Condividi:        

Ar-Help me!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Ar-Help me!

Postdi keyeffect » 18/11/05 16:52

Il problema è sempre lo stesso! ora gli avvisi di "ZoneAlarm" mi informano pure su:
cisv.exe
secure.exe
Cmq invio anke i log di hijackthis sxando siano qsti qlli ke kiedevate!!!

Logfile of HijackThis v1.99.1
Scan saved at 15.58.08, on 18/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\System32\usbmon.exe
C:\Programmi\SHA256\secure.exe
C:\Programmi\Kaps\kaps_mm.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\PestPatrol\PPMemCheck.exe
C:\Programmi\PESTPA~1\PPControl.exe
C:\Programmi\PestPatrol\CookiePatrol.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Washer\washer.exe
c:\progra~1\intern~1\iexplore.exe
C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wincntrl.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Symantec\LiveUpdate\AUpdate.exe
C:\Programmi\eMule\Incoming\Complete Anti-Spyware Kit (a2 - Ad-Aware - Hijackthis - Blacklist - Cclean - Cwshredder - Firefox - Protowall - Spywareblaster) By System Halted\Best Anti-Spyware Kit\BKR HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cckfdjryagtjqxbkzb.biz/uTelu ... ezHBRE.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.directsearchzone.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.directsearchzone.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\tusrs.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ljjkh.dll (file missing)
O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [ynmx] C:\WINDOWS\ynmx.exe
O4 - HKLM\..\Run: [miniport] C:\WINDOWS\System32\usbmon.exe /start
O4 - HKLM\..\Run: [wise] C:\Programmi\Common files\clockwise.exe -boot
O4 - HKLM\..\Run: [Dit] C:\WINDOWS\System32\dit.exe
O4 - HKLM\..\Run: [PowerChute] C:\Programmi\APC_Power\Pwrchute.exe -boot_time
O4 - HKLM\..\Run: [3capplnk] C:\Programmi\US Robotics\\3capplnk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [REAL] C:\Programmi\REAL\realjbox.exe
O4 - HKLM\..\Run: [WIZZ] C:\Programmi\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe
O4 - HKLM\..\Run: [LocalProxy] C:\Programmi\LocalProxy\proxy4free.exe
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [AdsBlocker] C:\Programmi\AdsBlocker\stopAds.exe
O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe
O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [Kaps] C:\Programmi\Kaps\kaps_mm.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\Run: [TermAgent] C:\WINDOWS\System32\deskconn.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Caliò\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [WIRESS] C:\Programmi\WIRESS\rssfeed.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [PPMemCheck] C:\Programmi\PestPatrol\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Programmi\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\Programmi\PestPatrol\CookiePatrol.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Livedefault] C:\DOCUME~1\CALI~1\DATIAP~1\ERRORF~1\bibbatowns.exe
O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE
O4 - Startup: PPControl.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Sitecom\Software Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 261_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A20B108-8B09-48CD-A763-9C7C7996EA95}: NameServer = 85.37.17.51 151.99.125.1
O20 - Winlogon Notify: ljjkh - C:\WINDOWS\System32\ljjkh.dll (file missing)
O20 - Winlogon Notify: tusrs - tusrs.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Sitecom\Software Bluetooth\bin\btwdins.exe
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe
keyeffect
Newbie
 
Post: 3
Iscritto il: 06/11/05 16:23

Sponsor
 

Re: Ar-Help me!

Postdi Tiseria » 18/11/05 17:19

Amico mio... sei messo tanto a male....
Hai un sacco di cose da eliminare...

keyeffect ha scritto:R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.directsearchzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.cckfdjryagtjqxbkzb.biz/uTelu ... ezHBRE.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.directsearchzone.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.directsearchzone.com/sp2.php
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\System32\tusrs.dll (file missing)

O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\ljjkh.dll (file missing)


O4 - HKLM\..\Run: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\Run: [switp] C:\WINDOWS\switpa.exe
O4 - HKLM\..\Run: [ynmx] C:\WINDOWS\ynmx.exe
O4 - HKLM\..\Run: [miniport] C:\WINDOWS\System32\usbmon.exe /start
O4 - HKLM\..\Run: [wise] C:\Programmi\Common files\clockwise.exe -boot
O4 - HKLM\..\Run: [Dit] C:\WINDOWS\System32\dit.exe

