Infezioni informatiche e Sicurezza informatica in generale

PcPrimiPassi.it FORUM: SICUREZZA INFORMATICA: Infezioni informatiche e Sicurezza informatica in generale

Topic: help virus

Altre pagine della discussione:

carletto
Principiante

Iscritto dal : 16/Giugno/2005
Da: Italy
Status: Offline
Posts: 53

Riporta il testo di: carletto Rispondi

Topic: Post n° 20.529 - Postato: 16/Giugno/2005 alle 14:22

salve, sono nuovo sia di forum che di pc.

spero di migliorare nel tempo.

chiedo aiuto perchè il mio pc fa i capricci, deve avere qualche virus.

elenco i sintomi: all'accenzione si connette da solo ad internet e compare un sito indesiderato,questo da un mese.da qualche giorno invece quando vado io in internet,oltre al precedente, la pagina iniziale non è quella da me inserita come iniziale ma about-serch.

di che morte devo morire????

aiutatemi voi ....

monteverdi
Apprendista

Iscritto dal : 22/Marzo/2005
Da: Italy
Status: Offline
Posts: 745

Riporta il testo di: monteverdi Rispondi

Topic: Post n° 20.534 - Postato: 16/Giugno/2005 alle 14:28

Al momento non serve morire......

penso sia qualche dialer.....

Scansione in modalità provvisoria e con ripristino di sistema disabilitato con ad-aware, spybot, antyspy, l'antivirus che usi. Naturalmente le definizioni devono essere aggiornate. Dà un'occhiata ai corsi su questo sito.

Ciao!

Yusuke
Senior

Iscritto dal : 20/Aprile/2005
Da: Italy
Status: Offline
Posts: 4.776

Riporta il testo di: Yusuke Rispondi

Topic: Post n° 20.536 - Postato: 16/Giugno/2005 alle 14:34

Prima ti installi tutti i programmi sotto indicati poi installi Hijack, fai una scansione e lo posti qui

HIJACK LO PUOI PRELEVARE DA QUI:
E IN + C'è ANCHE LA GUIDA

http://www.h3.dion.ne.jp/%7Esole/Yoghi/Hijackguida/Hijack-gu ida.html

UNA VOLTA SCARICATO, FAI IL LOG E POSTALO QUI

se non li avete già, scaricartatevi i seguenti programmi: (installateli tutti e quelli che lo richiedono, AGGIORNATELI)

Spybot (Antispy)
Ad_Aware (Antispy) + lingua italiana
CwShredder (Protezioni)
SpyWare Blaster (Protezioni)
RegSeeker (Pulizia del Registro)
Ccleaner (pulizia file inutili)

Prima di postare il log dovete fare una scansione in modalità provvisoria con il vostro Antivirus, con Spybot e con Ad-Aware

SPYBOT PRENDILO DA QUI:

http://www.download.com/3000-2144-10122137.html?part=104443& subj=dlpage&tag=button

REGSEEKER DA QUI:

http://www.hoverdesk.net/freeware.htm

Qui trovi una guida su RegSeeker:

http://www.web-zone.org/TT/XP/regseeker.asp

CCLEANER DA QUI:

http://www.softpedia.com/get/Security/Secure-cleaning/CClean er.shtml

Qui trovi una guida su ccleaner

http://www.aiutamici.com/software/descrizione.asp?CodSw=1223

SPYBLASTER DA QUI:

http://www.aboutlyrics.com/Software/Download/SpywareBlaster. php

La notte Ã¨ piÃ¹ bello, si vive meglio, per chi fino alle cinque non conosce sbadiglio e la cittÃ riprende fiato, sembra che dorma e il buio la trasforma e le cambia forma...

lucas
Esperto

Security Advisor

Iscritto dal : 14/Aprile/2005
Da: Italy
Status: Offline
Posts: 6.715

Riporta il testo di: lucas Rispondi

Topic: Post n° 20.539 - Postato: 16/Giugno/2005 alle 14:42

ciao tranquillo carletto mettiti nelle mie mani che vedi che il pc va peggio di prima

!!!!!iniziamo con la prima operazione:
comunque ha gia detto tutto yusuke

scaricati quei programmi aggiornali fatto questo fai questo passaggio:

START>IMPOSTAZIONI>PANNELO DI CONTROLLO>SISTEMA>portati sulla scheda ripristino di configurazione di sistema>METTI LA SPUNTA NELLA CASELLA>APPLICA>OK

fatto il passaggio di sopra devi avviare in modalita provvisoria:
MODALITA PROVVISORIA:
Riavvia il pc dopo aver fatto il passaggio sopra indicato,dopo la prima schermata appena iniziano a uscire le prime scritte premi il tasto F8 in continuazione aspetta un po ti uscira una schermata con delle opzioni tu scegli AVVIA IN MODALITA PROVVISORIA poi confermi una volta dentro(la grafica sara piu spartana stai tranquillo è normale)fai tutte le scansioni con i programmi indicati da yusuke elimina tutto quello che ti trova fatto tutto torna in modalita normale e vedi se il problema è risolto!!!!!!!facci sapere CIAO CIAO

carletto
Principiante

Iscritto dal : 16/Giugno/2005
Da: Italy
Status: Offline
Posts: 53

Riporta il testo di: carletto Rispondi

Topic: Post n° 20.570 - Postato: 16/Giugno/2005 alle 16:23

mi viene da rimettere.........

con HIJACK ho prelevato questo, ora???

so che sono una frana, ma con la pazienza si ottiene tutto

Logfile of HijackThis v1.99.1
Scan saved at 16.16.37, on 16/06/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\itDDD.exe
C:\WINDOWS\iejn.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\LAQUER~1\IMPOST~1\Temp\Rar$EX10.279\HijackThis.e xe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\kpwcr.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {B8A40086-20B8-C1F2-809A-00534310B657} - C:\WINDOWS\system32\apppg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\itDDD.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programmi\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [iejn.exe] C:\WINDOWS\iejn.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - Startup: I.url
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {11311111-1551-1661-1771-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://all-find.org/mih2/w inhelp.chm::/web.exe
O16 - DPF: {F57D27AE-CE57-4BC8-B232-EA57747BE5B7} - ms-its:mhtml:file://C:\PATH.MHT!http://195.225.176.5//d//ybw sqjb//avjtwig//kzpjeic//pmlajv//IT//arct.chm::/painter.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{01363ED1-51BB-4CA4-87E0-C 2C56866B050}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\..\{01363ED1-51BB-4CA4-87E0-C 2C56866B050}: NameServer = 212.216.172.62,212.216.112.112
O17 - HKLM\System\CS2\Services\Tcpip\..\{01363ED1-51BB-4CA4-87E0-C 2C56866B050}: NameServer = 212.216.172.62,212.216.112.112
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe

Yusuke
Senior

Iscritto dal : 20/Aprile/2005
Da: Italy
Status: Offline
Posts: 4.776

Riporta il testo di: Yusuke Rispondi

Topic: Post n° 20.572 - Postato: 16/Giugno/2005 alle 16:31

Scusa se te lo dico ma questo log fa skifo!!!

C penserà lucas, ma io ti consiglio di formattare!!

La notte Ã¨ piÃ¹ bello, si vive meglio, per chi fino alle cinque non conosce sbadiglio e la cittÃ riprende fiato, sembra che dorma e il buio la trasforma e le cambia forma...

Yusuke
Senior

Iscritto dal : 20/Aprile/2005
Da: Italy
Status: Offline
Posts: 4.776

Riporta il testo di: Yusuke Rispondi

Topic: Post n° 20.574 - Postato: 16/Giugno/2005 alle 16:32

Hai anke il masterbiz e se nn sbaglio about blank

La notte Ã¨ piÃ¹ bello, si vive meglio, per chi fino alle cinque non conosce sbadiglio e la cittÃ riprende fiato, sembra che dorma e il buio la trasforma e le cambia forma...

carletto
Principiante

Iscritto dal : 16/Giugno/2005
Da: Italy
Status: Offline
Posts: 53

Riporta il testo di: carletto Rispondi

Topic: Post n° 20.575 - Postato: 16/Giugno/2005 alle 16:34

si, quello è apparso da qualche giorno.

quest è il log scansione ad-aware

Ad-Aware SE Build 1.06r1

Logfile Created on:giovedì 16 giugno 2005 16.27.28

Created with Ad-Aware SE Personal, free for private use.

Using definitions file:SE1R50 13.06.2005

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch(TAC index:10):16 total references

Possible Browser Hijack attempt(TAC index:3):3 total references

Tracking Cookie(TAC index:3):3 total references

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings

===========================

Set : Search for negligible risk entries

Set : Safe mode (always request confirmation)

Set : Scan active processes

Set : Scan registry

Set : Deep-scan registry

Set : Scan my IE Favorites for banned URLs

Set : Scan my Hosts file

Extended Ad-Aware SE Settings

===========================

Set : Unload recognized processes & modules during scan

Set : Scan registry for all users instead of current user only

Set : Always try to unload modules before deletion

Set : During removal, unload Explorer and IE if necessary

Set : Let Windows remove files in use at next reboot

Set : Delete quarantined objects after restoring

Set : Include basic Ad-Aware settings in log file

Set : Include additional Ad-Aware settings in log file

Set : Include reference summary in log file

Set : Include alternate data stream details in log file

Set : Play sound at scan completion if scan locates critical objects

16-06-2005 16.27.28 - Scan started. (Full System Scan)

Listing running processes

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]

FilePath : \SystemRoot\System32\

ProcessID : 580

ThreadCreationTime : 16-06-2005 13.40.29

BasePriority : Normal

#:2 [csrss.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 708

ThreadCreationTime : 16-06-2005 13.40.30

BasePriority : Normal

#:3 [winlogon.exe]

FilePath : \??\C:\WINDOWS\system32\

ProcessID : 732

ThreadCreationTime : 16-06-2005 13.40.31

BasePriority : High

#:4 [services.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 776

ThreadCreationTime : 16-06-2005 13.40.32

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Applicazione Servizi e Controller

InternalName : services.exe

OriginalFilename : services.exe

#:5 [lsass.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 788

ThreadCreationTime : 16-06-2005 13.40.32

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : LSA Shell (Export Version)

InternalName : lsass.exe

OriginalFilename : lsass.exe

#:6 [svchost.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 956

ThreadCreationTime : 16-06-2005 13.40.33

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:7 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1024

ThreadCreationTime : 16-06-2005 13.40.33

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:8 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1108

ThreadCreationTime : 16-06-2005 13.40.34

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:9 [svchost.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1180

ThreadCreationTime : 16-06-2005 13.40.34

BasePriority : Normal

FileVersion : 5.1.2600.0 (xpclient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Generic Host Process for Win32 Services

InternalName : svchost.exe

OriginalFilename : svchost.exe

#:10 [ccproxy.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\

ProcessID : 1292

ThreadCreationTime : 16-06-2005 13.40.35

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Network Proxy Service

InternalName : ccProxy

OriginalFilename : ccProxy.exe

#:11 [ccsetmgr.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\

ProcessID : 1304

ThreadCreationTime : 16-06-2005 13.40.35

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Settings Manager Service

InternalName : ccSetMgr

OriginalFilename : ccSetMgr.exe

#:12 [issvc.exe]

FilePath : C:\Programmi\Norton Internet Security\

ProcessID : 1316

ThreadCreationTime : 16-06-2005 13.40.35

BasePriority : Normal

FileVersion : 8.0.2.5

ProductVersion : 8.0

ProductName : Norton Internet Security

CompanyName : Symantec Corporation

FileDescription : IS Service

InternalName : ISSVC.exe

OriginalFilename : ISSVC.exe

#:13 [sndsrvc.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\

ProcessID : 1336

ThreadCreationTime : 16-06-2005 13.40.36

BasePriority : Normal

FileVersion : 5.5.1.6

ProductVersion : 5.5

ProductName : Symantec Security Drivers

CompanyName : Symantec Corporation

FileDescription : Network Driver Service

InternalName : SndSrvc

OriginalFilename : SndSrvc.exe

#:14 [spbbcsvc.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\SPBBC\

ProcessID : 1360

ThreadCreationTime : 16-06-2005 13.40.36

BasePriority : Normal

FileVersion : 1,0,1,47

ProductVersion : 1,0,1,47

ProductName : SPBBC

CompanyName : Symantec Corporation

FileDescription : SPBBC Service

InternalName : SPBBCSvc

OriginalFilename : SPBBCSvc.exe

#:15 [ccevtmgr.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\

ProcessID : 1392

ThreadCreationTime : 16-06-2005 13.40.36

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec Event Manager Service

InternalName : ccEvtMgr

OriginalFilename : ccEvtMgr.exe

#:16 [spoolsv.exe]

