Mi ricompare sempre e1xplorer e WinMoviePlugin

[deluigif]

Ciao a tutti è la prima volta che scrivo in questo forum.
questo è il risultato di hijackthis.log.
Vi prego qualcuno mi aiuta a capire quali righe eliminare.
ho provato anche spybot ma nulla è cambiato
Aiutooo
Logfile of HijackThis v1.99.1
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\Norton Internet Security\ISSVC.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~3\wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
C:\Programmi\HPQ\SHARED\HPQWMI.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
C:\DOCUME~1\DeLu\IMPOST~1\Temp\Directory temporanea 4 per hijackthis[1].zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tempi.it/home.aspx
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ComCap - {E1B2E864-8BFC-4072-AE11-924E0F8BBA96} - C:\WINDOWS\system32\comcap16.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] "%ProgramFiles%\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~3\wcescomm.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Programmi\Norton Internet Security\ISSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

[RNicoletto]

Questi sono da cancellare:

Codice:

O2 - BHO: Active sync - {25E1A054-1262-459F-9F14-BF06148F4253} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Dredge - {EB870508-E2B7-4169-8120-760F69703776} - C:\WINDOWS\system32\kaboom.dll
O2 - BHO: Intense - {FB47056B-B34D-410E-819A-E8A51CC8E2EB} - C:\WINDOWS\system32\Kaboom.dl
O20 - Winlogon Notify: igfxcui - igfxsrvc.dll (file missing)

Inoltre, hai idea di cosa siano questi indirizzi IP??

Codice:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS1\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21
O17 - HKLM\System\CS2\Services\Tcpip\..\{0ADB7857-9749-40CA-9044-B6744801B8F0}: NameServer = 213.140.2.12,213.140.2.21

Se non sai a chi appartengono, cancellali.

[deluigif]

Grazie Nicoletto adesso provo.... con i n.Ip cosa devo fare sono i miei???

[RNicoletto]

Se gli IP sono tuoi lasciali.

[Davide71]

ciao,

devi eliminarlo:

Data: 12/12/2005
Nome: Trojan.Win32.Agent.TA
Tipologia: Trojan - BHO
Stato: X
Nomefile: iewatch.exe - kaboom.dll
Startup: IEAgent update check - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F}
Dimensione: 19968 byte
Descrizione: Arriva con un email di spam invitando a collegarsi al sito: http://www.funnymoviesgallerie.com/72364 o bebotamovies.com per guardare un filmato. Eseguendo il filmato, viene richiesto di installare un codec (VideoCodec3_05b.exe) per la riproduzione, il quale installa iewatch.exe e kaboom.dll.
iewatch.exe si connette al sito http://joywebsurfer.com (oppure da 192.168.0.2) per prelevare il file ieagent_setup.exe in modo da aggiornare il trojan con una nuova release.
Il file kaboom.dll (45056 byte) è un BHO e si connette ai siti:
http://joywebsurfer.com
http://mucho-cool.com
http://epromosystems.com
Vi sono altre varianti del file iewatch.exe lunghe: 23040 byte




Da sophos altre info:

Troj/Agent-IF is a Trojan for the Windows platform.

Troj/Agent-IF is capable of spying on a user's browsing habits, modifying Microsoft Internet Explorer settings, downloading further executables and displaying popup advertisements.

When Troj/Agent-IF is installed the following files are created:

<Temp>\wmpl.exe
<System>\gtrack.dll
<System>\kaboom.dll

The files gtrack.dll and kaboom.dll are registered as COM objects and Browser Helper Objects (BHOs) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKCR\CLSID\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)
HKCR\Interface\(BAA919E5-FD47-4D7E-95AB-5B2CDA493358)
HKCR\Interface\(D861BD5E-E1E7-4E5E-AB15-CB347FBDBC6D)
HKCR\Kaboom.IEagent\
HKCR\Kaboom.IEagent.1\
HKCR\TypeLib\(023E6659-1A0A-4724-9273-66EA06A82C98)
HKCR\TypeLib\(E0C0FC76-CC5E-46E2-B77A-4C2ADD965B9F)
HKCR\Watcher.GoogleTracker\
HKCR\Watcher.GoogleTracker.1\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)

Registry entries are created under:

Troj/Agent-IF is a Trojan for the Windows platform.

Troj/Agent-IF is capable of spying on a user's browsing habits, modifying Microsoft Internet Explorer settings, downloading further executables and displaying popup advertisements.

When Troj/Agent-IF is installed the following files are created:

<Temp>\wmpl.exe
<System>\gtrack.dll
<System>\kaboom.dll

The files gtrack.dll and kaboom.dll are registered as COM objects and Browser Helper Objects (BHOs) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKCR\CLSID\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)
HKCR\Interface\(BAA919E5-FD47-4D7E-95AB-5B2CDA493358)
HKCR\Interface\(D861BD5E-E1E7-4E5E-AB15-CB347FBDBC6D)
HKCR\Kaboom.IEagent\
HKCR\Kaboom.IEagent.1\
HKCR\TypeLib\(023E6659-1A0A-4724-9273-66EA06A82C98)
HKCR\TypeLib\(E0C0FC76-CC5E-46E2-B77A-4C2ADD965B9F)
HKCR\Watcher.GoogleTracker\
HKCR\Watcher.GoogleTracker.1\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\(4BC9A7AC-2329-49D0-B07F-5FE484029DC2)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\(A853979C-2A9A-4ACB-8975-5740A7E26CB4)

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\SUW\


ciao.

[Davide71]

Usa Mozilla Firefox per navigare (abituati) Internet Explorer e' uno schifo, e pensa magari a cestinare pure il Norton internet security, antivirus peso come un macigno, che non ti ha aiutato (mi pare proprio) a difenderti da questo semplice spyware, considera pure l'installazione del WinPatrol http://www.wintricks.it/news2/article.php?ID=13036 , software direi essenziale, sempre se non hai un antivirus che ti protegge il registro di Windows, da eventuali manomissioni.

byezzz