O4 - HKLM\..\Run: [WIZZ] C:\Programmi\WIZZ\dazzler.exe
O4 - HKLM\..\Run: [SHA256] C:\Programmi\SHA256\secure.exe

O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe


O4 - HKLM\..\Run: [DSB] C:\Programmi\DSB\dsb.exe

O4 - HKLM\..\Run: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\Run: [Kaps] C:\Programmi\Kaps\kaps_mm.exe

O4 - HKLM\..\Run: [TermAgent] C:\WINDOWS\System32\deskconn.exe
O4 - HKLM\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\Caliò\Dati applicazioni\sgrunt\IE4321.exe


O4 - HKLM\..\Run: [System service78] C:\WINDOWS\etb\pokapoka78.exe
O4 - HKLM\..\Run: [WIRESS] C:\Programmi\WIRESS\rssfeed.exe

O4 - HKLM\..\RunServices: [winnt DNS ident] windowsp.exe
O4 - HKLM\..\RunServices: [Microsoft Update 32] wininit.exe
O4 - HKLM\..\RunServices: [Compaq Service Drivers] ntdat32.exe

O4 - HKCU\..\Run: [Livedefault] C:\DOCUME~1\CALI~1\DATIAP~1\ERRORF~1\bibbatowns.exe

O4 - HKCU\..\Run: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\Run: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\Run: [Browser Help Svc] BHSV.EXE

O4 - HKCU\..\RunServices: [Compaq Service Drivers] ntdat32.exe
O4 - HKCU\..\RunServices: [Internet Help Svc] IHSVC.EXE
O4 - HKCU\..\RunServices: [Browser Help Svc] BHSV.EXE

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/ads ... nstall.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 261_it.exe
O20 - Winlogon Notify: ljjkh - C:\WINDOWS\System32\ljjkh.dll (file missing)
O20 - Winlogon Notify: tusrs - tusrs.dll (file missing)
O23 - Service: AOL Instant Messanger (AIM) - Unknown owner - C:\WINDOWS\aim.exe (file missing)
O23 - Service: Net Functions Library (Netlib) - Unknown owner - C:\WINDOWS\System32\Netlib.exe (file missing)
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: MS Dns Service (WinNet) - Unknown owner - C:\WINDOWS\system32\wincntrl.exe


Quelli sopra tutti da fixare da modalità provvisoria.
installa anche Virit perche' è un ottimo malware... e lo esegui dalla modalità provvisoria.

Solo per farti un po' di nomi di cosa hai di ospiti (oltre ad una serie infinita di RBot/SdBot/Spybot):

usbmon.exe -> http://www.virit.com/startup/scheda.asp?num=1583
dazzler.exe -> http://www.virit.com/startup/scheda.asp?num=1909
EnergyPlugin.exe -> http://www.virit.com/startup/scheda.asp?num=1668
IE4321.exe -> http://www.virit.com/startup/scheda.asp?num=1136

Adesso sono un po' stufo... di darti info....

O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\System32\realmon.exe /start

O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE


Sembrano nomi di anti-virus... ma ho il dubbio che siano invece il
Trojan.Win32.Agent.KS oppure una nuova variante.

Quanti anti-virus hai ?

Dopo avere fatto tutte quelle cose... posta un altro log...
Tiseria
Utente Junior
 
Post: 97
Iscritto il: 09/03/05 15:23

Postdi hydra » 18/11/05 18:02

Ma per caso è collegato a questo? Se si continuiamo la e chiudiamo questo. ;)
Avatar utente
hydra
Moderatore
 
Post: 7007
Iscritto il: 19/07/04 08:06
Località: Vallis Duplavis

pardon!!!

Postdi keyeffect » 19/11/05 19:00

Sì i topic sono collegati...ho ancora poca padronanza del forum!!!
...cmq questo "virit" ke mi consigliate ke cos'è? dove posso trovarlo? (il link ke si attiva automaticamente nn mi fa visualizzare alcuna pagina!!!)
keyeffect
Newbie
 
Post: 3
Iscritto il: 06/11/05 16:23


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 30 ospiti