Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 20

Discussione: pc infettato...

  1. 26-07-2004, 09:13 #1
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11

    pc infettato...

    ciao ragazzi, mi sono appena iscritto su consiglio di un amico.


    ho un problema con il pc (sistema operativo xp)

    da qualche giorno "dovrei" avere dentro un malaware... o come cavolo
    si chiamano!

    praticamente ogni volta che apro le pagine di IE mi apre una pagina
    "about:blank" con vari link...

    ho provato a modificarla, niente...
    norton 2004 non trova nulla, ad-aware e spybot aggiornati mi trovano solo
    8 chiavi di registro modificate ma non riesco a fare nulla se non eliminarle

    se non che dopo un attimo mi ritornano come prima anche se non mi collego in internet..

    cosa posso fare?
    Rispondi quotando Rispondi quotando
  2. 26-07-2004, 09:17 #2
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11
    dimenticavo, magari vi può essere utile...

    la scansione con hijack mi da questi risultati:

    Logfile of HijackThis v1.98.0
    Scan saved at 9.15.37, on 26/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    C:\WINDOWS\system32\qttask.exe
    C:\Programmi\Creative\ShareDLL\CtNotify.exe
    C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Programmi\Creative\News\NewsUpd.EXE
    C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    C:\Programmi\Creative\ShareDLL\MediaDet.Exe
    C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe
    C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    D:\winmx\mx_monitor\MXMoni128Eb\MXMoniE.exe
    C:\Programmi\WinMX\WinMX.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Documents and Settings\Gibar\Desktop\posta libero\html2pop3.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Gibar\Desktop\spy\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {6BE8A4C8-1921-4F0B-9058-30D1B937807D} - C:\WINDOWS\System32\jdgpod.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [CTAvTray] C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive2k\Program\CTAvStub.EX E EAX.AVI
    O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C26A7587-4701-40FC-993D-DD17EF4F7516}: NameServer = 217.141.107.203 151.99.125.1
    O18 - Filter: text/html - {568C46CA-EE32-4063-9267-D764B85080F3} - C:\WINDOWS\System32\jdgpod.dll
    O18 - Filter: text/plain - {568C46CA-EE32-4063-9267-D764B85080F3} - C:\WINDOWS\System32\jdgpod.dll
    Rispondi quotando Rispondi quotando
  3. 26-07-2004, 11:21 #3
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Scaricati questi tre programmi


    sphjfix

    Crea una nuova cartella sul desktop e mettici dentro l'eseguibile.


    CWShredder


    AdAware

    QUESTO il file per la traduzione in italiano, da usare dopo che AdAware è stato già installato.


    Una volta installato AdAware e lanciato il file per tradurlo in italiano, apri AdAware clicca sull'icona Settings il alto a dx (raffigurante un ingranaggio)
    da Language file scegli la lingua italiana e clicca su Proceed (in basso a dx). Chiudi AdAware.


    Ora con tutti i programmi chiusi (!),anche il browser dev'essere chiuso (!), apri la cartella precedentemente creata e clicca sul file sphjfix e poi su "start disinfection" finita la scansione riavvia e fai una nuova scansione.

    Riavvia in modalità provvisoria.

    Apri HijackThis (tutti i programmi DEVONO essere chiusi, anche il browser) clicca su Scan e metti la spunta al fianco dei valori e clicca su Fix Checked.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    O2 - BHO: (no name) - {6BE8A4C8-1921-4F0B-9058-30D1B937807D} - C:\WINDOWS\System32\jdgpod.dll
    O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://195.225.177.
    O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
    O18 - Filter: text/html - {568C46CA-EE32-4063-9267-D764B85080F3} - C:\WINDOWS\System32\jdgpod.dll
    O18 - Filter: text/plain - {568C46CA-EE32-4063-9267-D764B85080F3} - C:\WINDOWS\System32\jdgpod.dll


    Apri, sempre dalla modalità provvisoria, AdAware e settalo così:

    Dalla finestra principale del programma portati in alto e clicca sull'icona Configurazione (icona ingranaggio), troverai 4 voci metti la spunta selle ultime tre (devono diventare verdi)
    1) salva log file
    2) in quarantena prima di rimuovere
    3) Modo sicuro
    Ora clicca su Personalizza (sempre dalla stessa finestra)
    Metti la spunta su "Usa la mia configurazione di default" e clicca al suo fianco su Personalizza
    Metti la spunata su
    "Controlla all'interno delle cartelle"
    Nella parte "Memoria & Registro" metti la spunta a tutte e 5 le voci (devono sempre diventare verdi)
    Clicca su Continua (in basso)
    Ora clicca con tutte le applicazioni chiuse, su Inizio (in basso a dx) e poi su Avanti.
    Finita la scansione elimina tutti i valori in rosso che AdAware ti ha trovato, riavvia il pc in modalità normale.

    Apri CWShredder e clicca su Fix. Riavvia il pc.

    Fai un nuovo Scan con HJT e posta il Log

    P.S.
    Ovviamente prima di fare la scansione con AdAware assicurati d'avere le definizioni aggiornate. Per verificarlo apri AdAware e dalla finestra principale controlla il n° del Reffile e la data

    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  4. 26-07-2004, 12:24 #4
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11
    ecco qua:

    Logfile of HijackThis v1.98.0
    Scan saved at 12.17.25, on 26/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    C:\Programmi\Creative\ShareDLL\CtNotify.exe
    C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Programmi\Creative\News\NewsUpd.EXE
    C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Programmi\Creative\ShareDLL\MediaDet.Exe
    C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Documents and Settings\Gibar\Desktop\spy\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [CTAvTray] C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive2k\Program\CTAvStub.EX E EAX.AVI
    O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE



    da quando mi hai risp, se entro nel 3d mi dice questo norton...
    Rispondi quotando Rispondi quotando
  5. 26-07-2004, 14:21 #5
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    e si vede che Norton ha le travecole

    apri ancora sphjfix e clicca ancora su "start disinfection", nella cartella che contiene questo progrmma verrà creato un file log, per favore copiami qui nel3d il risultato; riavvia in modalità provvisoria (è importante) elimina con HJT questi valori


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

    apri ancora CWShredder e clicca su Fix.

    Fai ancora una scansione con AdAware sempre settato in quella maniera, elimina ciò che viene rilevato. Riavvia e posta un nuovo log di HJT
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  6. 26-07-2004, 14:37 #6
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Allora, a volte Norton è fin troppo solerte

    vediamo se facendo così l'alert non ti viene più segnalato

    elimina il contenuto delle cartelle

    cookies
    temporary internet files
    temp

    (ovviamente SOLO il contenuto delle cartelle)

    riavvia, collegati nuovamente apri ancora questa pagina, se risolviamo così, poi ti spiego perchè Norton ti dava quell'alert
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
  7. 26-07-2004, 16:27 #7
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11
    sphjfix non faccio in tempo a startarlo che ha già finito....

    26/07/2004 11.55.10 SPhjFix started v1.07
    26/07/2004 11.55.10 Stealth-String not found -> Programm terminated
    26/07/2004 11.55.49 SPhjFix started v1.07
    26/07/2004 11.55.49 Stealth-String not found -> Programm terminated
    26/07/2004 15.55.36 SPhjFix started v1.07
    26/07/2004 15.55.36 Stealth-String not found -> Programm terminated


    e CWShredder non trova niente....

    ne hjt e ad-aware in modalità provvisoria ora trovano qualcosa!

    però la pagina iniziale dopo la prima volta che mi hai dato i consigli non
    la cambia più...


    in modalità normale, trovano questo:

    Logfile of HijackThis v1.98.0
    Scan saved at 16.20.34, on 26/07/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
    C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
    C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Programmi\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
    C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE
    C:\Programmi\Creative\ShareDLL\CtNotify.exe
    C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    C:\Programmi\Creative\News\NewsUpd.EXE
    C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    C:\Programmi\Creative\ShareDLL\MediaDet.Exe
    C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\dslmon.exe
    C:\Programmi\Lavasoft\Ad-aware 6\Ad-aware.exe
    C:\Documents and Settings\Gibar\Desktop\spy\HijackThis.exe
    C:\Programmi\Messenger\msmsgs.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC 2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE
    O4 - HKLM\..\Run: [NewsUpd] C:\Programmi\Creative\News\NewsUpd.EXE /q
    O4 - HKLM\..\Run: [CTAvTray] C:\Programmi\Creative\SBLive2k\Program\CTAvTray.EX E
    O4 - HKLM\..\Run: [WinPatrol] "C:\PROGRA~1\BILLPS~1\WINPAT~1\WinPatrol.exe"
    O4 - HKLM\..\RunOnce: [CTAVTray] C:\Programmi\Creative\SBLive2k\Program\CTAvStub.EX E EAX.AVI
    O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
    O4 - Global Startup: DSLMON.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
    Rispondi quotando Rispondi quotando
  8. 26-07-2004, 16:28 #8
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11
    Lista processi attivi
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 26-07-2004 14.17.29
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 26-07-2004 14.17.34
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 26-07-2004 14.17.34
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Applicazione Servizi e Controller
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Sistema operativo Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2001 10.00.00

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 26-07-2004 14.17.34
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2002 11.51.32

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 26-07-2004 14.17.35
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2001 10.00.00

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.35
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2001 10.00.00

    #:7 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 26-07-2004 14.17.36
    BasePriority : Normal
    FileSize : 983 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Esplora risorse
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Sistema operativo Microsoft
    Created on : 18/06/2004 14.21.09
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2002 11.51.30

    #:8 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 26-07-2004 14.17.36
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2001 10.00.00

    #:9 [eebsvc.exe]
    FilePath : C:\Programmi\File comuni\EPSON\EBAPI\
    ThreadCreationTime : 26-07-2004 14.17.36
    BasePriority : Normal
    FileSize : 76 KB
    Created on : 28/06/2004 16.13.10
    Last accessed : 25/07/2004 22.00.00
    Last modified : 29/01/2002 11.33.14

    #:10 [ccproxy.exe]
    FilePath : C:\Programmi\File comuni\Symantec Shared\
    ThreadCreationTime : 26-07-2004 14.17.36
    BasePriority : Normal
    FileSize : 213 KB
    FileVersion : 2.0.2.806
    ProductVersion : 2.0.2.806
    Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client Network Proxy Service
    InternalName : ccProxy
    OriginalFilename : ccProxy.exe
    ProductName : Common Client
    Created on : 09/09/2003 8.15.02
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2003 8.15.02

    #:11 [ccsetmgr.exe]
    FilePath : C:\Programmi\File comuni\Symantec Shared\
    ThreadCreationTime : 26-07-2004 14.17.36
    BasePriority : Normal
    FileSize : 230 KB
    FileVersion : 2.0.2.806
    ProductVersion : 2.0.2.806
    Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client Settings Manager Service
    InternalName : ccSetMgr
    OriginalFilename : ccSetMgr.exe
    ProductName : Common Client
    Created on : 09/09/2003 8.23.50
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2003 8.23.50

    #:12 [ctsvccda.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 43 KB
    FileVersion : 1.0.1.0
    ProductVersion : 1.0.0.0
    Copyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
    CompanyName : Creative Technology Ltd
    FileDescription : Creative Service for CDROM Access
    InternalName : CTsvcCDAEXE
    OriginalFilename : CTsvcCDA.EXE
    ProductName : Creative Service for CDROM Access
    Created on : 23/07/2004 10.26.52
    Last accessed : 25/07/2004 22.00.00
    Last modified : 12/12/1999 23.01.00

    #:13 [sagent2.exe]
    FilePath : C:\Programmi\File comuni\EPSON\EBAPI\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 92 KB
    FileVersion : 2, 3, 0, 0
    ProductVersion : 1, 0, 0, 0
    Copyright : Copyright (C) SEIKO EPSON CORP. 2000-2001
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Printer Status Agent
    InternalName : SAgent2
    OriginalFilename : SAgent2.exe
    ProductName : EPSON Bidirectional Printer
    Created on : 28/06/2004 16.12.50
    Last accessed : 25/07/2004 22.00.00
    Last modified : 17/07/2002 0.03.00

    #:14 [navapsvc.exe]
    FilePath : C:\Programmi\Norton SystemWorks\Norton Antivirus\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 155 KB
    FileVersion : 10.00.2
    ProductVersion : 10.00.2
    Copyright : Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Norton AntiVirus Auto-Protect Service
    InternalName : NAVAPSVC
    OriginalFilename : NAVAPSVC.EXE
    ProductName : Norton AntiVirus
    Created on : 18/06/2004 11.07.16
    Last accessed : 25/07/2004 22.00.00
    Last modified : 12/05/2004 11.44.02

    #:15 [nprotect.exe]
    FilePath : C:\PROGRA~1\NORTON~2\NORTON~2\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 84 KB
    FileVersion : 17.0.0.82
    ProductVersion : 17.0.0.82
    Copyright : Copyright (c) 1997-2003 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Norton Protection Status
    InternalName : NPROTECT
    OriginalFilename : NPROTECT.EXE
    ProductName : Norton Utilities
    Created on : 14/09/2003 12.51.56
    Last accessed : 25/07/2004 22.00.00
    Last modified : 14/09/2003 12.51.56

    #:16 [nvsvc32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 80 KB
    FileVersion : 6.14.10.5216
    ProductVersion : 6.14.10.5216
    Copyright : (C) NVIDIA Corporation. All rights reserved.
    CompanyName : NVIDIA Corporation
    FileDescription : NVIDIA Driver Helper Service, Version 52.16
    InternalName : NVSVC
    OriginalFilename : nvsvc32.exe
    ProductName : NVIDIA Driver Helper Service, Version 52.16
    Created on : 06/10/2003 12.16.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 06/10/2003 12.16.00

    #:17 [sndsrvc.exe]
    FilePath : C:\Programmi\File comuni\Symantec Shared\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 189 KB
    FileVersion : 5.3.2.67
    ProductVersion : 5.3
    Copyright : Copyright 2002, 2003 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Network Driver Service
    InternalName : SndSrvc
    OriginalFilename : SndSrvc.exe
    ProductName : Symantec Security Drivers
    Created on : 29/06/2004 14.14.38
    Last accessed : 25/07/2004 22.00.00
    Last modified : 29/06/2004 14.14.38

    #:18 [nopdb.exe]
    FilePath : C:\PROGRA~1\NORTON~2\NORTON~2\SPEEDD~1\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 172 KB
    FileVersion : 7.00.0.24
    ProductVersion : 7.00.0.24
    Copyright : Copyright (c) 1997-2003 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : NOPDB
    InternalName : NOPDB
    OriginalFilename : NOPDB.dll
    ProductName : Norton Speed Disk
    Created on : 14/09/2003 12.51.54
    Last accessed : 25/07/2004 22.00.00
    Last modified : 14/09/2003 12.51.54

    #:19 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 31/08/2001 10.00.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2001 10.00.00

    #:20 [mspmspsv.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 52 KB
    FileVersion : 7.00.00.1954
    ProductVersion : 7.00.00.1954
    Copyright : Copyright (C) Microsoft Corp. 1981-2000
    CompanyName : Microsoft Corporation
    FileDescription : WMDM PMSP Service
    InternalName : MSPMSPSV.EXE
    OriginalFilename : MSPMSPSV.EXE
    ProductName : Microsoft (R) DRM
    Created on : 26/06/2000 5.44.20
    Last accessed : 25/07/2004 22.00.00
    Last modified : 26/06/2000 5.44.20
    Rispondi quotando Rispondi quotando
  9. 26-07-2004, 16:28 #9
    Gibar
    Gibar non è in linea
    Utente di HTML.it
    Registrato dal
    Jul 2004
    Messaggi
    11
    #:21 [ccevtmgr.exe]
    FilePath : C:\Programmi\File comuni\Symantec Shared\
    ThreadCreationTime : 26-07-2004 14.17.37
    BasePriority : Normal
    FileSize : 249 KB
    FileVersion : 2.0.2.806
    ProductVersion : 2.0.2.806
    Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client Event Manager Service
    InternalName : ccEvtMgr
    OriginalFilename : ccEvtMgr.exe
    ProductName : Common Client
    Created on : 09/09/2003 8.10.16
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2003 8.10.16

