Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » AIUTO PAGINA INIZIALE

AIUTO PAGINA INIZIALE Opzioni
Topic Precedente · Topic Sucessivo
kocis98
Inviato: Monday, January 24, 2005 11:35:56 PM
Rank: AiutAmico

Iscritto dal : 1/18/2001
Posts: 207
CIAO A TUTTI SI E INSERITA UNA PAGINA INIZIALE E NON RIESCO PIU A TOGLIERLA LA PAGINA E QUESTA http://213.159.117.134/index.php
O PROVATO CON CWSHREDDER POI CON HIJACKTHIS E CON SPYBOT MA NIENTE LA PAGINA CONTINUA A RIMANERE LA STESSA AIUTATEMI VI PREGO E IN AUTOMATICO AD OGNI AVVIO DI PC MI ESCE SEMPRE LA PAGINA CON SCRITTO GRAZIE PER AVERE VISITATO IL SITO
Torna in alto
 
Sponsor
Inviato: Monday, January 24, 2005 11:35:56 PM

 
Torna in alto
 
Rayo25
Inviato: Tuesday, January 25, 2005 4:32:33 AM
Rank: Member

Iscritto dal : 10/12/2004
Posts: 0
Invia il log di Hijack nellla sezione virus, saluti
Torna in alto
 
_iron_andrea_
Inviato: Tuesday, January 25, 2005 7:56:44 PM
Rank: Member

Iscritto dal : 1/8/2005
Posts: 0
DOPO AVER FATTO UNA SCANSIONE METTI QUI IL LOG CHE DO UNA CONTROLLATA...POI LA FACCIAMO DARE ANCHE AD ALFONSO...CHE FORSE E' MEGLIO....
Torna in alto
 
alfonso
Inviato: Tuesday, January 25, 2005 8:03:59 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Scarica questo programma e leggi l'articolo per le istruzioni
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
Collaboratore Aiutamici
Torna in alto
 
kocis98
Inviato: Tuesday, January 25, 2005 11:12:20 PM
Rank: AiutAmico

Iscritto dal : 1/18/2001
Posts: 207
vi invio file log
Logfile of HijackThis v1.99.0
Scan saved at 23.09.02, on 25/01/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS.000\SYSTEM\KERNEL32.DLL
C:\WINDOWS.000\SYSTEM\MSGSRV32.EXE
C:\WINDOWS.000\SYSTEM\SPOOL32.EXE
C:\WINDOWS.000\SYSTEM\MPREXE.EXE
C:\WINDOWS.000\SYSTEM\MSTASK.EXE
C:\WINDOWS.000\SYSTEM\STIMON.EXE
C:\WINDOWS.000\SYSTEM\mmtask.tsk
C:\WINDOWS.000\EXPLORER.EXE
C:\WINDOWS.000\OIUYQR.EXE
C:\WINDOWS.000\RUNDLL32.EXE
C:\WINDOWS.000\TASKMON.EXE
C:\WINDOWS.000\SYSTEM\SYSTRAY.EXE
C:\WINDOWS.000\SYSTEM\SXCPL.EXE
C:\PROGRAMMI\AHEAD\INCD\INCD.EXE
C:\PROGRAMMI\LEXMARKX84-X85\ACMONITOR_X84-X85.EXE
C:\PROGRAMMI\LEXMARKX84-X85\ACBTNMGR_X84-X85.EXE
C:\WINDOWS.000\SYSTEM\PRINTRAY.EXE
C:\WINDOWS.000\SYSTEM\WSXSVC\WSXSVC.EXE
C:\WINDOWS.000\SYSTEM\SYSTIME.EXE
C:\WINDOWS.000\SYSTEM\SYSTIME.EXE
C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
C:\PROGRAMMI\STOPDIALERS\STOPDIALERS.EXE
C:\PROGRAMMI\LG PC SUITE\LG PC SYNC\LGSYNCMANAGER.EXE
C:\PROGRAMMI\PUMATECH\INTELLISYNC LITE FOR NEC 616\INTELLISYNC FOR NEC.EXE
C:\WINDOWS.000\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\DVD SHRINK\DVD SHRINK 3.2.EXE
C:\WINDOWS.000\SYSTEM\DDHELP.EXE
C:\WINDOWS.000\SYSTEM\RNAAPP.EXE
C:\WINDOWS.000\SYSTEM\TAPISRV.EXE
C:\WINDOWS.000\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS.000\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\WINZIP\WINZIP32.EXE
C:\WINDOWS.000\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAMMI\SURFSIDEKICK 2\SSKBHO.DLL
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS.000\QUESTMOD.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS.000\SYSTEM\MSDXM.OCX
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMI\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS.000\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS.000\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS.000\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe 3DfxVBps.dll,BansheeLoadSettings
O4 - HKLM\..\Run: [Sxcpl] Sxcpl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS.000\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAMMI\SURFSIDEKICK 2\Ssk.exe
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS.000\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS.000\SYSTEM\systime.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS.000\oiuyqr.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS.000\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS.000\SYSTEM\systime.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAMMI\SURFSIDEKICK 2\Ssk.exe
O4 - HKCU\..\Run: [BPK] C:\PROGRAM FILES\PERFECT KEYLOGGER LITE\BPK.EXE
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialers.exe
O4 - Startup: LG Sync Manager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Startup: LG SyncManager.lnk = C:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Startup: Intellisync Lite for NEC 616.lnk = C:\Programmi\Pumatech\Intellisync Lite for NEC 616\Intellisync For NEC.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS.000\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://www.accessoveloce.com/nd/nd03140.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://207.44.186.186/b/online.chm::/on-line.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
Torna in alto
 
