Log Hijackthis per rimozione Toolbar e StartPage

**amvinfe** · 15-10-2004, 01:40

riavvia in modalità provvisoria!
fai lo scan con HJT
metti la spunta al fianco delle voci
clicca su Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.fastlook.net/sb.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fastlook.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://msaps.dll/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://msaps.dll/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://msaps.dll/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.fastlook.net/sb.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = res://msaps.dll/index.html
R3 - URLSearchHook: (no name) - {FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file)
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll
O2 - BHO: Tubby - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O2 - BHO: (no name) - {D8FF9A84-FEB9-4B4B-B36B-D46570203C39} - C:\WINDOWS\system32\key.dll
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {9EAC0102-5E61-2312-BC2D-76746C56544C} - C:\WINDOWS\System32\vtlbar1.dll
O4 - HKLM\..\Run: [iexplore.exe] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [kqruvcarhc] C:\WINDOWS\System32\mpefpx.exe
O4 - HKLM\..\Run: [Microsoft] c:\wintask.exe
O4 - HKLM\..\Run: [Printer Spooler] c:\printerspooler.pif
O4 - HKLM\..\Run: [Microsoft Critical Security Update] "%SystemRoot%\securityconnect.exe"
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//qwduaju//h...m::/painter.exe
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} - http://do.gameonstarter.com/cont/sc.cab
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB

sempre dalla provvisoria elimina se presenti

C:\WINDOWS\mxTarget.dll <== il file
C:\WINDOWS\System32\vtlbar1.dll <== il file
C:\WINDOWS\system32\key.dll<=0 il file
C:\WINDOWS\winlogon.exe<== il file (attenzione: il file winlogon.exe da eliminare è in C:\WINDOWS ne troverai uno in C:\WINDOWS\System32, questo in System32 è un file legittimo!!!)
C:\WINDOWS\System32\mpefpx.exe <== il file
c:\wintask.exe <== il file
c:\printerspooler.pif <== il file
C:\Windows\System32\securityconnect.exe <== il file

riavvia in modalità normale, collegati subito all'URL
http://housecall.trendmicro.com/hous...start_corp.asp
fai una scansione online, ti verranno trovati parecchi valori infetti, eliminali tutti.
Riavvia (!), posta un nuovo log

Discussione: Log Hijackthis per rimozione Toolbar e StartPage

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio