come rimuovere searchhook??????????
Inviato: gio ago 31, 2006 11:26 am
Buongiorno a tutti, è da un paio di giorno che mi stò autodistruggendo a tentar di rimuovere uno spy(?) di nome "searchhook". Dopo aver fatto numerose scansioni con ad aware, spybot, e hajakthis e forse aver tentato di rimuovere la chiave penso incriminata, lui si ripropone(come la peperonata!!) ogni volta che faccio una ricerca su google si apre un pop-up che ti vuol indirizzare alla meta,e questo pop up una volta si chiama ceasar casino, una volta world sea, una volta searhhook........vi invio anche il log dell'hajakthis, grazie
Logfile of HijackThis v1.99.1
Scan saved at 12.12.54, on 31/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Vodafone\VodafoneMobileConnectCard\VodafoneMobileConnectCard.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Documents and Settings\Amedeo\Desktop\backup ame\Download\Utility pulizia\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0386D421-98BD-0323-3FA8-ED1C427590DC} - C:\WINDOWS\xcrkn1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Vodafone Mobile Connect Card.lnk = C:\Programmi\Vodafone\VodafoneMobileConnectCard\VodafoneMobileConnectCard.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {721D064D-FF00-11D3-A51B-0000F8798D58} (AxcUvacDbVers.CtlUvacDbVers) - http://alimvet.sanita.it/sanitaspe/Acti ... DbVers.Cab
O16 - DPF: {721D070E-FF00-11D3-A51B-0000F8798D58} (AxcUvac000.CntlUvac0001) - http://alimvet.sanita.it/sanitaspe/Acti ... vac000.cab
O16 - DPF: {B2468626-6F41-11D3-8672-0000F824C6DA} (Axc010b.Ctl010b) - http://alimvet.sanita.it/sanitaspe/ActiveX/Axc010b.cab
O16 - DPF: {CD47CC64-6C55-11D3-A465-0000F8798D58} (Axc011.Ctl011) - http://alimvet.sanita.it/sanitaspe/ActiveX/Axc011.cab
O16 - DPF: {D7249679-BE8F-11D3-A4D5-0000F8798D58} (AxcAggDb1.CtlAggDb1) - http://alimvet.sanita.it/sanitaspe/Acti ... AggDb1.Cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B9AC345-B89C-4C4D-B831-342C827776F9}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4805F678-7BC5-4FCE-A1CE-65C73FE398D0}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F0B84F1-D458-4DFD-B570-C493A95A530E}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A13DBE-F22A-4BFD-BBC5-8D9DD226AC09}: NameServer = 151.99.125.2,151.99.250.2
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\con.jmt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: LogPtd - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\aux.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 12.12.54, on 31/08/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Vodafone\VodafoneMobileConnectCard\VodafoneMobileConnectCard.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Lavasoft\Ad-aware 6\Ad-watch.exe
C:\Documents and Settings\Amedeo\Desktop\backup ame\Download\Utility pulizia\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {0386D421-98BD-0323-3FA8-ED1C427590DC} - C:\WINDOWS\xcrkn1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: Vodafone Mobile Connect Card.lnk = C:\Programmi\Vodafone\VodafoneMobileConnectCard\VodafoneMobileConnectCard.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O16 - DPF: {721D064D-FF00-11D3-A51B-0000F8798D58} (AxcUvacDbVers.CtlUvacDbVers) - http://alimvet.sanita.it/sanitaspe/Acti ... DbVers.Cab
O16 - DPF: {721D070E-FF00-11D3-A51B-0000F8798D58} (AxcUvac000.CntlUvac0001) - http://alimvet.sanita.it/sanitaspe/Acti ... vac000.cab
O16 - DPF: {B2468626-6F41-11D3-8672-0000F824C6DA} (Axc010b.Ctl010b) - http://alimvet.sanita.it/sanitaspe/ActiveX/Axc010b.cab
O16 - DPF: {CD47CC64-6C55-11D3-A465-0000F8798D58} (Axc011.Ctl011) - http://alimvet.sanita.it/sanitaspe/ActiveX/Axc011.cab
O16 - DPF: {D7249679-BE8F-11D3-A4D5-0000F8798D58} (AxcAggDb1.CtlAggDb1) - http://alimvet.sanita.it/sanitaspe/Acti ... AggDb1.Cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B9AC345-B89C-4C4D-B831-342C827776F9}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{4805F678-7BC5-4FCE-A1CE-65C73FE398D0}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F0B84F1-D458-4DFD-B570-C493A95A530E}: NameServer = 151.99.125.2,151.99.250.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1A13DBE-F22A-4BFD-BBC5-8D9DD226AC09}: NameServer = 151.99.125.2,151.99.250.2
O20 - AppInit_DLLs: \\?\C:\WINDOWS\System32\con.jmt
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: LogPtd - Unknown owner - \\?\C:\Programmi\File comuni\Microsoft Shared\aux.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)