hijackthis: che fare?
Inviato: mer ago 04, 2004 1:07 am
un altro caso disperato. non diverso da altri, immagino, il che non mi consola. c'è questo spyware o come si chiama che mi impone una pagina iniziale di explorer che non ho scelto io. poco male (insomma...), se non fosse che la navigazione è comunque rallentata e poco stabile. io non ci capisco granché, ma voi mi sembrate dei cervelli ben attrezzati. aiutatemi, vi prego. qua sotto, lo scan di hijackthis. sono tutti quegli R0, R1, che proprio non vanno. quell'url - hercs.dll eccetera - mi compare sulla pagina iniziale.
grazie fin da ora. gianluca
Logfile of HijackThis v1.98.0
Scan saved at 19.43.46, on 03/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAMMIFILE COMUNISYMANTEC SHAREDCCEVTMGR.EXE
C:WINDOWSSYSTEMMDM.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSIEEN.EXE
C:WINDOWSAPPJP.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMRESTORESTMGR.EXE
C:WINDOWSMFCFI.EXE
C:WINDOWSSYSTEMADDSN.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSMFCFN.EXE
C:WINDOWSSYSTEMADDWI32.EXE
C:WINDOWSSYSTEMSDKZS.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAMMIFILE COMUNISYMANTEC SHAREDCCAPP.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAMMIDIRECTCDDIRECTCD.EXE
C:WINDOWSSYSTEMGSICON.EXE
C:WINDOWSSYSTEMDSLAGENT.EXE
C:PROGRAMMIDAPDAP.EXE
C:PROGRAMMIFILE COMUNIREALUPDATE_OBREALSCHED.EXE
C:PROGRAMMITRUST250S SERIESLWBWHEEL.EXE
C:PROGRAMMISYMANTECLIVEUPDATEALUNOTIFY.EXE
C:PROGRAMMIWINZIPWZQKPICK.EXE
C:WINDOWSSYSTEMADDWI32.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSSYSTEMAPPEQ.EXE
C:WINDOWSSYSTEMNTTD32.EXE
C:WINDOWSAPPJP.EXE
C:PROGRAMMIWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWShercs.dll/sp.html#96676
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = res://hercs.dll/index.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://hercs.dll/index.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWShercs.dll/sp.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWShercs.dll/sp.html#96676
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = res://hercs.dll/index.html#96676
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAMMIADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmigooglegoogletoolbar1.dll
O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:WINDOWSSYSTEMTIUIS.DLL (file missing)
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:WINDOWSMSOPT.DLL (file missing)
O2 - BHO: Class - {7CDA428B-E678-4696-262A-B07C9ECE7D9C} - C:WINDOWSATLBV32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmigooglegoogletoolbar1.dll
O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:ProgrammiFile comuniSymantec SharedccRegVfy.exe"
O4 - HKLM..Run: [Adaptec DirectCD] C:ProgrammiDirectCDDIRECTCD.EXE
O4 - HKLM..Run: [GSICONEXE] GSICON.EXE
O4 - HKLM..Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..Run: [DownloadAccelerator] C:PROGRA~1DAPDAP.EXE /STARTUP
O4 - HKLM..Run: [TkBellExe] "C:ProgrammiFile comuniRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [LWBMOUSE] C:ProgrammiTrust250S Serieslwbwheel.exe
O4 - HKLM..Run: [MFCFN.EXE] C:WINDOWSMFCFN.EXE
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe
O4 - HKLM..RunServices: [ccEvtMgr] "C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe"