    #:22 [devldr32.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 26-07-2004 14.17.38
    BasePriority : Normal
    FileSize : 38 KB
    FileVersion : 1, 0, 0, 15
    ProductVersion : 1, 0, 0, 15
    Copyright : Copyright
    CompanyName : Creative Technology Ltd.
    FileDescription : DevLdr32
    InternalName : DevLdr
    OriginalFilename : DevLdr32.exe
    ProductName : Creative Ring3 NT Inteface
    Created on : 23/07/2004 10.40.25
    Last accessed : 25/07/2004 22.00.00
    Last modified : 05/06/2000 14.32.46

    #:23 [savscan.exe]
    FilePath : C:\Programmi\Norton SystemWorks\Norton Antivirus\
    ThreadCreationTime : 26-07-2004 14.17.41
    BasePriority : Normal
    FileSize : 189 KB
    FileVersion : 9.2.1.14
    ProductVersion : 9.2
    Copyright : Copyright (c) 2003 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Symantec AntiVirus Scanner
    InternalName : SAVSCAN
    OriginalFilename : SAVSCAN.EXE
    ProductName : Symantec AntiVirus AutoProtect
    Created on : 18/06/2004 10.57.51
    Last accessed : 25/07/2004 22.00.00
    Last modified : 07/11/2003 15.46.00

    #:24 [ccapp.exe]
    FilePath : C:\Programmi\File comuni\Symantec Shared\
    ThreadCreationTime : 26-07-2004 14.18.08
    BasePriority : Normal
    FileSize : 69 KB
    FileVersion : 2.0.2.806
    ProductVersion : 2.0.2.806
    Copyright : Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
    CompanyName : Symantec Corporation
    FileDescription : Common Client User Session
    InternalName : ccApp
    OriginalFilename : ccApp.exe
    ProductName : Common Client
    Created on : 09/09/2003 8.08.58
    Last accessed : 25/07/2004 22.00.00
    Last modified : 09/09/2003 8.08.58

    #:25 [acctmgr.exe]
    FilePath : C:\Programmi\Norton SystemWorks\Password Manager\
    ThreadCreationTime : 26-07-2004 14.18.09
    BasePriority : Normal
    FileSize : 573 KB
    FileVersion : 2004.1.127
    ProductVersion : 2004.1.127
    Copyright : Copyright (c) 2003-2003 Symantec Corporation
    CompanyName : Symantec Corporation
    FileDescription : Password Manager Controller
    InternalName : AcctMgr
    OriginalFilename : AcctMgr.EXE
    ProductName : Norton Password Manager
    Created on : 18/06/2004 10.57.56
    Last accessed : 25/07/2004 22.00.00
    Last modified : 25/02/2004 11.35.28

    #:26 [mm_tray.exe]
    FilePath : C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\
    ThreadCreationTime : 26-07-2004 14.18.09
    BasePriority : Normal
    FileSize : 128 KB
    FileVersion : 7.50.0089
    ProductVersion : 7.50.0089
    Copyright : Copyright
    CompanyName : MUSICMATCH, Inc.
    FileDescription : mm_tray
    InternalName : mm_tray
    OriginalFilename : mm_tray.exe
    ProductName : MUSICMATCH JUKEBOX
    Created on : 23/06/2004 18.04.49
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/10/2002 7.55.30

    #:27 [e_s10ic2.exe]
    FilePath : C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\
    ThreadCreationTime : 26-07-2004 14.18.10
    BasePriority : Normal
    FileSize : 73 KB
    FileVersion : 3.05
    ProductVersion : 3.05
    Copyright : Copyright (C) SEIKO EPSON CORP. 2002
    CompanyName : SEIKO EPSON CORPORATION
    FileDescription : EPSON Status Monitor 3
    InternalName : E_S10IC2
    OriginalFilename : E_S10IC2.EXE
    ProductName : EPSON Status Monitor 3
    Created on : 28/06/2004 16.12.44
    Last accessed : 25/07/2004 22.00.00
    Last modified : 01/07/2002 3.05.00

