Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » X ALFONSO, CONTROLLO LOG

X ALFONSO, CONTROLLO LOG Opzioni
Topic Precedente · Topic Sucessivo
djabort
Inviato: Wednesday, September 14, 2005 11:05:27 AM
Rank: Member

Iscritto dal : 8/25/2005
Posts: 24
ECCO IL LOG CHE MI AVEVI CHIESTO. GRAZIE ANCORA

Logfile of HijackThis v1.99.1
Scan saved at 12.42.34, on 11/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\M-Audio USB Quattro\Install\QuatInst.exe
C:\Programmi\SAPpc\SapGui\srvany.exe
C:\Programmi\SAPpc\sapgui\rfccom.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\Programmi\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\progra~1\2findm~1\partner\msbb.exe
C:\Programmi\File comuni\CMEII\CMESys.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Programmi\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\GMT\GMT.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Optus\FACSys Desktop Client\facsys.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\M-Audio USB Quattro\QuatTask.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\martignago.NB-MARTIGNAGO\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Programmi\iMesh\iMesh5\iMeshBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_38.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Programmi\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {D3899268-3699-4EE0-9B45-460967C4A0B9} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Programmi\iMeshBar\bar\1.bin\IMESHBAR.DLL
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [msbb] c:\progra~1\2findm~1\partner\msbb.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmi\File comuni\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [yxuv] c:\windows\yxuv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [InfoPenMSN] C:\Programmi\InfoKing\InfoPenMSN\Pro\InfoPenIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ALUAlert] C:\Programmi\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msbb] c:\progra~1\2findm~1\partner\msbb.exe
O4 - Startup: M-Audio Quattro Control Panel Launcher.lnk = C:\Programmi\M-Audio USB Quattro\QuatTask.exe
O4 - Global Startup: FACSys Desktop Client.lnk = C:\Programmi\Optus\FACSys Desktop Client\facsys.exe
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D931E8F1-9936-4526-9C92-1B15AD3F64BA}: NameServer = 217.169.97.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = knauf.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = knauf.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = knauf.it
O20 - Winlogon Notify: ckpNotify - C:\WINDOWS\SYSTEM32\ckpNotify.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Comando remoto di Client Access Express (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Quattro Installer (QuattroInstallerService) - M-Audio - C:\Programmi\M-Audio USB Quattro\Install\QuatInst.exe
O23 - Service: SAP Internet Graphics Server (SAP IGS Service) - Unknown owner - C:\Programmi\SAPpc\SapGui\srvany.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Programmi\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
Torna in alto
 
Sponsor
Inviato: Wednesday, September 14, 2005 11:05:27 AM

 
Torna in alto
 
alfonso
Inviato: Wednesday, September 14, 2005 2:32:43 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

DISINSTALLA iMESH

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O2 - BHO: DownloadRedirect Class - {00000000-6CB0-410C-8C3D-8FA8D2011D0A} - C:\Programmi\iMesh\iMesh5\iMeshBHO.dll
-
O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Programmi\NewDotNet\newdotnet6_38.dll
O2 - BHO: iMeshBar BHO - {5345A7A1-805A-4923-B505-86B2FEBA3FE0} - C:\Programmi\iMeshBar\bar\1.bin\IMESHBAR.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
-
O2 - BHO: C:\WINDOWS\lbbho.dll - {D3899268-3699-4EE0-9B45-460967C4A0B9} - C:\WINDOWS\lbbho.dll
-
O3 - Toolbar: iMeshBar - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - C:\Programmi\iMeshBar\bar\1.bin\IMESHBAR.DLL
-
O4 - HKLM\..\Run: [msbb] c:\progra~1\2findm~1\partner\msbb.exe
O4 - HKLM\..\Run: [CMESys] "C:\Programmi\File comuni\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
-
O4 - HKLM\..\Run: [yxuv] c:\windows\yxuv.exe
-
O4 - HKCU\..\Run: [msbb] c:\progra~1\2findm~1\partner\msbb.exe
-
O4 - Global Startup: GStartup.lnk = C:\Programmi\File comuni\GMT\GMT.exe
-
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
-
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = knauf.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = knauf.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = knauf.it
-
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
iMeshBHO.dll
newdotnet6_38.dll
IMESHBAR.DLL
lbbho.dll
msbb.exe
CMESys.exe
NEWDOT~2.DLL
yxuv.exe
GMT.exe
msxml4.cab
==================================

ELIMINA LE CARTELLE IN ROSSO
C:\Programmi\<font color=red><b>iMesh</font id=red></b>
C:\Programmi\<font color=red><b>iMeshBar</font id=red></b>
C:\Programmi\<font color=red><b>NewDotNet</font id=red></b>
C:\Programmi\File comuni\<font color=red><b>CMEII</font id=red></b>
C:\Programmi\File comuni\<font color=red><b>GMT</font id=red></b>
C:\<font color=red><b>TempEI4</font id=red></b>


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » Computer & Internet » Problemi Informatici » X ALFONSO, CONTROLLO LOG


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.