Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande
da oscar magrassi » gio ago 19, 2004 3:27 pm
La domanda è semplice, cosa devo eliminare per non avere l'indesiderata home page?
Grazie mille
Thank you in advance
Oscar
Allego Save log:
Logfile of HijackThis v1.98.2
Scan saved at 16.20.23, on 19/08/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTSystem32ibmpmsvc.exe
C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:WINNTSystem32Ati2evxx.exe
C:ProgrammiNetwork AssociatesCommon FrameworkFrameworkService.exe
C:ProgrammiNetwork AssociatesVirusScanMcshield.exe
C:ProgrammiNetwork AssociatesVirusScanVsTskMgr.exe
C:ProgrammiFile comuniMicrosoft SharedVS7Debugmdm.exe
C:WINNTdownlo~1 6kr7m3o38.exe
C:WINNTsystem32appri.exe
C:WINNTsystem32
egsvc.exe
C:WINNTsystem32MSTask.exe
C:ProgrammiAnalog DevicesSoundMAXSMAgent.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTSystem32mspmspsv.exe
C:ProgrammiCitrixICA Clientssonsvr.exe
C:WINNTExplorer.EXE
C:ProgrammiATI TechnologiesATI Control Panelatiptaxx.exe
C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
C:ProgrammiThinkPadPkgMgrHOTKEYTPONSCR.exe
C:ProgrammiThinkPadPkgMgrHOTKEY_1TpScrex.exe
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
C:WINNTAGRSMMSG.exe
C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
C:WINNTSystem32TpScrLk.exe
C:WINNTsystem32 p4mon.exe
C:ProgrammiNetwork AssociatesVirusScanSHSTAT.EXE
C:ProgrammiNetwork AssociatesCommon FrameworkUpdaterUI.exe
C:ProgrammiQuickTimeqttask.exe
C:WINNTsystem32javawz32.exe
C:WINNTsystem32ctfmon.exe
C:ProgrammiLotusNotesNLNOTES.EXE
C:ProgrammiLotusNotes
hldaemn.EXE
C:WINNTMSSMSCOREBINCLISVCL.EXE
C:WINNTMSSMSclicompapaBinsmsapm32.exe
C:WINNTMSSMSCLICOMPRemCtrlWuser32.exe
C:ProgrammiAdobeAcrobat 5.0ReaderAcroRd32.exe
C:ProgrammiInternet ExplorerIEXPLORE.EXE
C:PROGRA~1WinZipwinzip32.exe
C:DOCUME~1ed72417IMPOST~1TempHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTzoejb.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {9AAEA18F-FF0B-F426-75BB-C97ADD203976} - C:WINNTjavavi32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_19_0.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [ATIPTA] C:ProgrammiATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM..Run: [TPHOTKEY] C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [TP4EX] tp4ex.exe
O4 - HKLM..Run: [BMMLREF] C:ProgrammiThinkPadUtilitiesBMMLREF.EXE
O4 - HKLM..Run: [EZEJMNAP] C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TPKMAPMN] C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
O4 - HKLM..Run: [SynTPLpr] C:ProgrammiSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:ProgrammiSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TPKBDLED] C:WINNTSystem32TpScrLk.exe
O4 - HKLM..Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM..Run: [ShStatEXE] "C:ProgrammiNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:ProgrammiNetwork AssociatesCommon FrameworkUpdaterUI.exe"
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammiQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [javawz32.exe] C:WINNTsystem32javawz32.exe
O4 - HKLM..Run: [SMS Application Launcher] C:WINNTMSSMSCOREBINLAUNCH32.EXE
O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb
elated.htm
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://www.e-fiat.com/Components/Ocx/Ex ... utside.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:WINNTmsopt.dll (file missing)
-
oscar magrassi
- Neo Iscritto
-
- Messaggi: 3
- Iscritto il: gio ago 19, 2004 3:09 pm
da crazy.cat » gio ago 19, 2004 4:16 pm
Segui le istruzioni in questo articolo e usa CwShredder
http://www.zanezane.net/articoli.asp?id=427
Mi raccomando la scansione falla dalla modalità provvisoria. Dopo la scansione e pulizia cerca questo file C:WINNTjavavi32.dll se è ancora presente lo trascini sul desktop devi toglierlo da quella directory dove è adesso e gli cambi nome chiamalo Pippo
Rifai la scansione con Hijack dalla modalità provvisoria e se ci sono ancora devi eliminare queste voci
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTzoejb.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTzoejb.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTzoejb.dll/sp.html#21259
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:WINNTmsopt.dll (file missing)
O2 - BHO: (no name) - {9AAEA18F-FF0B-F426-75BB-C97ADD203976} - C:WINNTjavavi32.dll
Rimetti una pagina normale in internet e riavii il pc e riprovi a navigare e vedi se la pagina rimane. Se è tutto a posto elimina X sempre quel file che hai rinominato sul desktop.