    #:28 [ctnotify.exe]
    FilePath : C:\Programmi\Creative\ShareDLL\
    ThreadCreationTime : 26-07-2004 14.18.10
    BasePriority : Normal
    FileSize : 185 KB
    FileVersion : 1.55.0.0
    ProductVersion : 1.55
    Copyright : Copyright (c) 1999 Creative Technology Ltd.
    CompanyName : Creative Technology Ltd.
    FileDescription : Disc Detector
    InternalName : CtNotify
    OriginalFilename : CtNotify.exe
    ProductName : Creative Disc Detector
    Created on : 22/07/2004 13.58.14
    Last accessed : 25/07/2004 22.00.00
    Last modified : 29/08/1999 23.55.00

    #:29 [ahqtb.exe]
    FilePath : C:\Programmi\Creative\SBLive2k\AudioHQ\
    ThreadCreationTime : 26-07-2004 14.18.10
    BasePriority : Normal
    FileSize : 200 KB
    FileVersion : 1.0.193
    ProductVersion : 1.0.193
    Copyright : Copyright (c) Creative Technology Ltd. 1997-1999
    CompanyName : Creative Technology Ltd.
    FileDescription : Creative AudioHQ
    InternalName : AHQTaskBar
    OriginalFilename : AHQTb.exe
    ProductName : AudioHQ
    Created on : 23/07/2004 10.27.23
    Last accessed : 25/07/2004 22.00.00
    Last modified : 10/05/2000 23.00.00

    #:30 [newsupd.exe]
    FilePath : C:\Programmi\Creative\News\
    ThreadCreationTime : 26-07-2004 14.18.11
    BasePriority : Normal
    FileSize : 43 KB
    FileVersion : 2.5.0.9
    ProductVersion : 2.5.0.0
    Copyright : Copyright (c) Creative Technology Ltd., 2000. All Rights Reserved
    CompanyName : Creative Technology Ltd.
    FileDescription : News Engine Update Application
    InternalName : NewsUpdEXE
    OriginalFilename : NewsUpd.EXE
    ProductName : Creative News Engine
    Created on : 23/07/2004 10.16.28
    Last accessed : 25/07/2004 22.00.00
    Last modified : 04/08/2000 0.50.00

    #:31 [ctavtray.exe]
    FilePath : C:\Programmi\Creative\SBLive2k\Program\
    ThreadCreationTime : 26-07-2004 14.18.11
    BasePriority : Normal
    FileSize : 21 KB
    FileVersion : 1, 0, 0, 2
    ProductVersion : 1, 0, 0, 2
    Copyright : Copyright
    CompanyName : Creative Technology Ltd.
    FileDescription : EAX Animation Playback
    InternalName : CTAvtray
    OriginalFilename : CTAvtray.EXE
    ProductName : CTAvtray
    Created on : 23/07/2004 10.29.48
    Last accessed : 25/07/2004 22.00.00
    Last modified : 31/08/2000 23.00.00

    #:32 [backweb-8876480.exe]
    FilePath : C:\Programmi\Logitech\Desktop Messenger\8876480\Program\
    ThreadCreationTime : 26-07-2004 14.18.12
    BasePriority : Normal
    FileSize : 16 KB
    Created on : 12/07/2004 17.21.38
    Last accessed : 25/07/2004 22.00.00
    Last modified : 12/07/2004 17.21.38

    #:33 [mediadet.exe]
    FilePath : C:\Programmi\Creative\ShareDLL\
    ThreadCreationTime : 26-07-2004 14.18.12
    BasePriority : Normal
    FileSize : 161 KB
    FileVersion : 1.55.2.0
    ProductVersion : 1.55
    Copyright : Copyright (c) 1998 Creative Technology Ltd.
    CompanyName : Creative Technology Ltd.
    FileDescription : Disc Detector
    InternalName : MediaDet
    OriginalFilename : MediaDet.exe
    ProductName : Creative Disc Detector
    Created on : 22/07/2004 13.58.15
    Last accessed : 25/07/2004 22.00.00
    Last modified : 26/03/2000 23.55.00

