 12:48

installa 'spy sweeper'
http://www.webroot.com/wb/products/spysweeper/index.php
e fatti una scansione: scegli l'opzione 'try it for free' shareware che ti permette un solo aggiornamento (da farsi subito), molto probabilmente ti troverà qualcosa e te la eliminerà

anche se potrai usare questo tool free per 30 gg, non potrai avere altri aggiornamenti al suo database senza qu€sti

è un tool sicuro ed efficace

**Rommel** · 29-08-2004, 13:16

http://www.hijackthis.de/index.php?langselect=italian
metti qui il log e elimina ciò che dice di eliminare.

**antares11** · 29-08-2004, 13:30

Originariamente inviato da Rommel
http://www.hijackthis.de/index.php?langselect=italian
metti qui il log e elimina ciò che dice di eliminare.

e bravo merlo.... a me dice di eliminare www.html.it/forum/ che ho messo come pagina iniziale.....

**Rommel** · 29-08-2004, 16:29

perché bisogna configurare prima hijackthis!
comunque leggendo l'analisi bisogna avere un po' di intelligenza nel capire cosa fare.

**amvinfe** · 30-08-2004, 00:17

Originariamente inviato da Rommel
perché bisogna configurare prima hijackthis!
comunque leggendo l'analisi bisogna avere un po' di intelligenza nel capire cosa fare.

appunto...quindi a parer mio il risultato lascia il tempo che trova se poi devo guardare nuovamente cosa dovrei e cosa non dovrei eliminare.

**amvinfe** · 30-08-2004, 00:56

Scaricati da -Links utili- in Rilievo

CWShredder e ADAware SE

Riavvia in modalità provvisoria, metti la spunta al fianco delle voci e clicca su Fix checked

1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = C:\WINDOWS\homepage.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rootsearch.biz/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://rootsearch.biz/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://rootsearch.biz/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://4-counter.com/?a=2&b=alexxp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O2 - BHO: (no name) - {ECAD9C14-ED46-D58A-E847-ADBEFC8D37EB} - C:\WINDOWS\SYSTEM\IBHO2.DLL
O2 - BHO: (no name) - {710C47C1-F95B-11D8-A887-4445E2D0DB7B} - C:\WINDOWS\SYSTEM\BMG.DLL (file missing)
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell32.dll /c /set
O4 - HKLM\..\Run: [winupd] C:\WINDOWS\SYSTEM\winupd.exe
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing)
O18 - Filter: text/html - {710C47C0-F95B-11D8-A887-44458D9C7EE0} - C:\WINDOWS\SYSTEM\BMG.DLL
O18 - Filter: text/plain - {710C47C0-F95B-11D8-A887-44458D9C7EE0} - C:\WINDOWS\SYSTEM\BMG.DLL
O19 - User stylesheet: C:\WINDOWS\color.css

sempre dalla provvisoria elimina, se presenti, questi files:

C:\WINDOWS\SYSTEM\IBHO2.DLL
C:\WINDOWS\SYSTEM\winupd.exe
C:\WINDOWS\SYSTEM\BMG.DLL

sempre dalla provvisoria fai una scansione con AdAware ed elimina tutto quello che d'infetto ti ha trovato.
Sempre dalla provvisoria apri CWShredder clicca su Fix.

Riavvia il pc in modalità normale, posta un nuovo log

Discussione: Log di hijackthis

Strumenti discussione

Ricerca discussione

Visualizza

Log di hijackthis

Permessi di invio