Questi Exe qui soto sono molto sospetti, un controllo dei virus online non sarebbe male. Se non sai a che programmi appartengono sarebbero quasi da eliminare.
http://www.pandasoftware.com/activescan ... ncipal.htm
O4 - HKLM..Run: [javawz32.exe] C:WINNTsystem32javawz32.exe
C:WINNTdownlo~1 6kr7m3o38.exe
C:WINNTsystem32appri.exe
Fai sapere come và e benvenuto nel forum.
-
crazy.cat
- MLI Hero
-
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
da oscar magrassi » ven ago 20, 2004 11:41 am
Ho seguito fedelmente le tue istruzioni, ma non ho risolto il problema
Prima ho lanciato CwShredder, poi ho rinominato sul desktop il file con pippo, poi ho cercato di fare la scansione, ma sono riuscito solo ad eliminare O2 e O18, allora ho lanciato Panda che mi ha eliminato 5 infected files. Quindi ho rilanciato Hijack e sono riuscito ad eliminare gli R1 e R0 che mi hai suggerito, ho riavviato più volte il computer aprendo I. explorer ma all'inizio il sistema va sulla nuova pagina di default, ma appena ha finito di caricare ritorna sulla vecchia e riappaiono sul save log gli R1 ed R0 indesiderati.
Aiuto! Non so più cosa fare (non riesco oltretutto a cancellare gli ultimi tre exe che mi hai indicato
Grazie ancora
Oscar
Ti allego l'ultimo save log:
Logfile of HijackThis v1.98.2
Scan saved at 12.28.19, on 20/08/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Running processes:
C:WINNTSystem32smss.exe
C:WINNTsystem32winlogon.exe
C:WINNTsystem32services.exe
C:WINNTsystem32lsass.exe
C:WINNTSystem32ibmpmsvc.exe
C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
C:WINNTsystem32svchost.exe
C:WINNTSystem32svchost.exe
C:WINNTsystem32spoolsv.exe
C:WINNTSystem32Ati2evxx.exe
C:WINNTMSSMSCOREBINCLISVCL.EXE
C:ProgrammiNetwork AssociatesCommon FrameworkFrameworkService.exe
C:ProgrammiNetwork AssociatesVirusScanMcshield.exe
C:ProgrammiNetwork AssociatesVirusScanVsTskMgr.exe
C:ProgrammiFile comuniMicrosoft SharedVS7Debugmdm.exe
C:WINNTdownlo~1 6kr7m3o38.exe
C:WINNTsystem32appri.exe
C:WINNTsystem32
egsvc.exe
C:WINNTsystem32MSTask.exe
C:ProgrammiAnalog DevicesSoundMAXSMAgent.exe
C:WINNTSystem32WBEMWinMgmt.exe
C:WINNTSystem32mspmspsv.exe
C:WINNTMSSMSCLICOMPRemCtrlWuser32.exe
C:WINNTMSSMSclicompapaBinsmsapm32.exe
C:ProgrammiCitrixICA Clientssonsvr.exe
C:WINNTExplorer.EXE
C:ProgrammiATI TechnologiesATI Control Panelatiptaxx.exe
C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
C:ProgrammiThinkPadPkgMgrHOTKEYTPONSCR.exe
C:ProgrammiThinkPadPkgMgrHOTKEY_1TpScrex.exe
C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
C:WINNTAGRSMMSG.exe
C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
C:WINNTSystem32TpScrLk.exe
C:WINNTsystem32 p4mon.exe
C:ProgrammiNetwork AssociatesVirusScanSHSTAT.EXE
C:ProgrammiNetwork AssociatesCommon FrameworkUpdaterUI.exe
C:ProgrammiQuickTimeqttask.exe
C:WINNTsystem32javawz32.exe
C:WINNTMSSMSCOREBINLAUNCH32.EXE
C:WINNTsystem32ctfmon.exe
C:WINNTMSSMSCLICOMPSWDist32insmsmon32.exe
C:PROGRA~1WinZipwinzip32.exe
C:DOCUME~1ed72417IMPOST~1TempHijackThis.exe
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://red.clientapps.yahoo.com/customi ... .yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page =