O4 - HKLM..RunServices: [ScriptBlocking] "C:ProgrammiFile comuniSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [IEEN.EXE] C:WINDOWSIEEN.EXE
O4 - HKLM..RunServices: [APPJP.EXE] C:WINDOWSAPPJP.EXE
O4 - HKLM..RunServices: [MFCFI.EXE] C:WINDOWSMFCFI.EXE
O4 - HKLM..RunServices: [NTLT.EXE] C:WINDOWSSYSTEMNTLT.EXE
O4 - HKLM..RunServices: [ADDSN.EXE] C:WINDOWSSYSTEMADDSN.EXE
O4 - HKLM..RunServices: [JAVADB.EXE] C:WINDOWSSYSTEMJAVADB.EXE
O4 - HKLM..RunServices: [ADDWI32.EXE] C:WINDOWSSYSTEMADDWI32.EXE
O4 - HKLM..RunServices: [SDKZS.EXE] C:WINDOWSSYSTEMSDKZS.EXE
O4 - HKLM..RunServices: [APPEQ.EXE] C:WINDOWSSYSTEMAPPEQ.EXE
O4 - HKLM..RunServices: [NTTD32.EXE] C:WINDOWSSYSTEMNTTD32.EXE
O4 - HKCU..Run: [ALUAlert] C:ProgrammiSymantecLiveUpdateALUNotify.exe
O4 - Startup: WinZip Quick Pick.lnk = C:ProgrammiWinZipWZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:PROGRA~1DAPdapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:PROGRA~1DAPdapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.D ... milar.html
O8 - Extra context menu item: Backward &Links - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.D ... links.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:PROGRA~1DAPDAP.EXE
O12 - Plugin for .pdf: C:PROGRA~1INTERN~1PLUGINS
ppdf32.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19fd9f6f520 ... 601_it.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:WINDOWSMSOPT.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:WINDOWSSYSTEMAUHOOK.DLL
grazie fin da ora. gianluca
Logfile of HijackThis v1.98.0
Scan saved at 19.43.46, on 03/08/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAMMIFILE COMUNISYMANTEC SHAREDCCEVTMGR.EXE
C:WINDOWSSYSTEMMDM.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSIEEN.EXE
C:WINDOWSAPPJP.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMRESTORESTMGR.EXE
C:WINDOWSMFCFI.EXE
C:WINDOWSSYSTEMADDSN.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSMFCFN.EXE
C:WINDOWSSYSTEMADDWI32.EXE
C:WINDOWSSYSTEMSDKZS.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAMMIFILE COMUNISYMANTEC SHAREDCCAPP.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:PROGRAMMIDIRECTCDDIRECTCD.EXE
C:WINDOWSSYSTEMGSICON.EXE
C:WINDOWSSYSTEMDSLAGENT.EXE
C:PROGRAMMIDAPDAP.EXE
C:PROGRAMMIFILE COMUNIREALUPDATE_OBREALSCHED.EXE
C:PROGRAMMITRUST250S SERIESLWBWHEEL.EXE
C:PROGRAMMISYMANTECLIVEUPDATEALUNOTIFY.EXE
C:PROGRAMMIWINZIPWZQKPICK.EXE
C:WINDOWSSYSTEMADDWI32.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:WINDOWSSYSTEMNTLT.EXE
C:WINDOWSSYSTEMJAVADB.EXE
C:WINDOWSSYSTEMAPPEQ.EXE
C:WINDOWSSYSTEMNTTD32.EXE
C:WINDOWSAPPJP.EXE
C:PROGRAMMIWINZIPWINZIP32.EXE
C:WINDOWSTEMPHIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWShercs.dll/sp.html#96676
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = res://hercs.dll/index.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = res://hercs.dll/index.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINDOWShercs.dll/sp.html#96676
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINDOWShercs.dll/sp.html#96676
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = res://hercs.dll/index.html#96676
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:ProgrammiNorton AntiVirusNavShExt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:PROGRAMMIADOBEACROBAT 5.0READERACTIVEXACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:programmigooglegoogletoolbar1.dll