alfonso
Inviato: Tuesday, January 25, 2005 11:37:32 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=298&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
-
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAMMI\SURFSIDEKICK 2\SSKBHO.DLL
O1 - Hosts: 69.20.16.183 auto.search.msn.com
O1 - Hosts: 69.20.16.183 search.netscape.com
O1 - Hosts: 69.20.16.183 ieautosearch
O2 - BHO: (no name) - {7B55BB05-0B4D-44fd-81A6-B136188F5DEB} - C:\WINDOWS.000\QUESTMOD.DLL
-
O3 - Toolbar: iMesh Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\PROGRAMMI\MYSEARCH\BAR\1.BIN\S4BAR.DLL
O3 - Toolbar: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - (no file)
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
-
O4 - HKLM\..\Run: [Dvx] C:\WINDOWS.000\SYSTEM\wsxsvc\wsxsvc.exe
O4 - HKLM\..\Run: [SurfSideKick 2] C:\PROGRAMMI\SURFSIDEKICK 2\Ssk.exe
-
O4 - HKLM\..\Run: [SysTime] C:\WINDOWS.000\SYSTEM\systime.exe
O4 - HKLM\..\Run: [Narrator] C:\WINDOWS.000\oiuyqr.exe
-
O4 - HKCU\..\Run: [SysTime] C:\WINDOWS.000\SYSTEM\systime.exe
O4 - HKCU\..\Run: [SurfSideKick 2] C:\PROGRAMMI\SURFSIDEKICK 2\Ssk.exe
-
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows.000\system\aklsp.dll
-
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.iframedollars.biz
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.iframedollars.biz (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: {00000000-0000-0000-0000-000020050000} - http://www.accessoveloce.com/nd/nd03140.exe
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\\MAIN.MHT!http://207.44.186.186/b/online.chm::/on-line.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://iframedollars.biz/tb/loader2.ocx
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
SSKBHO.DLL
QUESTMOD.DLL
S4BAR.DLL
wsxsvc.exe
Ssk.exe
systime.exe
oiuyqr.exe
aklsp.dll
on-line.exe
==================================

al termine utilizza i programma AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


BLOCCO QUESTO FORUM PER LA PRESENZA DI LINK CHE FANNO CARICARE VIRUS, APRI UN NUOVO MESSAGGIO PER CONTINUARE IL DISCORSO.
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » Computer & Internet » Problemi Informatici » AIUTO PAGINA INIZIALE


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.