FilePath : C:\WINDOWS\system32\

ProcessID : 1688

ThreadCreationTime : 16-06-2005 13.40.38

BasePriority : Normal

FileVersion : 5.1.2600.0 (XPClient.010817-1148)

ProductVersion : 5.1.2600.0

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Spooler SubSystem App

InternalName : spoolsv.exe

OriginalFilename : spoolsv.exe

#:17 [alg.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 1804

ThreadCreationTime : 16-06-2005 13.40.45

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Application Layer Gateway Service

InternalName : ALG.exe

OriginalFilename : ALG.exe

#:18 [sagent2.exe]

FilePath : C:\Programmi\File comuni\EPSON\EBAPI\

ProcessID : 1828

ThreadCreationTime : 16-06-2005 13.40.45

BasePriority : Normal

FileVersion : 2, 2, 0, 0

ProductVersion : 1, 0, 0, 0

ProductName : EPSON Bidirectional Printer

CompanyName : SEIKO EPSON CORPORATION

FileDescription : EPSON Printer Status Agent

InternalName : SAgent2

LegalCopyright : Copyright (C) SEIKO EPSON CORP. 2000-2001

OriginalFilename : SAgent2.exe

#:19 [mdm.exe]

FilePath : C:\Programmi\File comuni\Microsoft Shared\VS7Debug\

ProcessID : 1864

ThreadCreationTime : 16-06-2005 13.40.45

BasePriority : Normal

FileVersion : 7.00.9064.9150

ProductVersion : 7.00.9064.9150

ProductName : Microsoft Development Environment

CompanyName : Microsoft Corporation

FileDescription : Machine Debug Manager

InternalName : mdm.exe

LegalCopyright : Copyright (C) Microsoft Corp. 1997-2000

OriginalFilename : mdm.exe

#:20 [navapsvc.exe]

FilePath : C:\Programmi\Norton Internet Security\Norton AntiVirus\

ProcessID : 1904

ThreadCreationTime : 16-06-2005 13.40.45

BasePriority : Normal

FileVersion : 11.0.9.16

ProductVersion : 11.0.9

ProductName : Norton AntiVirus

CompanyName : Symantec Corporation

FileDescription : Norton AntiVirus Auto-Protect Service

InternalName : NAVAPSVC

OriginalFilename : NAVAPSVC.EXE

#:21 [symlcsvc.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\CCPD-LC\

ProcessID : 192

ThreadCreationTime : 16-06-2005 13.40.45

BasePriority : Normal

FileVersion : 1, 8, 54, 478

ProductVersion : 1, 8, 54, 478

ProductName : Symantec Core Component

CompanyName : Symantec Corporation

FileDescription : Symantec Core Component

InternalName : symlcsvc

OriginalFilename : symlcsvc.exe

#:22 [wdfmgr.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 220

ThreadCreationTime : 16-06-2005 13.40.46

BasePriority : Normal

FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)

ProductVersion : 5.2.3790.1230

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : Windows User Mode Driver Manager

InternalName : WdfMgr

OriginalFilename : WdfMgr.exe

#:23 [explorer.exe]

FilePath : C:\WINDOWS\

ProcessID : 1248

ThreadCreationTime : 16-06-2005 13.41.59

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Esplora risorse

InternalName : explorer

OriginalFilename : EXPLORER.EXE

#:24 [ccapp.exe]

FilePath : C:\Programmi\File comuni\Symantec Shared\

ProcessID : 2060

ThreadCreationTime : 16-06-2005 13.42.01

BasePriority : Normal

FileVersion : 103.0.3.8

ProductVersion : 103.0.3.8

ProductName : Client and Host Security Platform

CompanyName : Symantec Corporation

FileDescription : Symantec User Session

InternalName : ccApp

OriginalFilename : ccApp.exe

#:25 [qttask.exe]

FilePath : C:\Programmi\QuickTime\

ProcessID : 2104

ThreadCreationTime : 16-06-2005 13.42.01

BasePriority : Normal

FileVersion : 6.5.1

ProductVersion : QuickTime 6.5.1

ProductName : QuickTime

CompanyName : Apple Computer, Inc.