O2 - BHO: (no name) - {DE3BEBDB-AEE7-4277-8B6E-4EEFFA9508AE} - C:WINDOWSSYSTEMTIUIS.DLL (file missing)
O2 - BHO: ICOO Loader BHO - {B9D90B27-AD4A-413a-88CB-3E6DDC10DC2D} - C:WINDOWSMSOPT.DLL (file missing)
O2 - BHO: Class - {7CDA428B-E678-4696-262A-B07C9ECE7D9C} - C:WINDOWSATLBV32.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:ProgrammiNorton AntiVirusNavShExt.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:programmigooglegoogletoolbar1.dll
O4 - HKLM..Run: [PCHealth] C:WINDOWSPCHealthSupportPCHSchd.exe -s
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [ccApp] "C:ProgrammiFile comuniSymantec SharedccApp.exe"
O4 - HKLM..Run: [ccRegVfy] "C:ProgrammiFile comuniSymantec SharedccRegVfy.exe"
O4 - HKLM..Run: [Adaptec DirectCD] C:ProgrammiDirectCDDIRECTCD.EXE
O4 - HKLM..Run: [GSICONEXE] GSICON.EXE
O4 - HKLM..Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM..Run: [DownloadAccelerator] C:PROGRA~1DAPDAP.EXE /STARTUP
O4 - HKLM..Run: [TkBellExe] "C:ProgrammiFile comuniRealUpdate_OB ealsched.exe" -osboot
O4 - HKLM..Run: [LWBMOUSE] C:ProgrammiTrust250S Serieslwbwheel.exe
O4 - HKLM..Run: [MFCFN.EXE] C:WINDOWSMFCFN.EXE
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [*StateMgr] C:WINDOWSSystemRestoreStateMgr.exe
O4 - HKLM..RunServices: [ccEvtMgr] "C:ProgrammiFile comuniSymantec SharedccEvtMgr.exe"
O4 - HKLM..RunServices: [ScriptBlocking] "C:ProgrammiFile comuniSymantec SharedScript BlockingSBServ.exe" -reg
O4 - HKLM..RunServices: [Machine Debug Manager] C:WINDOWSSYSTEMMDM.EXE
O4 - HKLM..RunServices: [IEEN.EXE] C:WINDOWSIEEN.EXE
O4 - HKLM..RunServices: [APPJP.EXE] C:WINDOWSAPPJP.EXE
O4 - HKLM..RunServices: [MFCFI.EXE] C:WINDOWSMFCFI.EXE
O4 - HKLM..RunServices: [NTLT.EXE] C:WINDOWSSYSTEMNTLT.EXE
O4 - HKLM..RunServices: [ADDSN.EXE] C:WINDOWSSYSTEMADDSN.EXE
O4 - HKLM..RunServices: [JAVADB.EXE] C:WINDOWSSYSTEMJAVADB.EXE
O4 - HKLM..RunServices: [ADDWI32.EXE] C:WINDOWSSYSTEMADDWI32.EXE
O4 - HKLM..RunServices: [SDKZS.EXE] C:WINDOWSSYSTEMSDKZS.EXE
O4 - HKLM..RunServices: [APPEQ.EXE] C:WINDOWSSYSTEMAPPEQ.EXE
O4 - HKLM..RunServices: [NTTD32.EXE] C:WINDOWSSYSTEMNTTD32.EXE
O4 - HKCU..Run: [ALUAlert] C:ProgrammiSymantecLiveUpdateALUNotify.exe
O4 - Startup: WinZip Quick Pick.lnk = C:ProgrammiWinZipWZQKPICK.EXE
O4 - Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOfficeOSA9.EXE
O8 - Extra context menu item: &Download with &DAP - C:PROGRA~1DAPdapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:PROGRA~1DAPdapextie2.htm
O8 - Extra context menu item: &Google Search - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.D ... milar.html
O8 - Extra context menu item: Backward &Links - res://C:PROGRAMMIGOOGLEGOOGLETOOLBAR1.D ... links.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSweb elated.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:PROGRA~1MESSEN~1MSMSGS.EXE
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:PROGRA~1DAPDAP.EXE
O12 - Plugin for .pdf: C:PROGRA~1INTERN~1PLUGINS
ppdf32.dll
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/19fd9f6f520 ... 601_it.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:WINDOWSMSOPT.DLL
O21 - SSODL: AUHook - {BCBCD383-3E06-11D3-91A9-00C04F68105C} - C:WINDOWSSYSTEMAUHOOK.DLL