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:ProgrammiAdobeAcrobat 5.0ReaderActiveXAcroIEHelper.ocx
O2 - BHO: (no name) - {9CC4F735-93E1-927B-2A38-8BB4ECF1B9CC} - C:WINNTsysmq32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINNTSystem32msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:ProgrammiYahoo!CompanionInstallscpnycomp5_3_19_0.dll
O4 - HKLM..Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM..Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM..Run: [ATIPTA] C:ProgrammiATI TechnologiesATI Control Panelatiptaxx.exe
O4 - HKLM..Run: [PRPCMonitor] PRPCUI.exe
O4 - HKLM..Run: [TPHOTKEY] C:PROGRA~1ThinkPadPkgMgrHOTKEYTPHKMGR.exe
O4 - HKLM..Run: [TP4EX] tp4ex.exe
O4 - HKLM..Run: [BMMLREF] C:ProgrammiThinkPadUtilitiesBMMLREF.EXE
O4 - HKLM..Run: [EZEJMNAP] C:PROGRA~1ThinkPadUTILIT~1EzEjMnAp.Exe
O4 - HKLM..Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM..Run: [TPKMAPMN] C:ProgrammiThinkPadUtilitiesTpKmapMn.exe
O4 - HKLM..Run: [SynTPLpr] C:ProgrammiSynapticsSynTPSynTPLpr.exe
O4 - HKLM..Run: [SynTPEnh] C:ProgrammiSynapticsSynTPSynTPEnh.exe
O4 - HKLM..Run: [TPKBDLED] C:WINNTSystem32TpScrLk.exe
O4 - HKLM..Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM..Run: [ShStatEXE] "C:ProgrammiNetwork AssociatesVirusScanSHSTAT.EXE" /STANDALONE
O4 - HKLM..Run: [McAfeeUpdaterUI] "C:ProgrammiNetwork AssociatesCommon FrameworkUpdaterUI.exe"
O4 - HKLM..Run: [QuickTime Task] "C:ProgrammiQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [SMS Application Launcher] C:WINNTMSSMSCOREBINLAUNCH32.EXE
O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:ProgrammiMicrosoft OfficeOffice10OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~2Office10EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb
elated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINNTweb
elated.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://www.e-fiat.com/Components/Ocx/Ex ... utside.cab
O16 - DPF: {ED5D2306-0FF4-11D2-B37C-0000C000D50D} (HighWay Imaging Control) - http://www.3di.it/code/iw/iwfull.cab
-
oscar magrassi
- Neo Iscritto
-
- Messaggi: 3
- Iscritto il: gio ago 19, 2004 3:09 pm
da crazy.cat » ven ago 20, 2004 11:53 am
Ok,ci riproviamo.
Fai tutto sempre dalla modalità provvisoria.Rifai la scansione con CwShredder.
Cerca queste 2 dll cjwdi.dll sysmq32.dll e le rinomini come prima in pippo e pluto ed eliminale subito.
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = about:blank
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Bar = res://C:WINNTcjwdi.dll/sp.html#21259
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = about:blank
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTcjwdi.dll/sp.html#21259
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant = res://C:WINNTcjwdi.dll/sp.html#21259
Gli exe prova a cancellarli anche quelli dalla modalità provvisoria.
-
crazy.cat
- MLI Hero
-
- Messaggi: 30959
- Iscritto il: lun gen 12, 2004 1:38 pm
- Località: Mestre
Torna a Sicurezza
Chi c’è in linea
Visitano il forum: Nessuno e 13 ospiti