InternalName : QuickTime Task

LegalCopyright : © Apple Computer, Inc. 2001-2004

OriginalFilename : QTTask.exe

#:26 [itddd.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2120

ThreadCreationTime : 16-06-2005 13.42.02

BasePriority : Normal

#:27 [iejn.exe]

FilePath : C:\WINDOWS\

ProcessID : 2164

ThreadCreationTime : 16-06-2005 13.42.02

BasePriority : Normal

#:28 [ctfmon.exe]

FilePath : C:\WINDOWS\System32\

ProcessID : 2180

ThreadCreationTime : 16-06-2005 13.42.02

BasePriority : Normal

FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)

ProductVersion : 5.1.2600.1106

ProductName : Microsoft® Windows® Operating System

CompanyName : Microsoft Corporation

FileDescription : CTF Loader

InternalName : CTFMON

OriginalFilename : CTFMON.EXE

#:29 [msmsgs.exe]

FilePath : C:\Programmi\Messenger\

ProcessID : 2192

ThreadCreationTime : 16-06-2005 13.42.02

BasePriority : Normal

FileVersion : 4.7.0041

ProductVersion : Version 4.7

ProductName : Messenger

CompanyName : Microsoft Corporation

FileDescription : Messenger

InternalName : msmsgs

LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001

LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.

OriginalFilename : msmsgs.exe

#:30 [iexplore.exe]

FilePath : C:\Programmi\Internet Explorer\

ProcessID : 2708

ThreadCreationTime : 16-06-2005 14.04.56

BasePriority : Normal

FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)

ProductVersion : 6.00.2800.1106

ProductName : Sistema operativo Microsoft® Windows®

CompanyName : Microsoft Corporation

FileDescription : Internet Explorer

InternalName : iexplore

OriginalFilename : IEXPLORE.EXE

#:31 [ad-aware.exe]

FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\

ProcessID : 268

ThreadCreationTime : 16-06-2005 14.27.11

BasePriority : Normal

FileVersion : 6.2.0.236

ProductVersion : SE 106

ProductName : Lavasoft Ad-Aware SE

CompanyName : Lavasoft Sweden

FileDescription : Ad-Aware SE Core application

InternalName : Ad-Aware.exe

OriginalFilename : Ad-Aware.exe

Memory scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 0

Started registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CLASSES_ROOT

Object : clsid\{676575dd-4d46-911d-8037-9b10d6ee8bb5}

Registry Scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 1

Objects found so far: 1

Started deep registry scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 1

Started Tracking Cookie scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : la quercia@trafic[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:la quercia@trafic.ro/

Expires : 11-01-2037 16.00.00

LastSync : Hits:1

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : la quercia@cgi-bin[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:la quercia@imrworldwide.com/cgi-bin

Expires : 19-01-2009 1.00.00

LastSync : Hits:1

UseCount : 0

Tracking Cookie Object Recognized!

Type : IECache Entry

Data : la quercia@tribalfusion[1].txt

TAC Rating : 3

Category : Data Miner

Comment : Hits:1

Value : Cookie:la quercia@tribalfusion.com/

Expires : 01-01-2038 2.00.00

LastSync : Hits:1

UseCount : 0

Tracking cookie scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 3

Objects found so far: 4

Deep scanning and examining files (C:)

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 0

Objects found so far: 4

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : Only sex website.url

TAC Rating : 3

Category : Misc

Comment : Problematic URL discovered: http://www.onlysex.ws/

Object : C:\Documents and Settings\la quercia\Preferiti\

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : Search the web.url

TAC Rating : 3

Category : Misc

Comment : Problematic URL discovered: http://www.lookfor.cc/

Object : C:\Documents and Settings\la quercia\Preferiti\

Possible Browser Hijack attempt Object Recognized!

Type : File

Data : Seven days of free porn.url

TAC Rating : 3

Category : Misc

Comment : Problematic URL discovered: http://www.7days.ws/

Object : C:\Documents and Settings\la quercia\Preferiti\

Performing conditional scans...