    #:34 [dslmon.exe]
    FilePath : C:\Programmi\ARESCOM\Modem Telindus Arescom ND220\
    ThreadCreationTime : 26-07-2004 14.18.13
    BasePriority : Normal
    FileSize : 896 KB
    FileVersion : 1, 0, 0, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright (C) 2000
    FileDescription : ADIMON MFC Application
    InternalName : DSLMON
    OriginalFilename : ADIMON.EXE
    ProductName : DSLMON Application
    Created on : 18/06/2004 16.35.56
    Last accessed : 25/07/2004 22.00.00
    Last modified : 25/09/2002 7.50.04

    #:35 [msmsgs.exe]
    FilePath : C:\Programmi\Messenger\
    ThreadCreationTime : 26-07-2004 14.18.17
    BasePriority : Normal
    FileSize : 1456 KB
    FileVersion : 4.7.2009
    ProductVersion : Version 4.7
    Copyright : Copyright (c) Microsoft Corporation 1997-2003
    CompanyName : Microsoft Corporation
    FileDescription : Messenger
    InternalName : msmsgs
    OriginalFilename : msmsgs.exe
    ProductName : Messenger
    Created on : 14/04/2003 17.30.14
    Last accessed : 25/07/2004 22.00.00
    Last modified : 14/04/2003 17.30.14

    #:36 [ad-aware.exe]
    FilePath : C:\Programmi\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 26-07-2004 14.19.06
    BasePriority : Normal
    FileSize : 668 KB
    FileVersion : 6.0.1.181
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 20/07/2004 14.37.00
    Last accessed : 25/07/2004 22.00.00
    Last modified : 12/07/2003 20.00.20

    Risultato del controllo della memoria:
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
    Nuovi oggetti: 0
    Oggetti identificati: 0


    Analisi registro avviata
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

    Risultato del controllo del registro:
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
    Nuovi oggetti: 0
    Oggetti identificati: 0


    Analisi approfondita registro avviata
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
    Possibile attacco incontrollato al browser : Software\Microsoft\Internet Explorer\MainSearch Pagetemp\sp.html

    Possible Browser Hijack attempt Oggetto riconosciuto!
    Tipo : Dato di registro
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"
    Categoria : Data Miner
    Commento : Possibile attacco incontrollato al browser
    Rootkey : HKEY_CURRENT_USER
    Oggetto : Software\Microsoft\Internet Explorer\Main
    Valore : Search Page
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"

    Possibile attacco incontrollato al browser : Software\Microsoft\Internet Explorer\MainSearch Bartemp\sp.html

    Possible Browser Hijack attempt Oggetto riconosciuto!
    Tipo : Dato di registro
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"
    Categoria : Data Miner
    Commento : Possibile attacco incontrollato al browser
    Rootkey : HKEY_CURRENT_USER
    Oggetto : Software\Microsoft\Internet Explorer\Main
    Valore : Search Bar
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"

    Possibile attacco incontrollato al browser : Software\Microsoft\Internet Explorer\SearchSearchAssistanttemp\sp.html

    Possible Browser Hijack attempt Oggetto riconosciuto!
    Tipo : Dato di registro
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"
    Categoria : Data Miner
    Commento : Possibile attacco incontrollato al browser
    Rootkey : HKEY_CURRENT_USER
    Oggetto : Software\Microsoft\Internet Explorer\Search
    Valore : SearchAssistant
    Dato : "file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html"


    Risultato del controllo approfondito del registro:
    ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
    Nuovi oggetti: 3
    Oggetti identificati: 3
    Rispondi quotando Rispondi quotando
  10. 26-07-2004, 17:11 #10
    amvinfe
    amvinfe non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    - la finestra dell'alert di Norton si presenta ancora?
    - elimina dalla modalità provvisoria con HJT questi valori selezionandoli e cliccando su Fix checked


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~2\Gibar\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank


    lancia dalla provvisoria ADAware (aggiornato, mentre scrivo le definizioni sono del 24/7) rimuovi i valori trovati durante la scansione. Riavvia e posta il log di HJT
    ==
    Visita il mio blog SuspectFile.com
    ==
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.