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\urlsearchhooks

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\hsa

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\hsa

Value : UninstallString

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\se

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\se

Value : UninstallString

CoolWebSearch Object Recognized!

Type : Regkey

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\sw

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\windows\currentversion\uninstall\sw

Value : UninstallString

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Search Bar

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\search

Value : SearchAssistant

CoolWebSearch Object Recognized!

Type : RegValue

Data :

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft

Value : set

CoolWebSearch Object Recognized!

Type : RegData

Data : no

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Use Search Asst

Data : no

CoolWebSearch Object Recognized!

Type : RegData

Data : about:blank

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_CURRENT_USER

Object : software\microsoft\internet explorer\main

Value : Start Page

Data : about:blank

CoolWebSearch Object Recognized!

Type : RegData

Data : no

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Use Search Asst

Data : no

CoolWebSearch Object Recognized!

Type : RegData

Data : about:blank

TAC Rating : 10

Category : Malware

Comment :

Rootkey : HKEY_LOCAL_MACHINE

Object : software\microsoft\internet explorer\main

Value : Start Page

Data : about:blank

CoolWebSearch Object Recognized!

Type : File

Data : wbemess.log

TAC Rating : 10

Category : Malware

Comment :

Object : C:\WINDOWS\System32\wbem\logs\

Conditional scan result:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

New critical objects: 15

Objects found so far: 22

16.32.12 Scan Complete

Summary Of This Scan

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Total scanning time:00.04.43.828

Objects scanned:86942

Objects identified:22

Objects ignored:0

New critical objects:22

Yusuke
Senior

Iscritto dal : 20/Aprile/2005
Da: Italy
Status: Offline
Posts: 4.776

Riporta il testo di: Yusuke Rispondi

Topic: Post n° 20.577 - Postato: 16/Giugno/2005 alle 16:40

Vabè è inutile eliminalo dal forum, però sei altamente infetto, ma tu nn hai un antivirus?

La notte Ã¨ piÃ¹ bello, si vive meglio, per chi fino alle cinque non conosce sbadiglio e la cittÃ riprende fiato, sembra che dorma e il buio la trasforma e le cambia forma...

Yusuke
Senior

Iscritto dal : 20/Aprile/2005
Da: Italy
Status: Offline
Posts: 4.776

Riporta il testo di: Yusuke Rispondi

Topic: Post n° 20.578 - Postato: 16/Giugno/2005 alle 16:44

Lucas sta analizzando il log di hijack, c metterà un po' di tempo, tu aspetta mi raccomando

La notte Ã¨ piÃ¹ bello, si vive meglio, per chi fino alle cinque non conosce sbadiglio e la cittÃ riprende fiato, sembra che dorma e il buio la trasforma e le cambia forma...

Altre pagine della discussione:

Rispondi con Editor completo Nuova Discussione

Versione stampabile

TI E' PIACIUTO QUESTO CONTENUTO ?

Suggerisci questa pagina

Supporta il nostro lavoro

Iscriviti ora alla newsletter!

Vai al Forum

Non puoi postare nuovi topic in questo forum
Non puoi rispondere ai topic in questo forum
Non puoi cancellare i tuoi post in questo forum
Non puoi modificare i tuoi post in questo forum
Non puoi creare sondaggi in questo forum
Non puoi votare i sondaggi in questo forum

Versione 5.7 Sviluppata da Stefano Ravagni

Infezioni informatiche e Sicurezza informatica in generale

Topic: help virus

Altre pagine della discussione:

Altre pagine della discussione:

Vai al Forum

RIMANI AGGIORNATO SUI NOSTRI CONTENUTI
IN UN CLICK !

Inserisci la tua email per essere informato ogni volta che pubblichiamo un nuovo contenuto.

Infezioni informatiche e Sicurezza informatica in generale

Topic: help virus

Altre pagine della discussione:

Altre pagine della discussione:

Vai al Forum

RIMANI AGGIORNATO SUI NOSTRI CONTENUTI IN UN CLICK !

Inserisci la tua email per essere informato ogni volta che pubblichiamo un nuovo contenuto.

RIMANI AGGIORNATO SUI NOSTRI CONTENUTI
IN UN CLICK !