Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

log di Hijack Opzioni
steve16
Inviato: Wednesday, January 27, 2010 4:40:55 PM
Rank: Newbie

Iscritto dal : 1/27/2010
Posts: 2
Potete dirmi quale posso eliminare essendo dannosi?d'oh!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.38.58, on 27/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DOCUME~1\ste\DATIAP~1\clipsrv.exe
C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Fellowes\MediaFACE 4.0\SetHook.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Opera\opera.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.ask.com?o=14772&l=dis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe"
F3 - REG:win.ini: load=C:\DOCUME~1\ste\DATIAP~1\clipsrv.exe
O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
O1 - Hosts: <html lang='en'>
O1 - Hosts: <head>
O1 - Hosts: <meta name="description" content="Yahoo! GeoCities offers you a free web site and all the tools you need to build a dynamic site. Features include easy-to-use site building tools, online help, web site statistics, secure and reliable hosting, and an intuitive control panel.">
O1 - Hosts: <title>Yahoo! GeoCities: Get a web site with easy-to-use site building tools.</title>
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://l.yimg.com/a/combo?yui/2.5.2/build/reset-fonts-grids/reset-fonts-grids.css&smbiz/css/headfoot_6.css&smbiz/css/ysbs_glossary_1.css">
O1 - Hosts: <link rel="stylesheet" type="text/css" media="all" href="http://us.i1.yimg.com/us.yimg.com/lib/smbiz/css/geocities_84954.css">
O1 - Hosts: <style>
O1 - Hosts: h1 { line-height:30px;height:30px; padding-left:15px; font-weight:bold;font-size:1.6em;color:#1f296a;}
O1 - Hosts: .services li { margin-left:1.0em; padding-left:0.5em; background:url("http://l.yimg.com/a/lib/smbiz/i/geo_bullet_3x3_1.gif") no-repeat 0 0.5em; margin-bottom:0.5em;margin-left:1.5em;margin-right:0.5em;width:6em}
O1 - Hosts: .services li {float:left; width:17em; font-size:116%;margin-top:0.8em}
O1 - Hosts: .services { font-size:116%; padding-bottom:20px }
O1 - Hosts: .learnmore a {color:#2882DE;font-size:16px}
O1 - Hosts: .image_web {float:right; margin:15px 0 0 15px}
O1 - Hosts: p {margin:20px;font-size:1em;}
O1 - Hosts: h2 {margin:20px 0 0 20px;color:#1F296;font-weight:bold;font-size:1.25em;color:#1f296a;}
O1 - Hosts: h3 {margin:20px;color:#1F296;font-weight:bold;font-size:1.15em;color:#1f296a;}
O1 - Hosts: li.rule {border-top:solid 1px #DBE1E6;}
O1 - Hosts: </style>
O1 - Hosts: </head>
O1 - Hosts: <body>
O1 - Hosts: <!-- following code added by server. PLEASE REMOVE -->
O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE -->
O1 - Hosts: <div class="ez-mw" style ="height:900px;width:905px">
O1 - Hosts: <div class="ez-wri ez-oh" style="width:900px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <link type="text/css" rel="stylesheet" href="http://l.yimg.com/a/lib/uh/15/css/uh-1.0.28.css">
O1 - Hosts: <style type="text/css">
O1 - Hosts: div#headerblock div{font-family:arial;}
O1 - Hosts: </style>
O1 - Hosts: <div id="ygma"><div id="ygmaheader"><div class="bd sp"><div id="ymenu" class="ygmaclr"><div id="mepanel"><ul id="mepanel-nav"><li class="me1"><em>New User? <a class="ygmasignup" title="Sign Up" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=2/SIG=13j8rdsqp/*https://edit.yahoo.com/config/eval_register?.done=http://smallbusiness.yahoo.com%2findex.html&.src=smbiz&.intl=us">Sign Up</a></em></li><li class="me2"><a title="Sign In" href="http://us.ard.yahoo.com/SIG=15u88cce2/M=650008.13654023.13693397.13153904/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098940/L=HzY9i9j8aIuVH8pzSp2qoCoWz37hF0qhZ1wABADc/B=RCQ9Atj8a20-/J=1252091740846210/K=88LB2KvJxEkW95HaZ4xf4Q/A=5836007/R=3/SIG=13cm6p12o/*https://login.yahoo.com/config/login?.done=http://geocities.yahoo.com&.src=smbiz&.intl=us">Sign In</a></li>
O1 - Hosts: <li class="me3"><a href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=7/SIG=11hjute28/*http://help.yahoo.com/l/us/yahoo/geocities/" target="_top" title="Yahoo! Help Central">Help</a></li>
O1 - Hosts: </ul></div><div id="ygmapromo"><a style="font-weight:bold;" id="ygmaie8" href="http://us.ard.yahoo.com/SIG=15vud5jbf/M=650008.13445975.13532322.12832737/D=smallbiz/S=2023010636:HPRM2/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=0Qw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5706923/R=0/SIG=117bakia1/*http://toolbar.yahoo.com/?.cpdl=ushdl" target="_top">Get Yahoo! Toolbar<abbr title="Yahoo! Toolbar"></abbr></a>
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['0Qw4Atj8a20-']='&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: <noscript><img width=1 height=1 alt="" src="http://us.bc.yahoo.com/b?P=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48&T=144j596l3%2fX%3d1252090825%2fE%3d2023010636%2fR%3dsmallbiz%2fK%3d5%2fV%3d2.1%2fW%3dH%2fY%3dYAHOO%2fF%3d1861688409%2fQ%3d-1%2fS%3d1%2fJ%3d8B68FCD8&U=13hn349r9%2fN%3d0Qw4Atj8a20-%2fC%3d650008.13445975.13532322.12832737%2fD%3dHPRM2%2fB%3d5706923%2fV%3d1"></noscript></div>
O1 - Hosts: <div id="pa"><div id="pa-wrapper"><ul id="pa2-nav" class="sp"><li class="pa1 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=8/SIG=10jmd0d5u/*http://yahoo.com/" title="Yahoo!" target="_top">Yahoo!</a></li><li class="pa2 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252098025/L=j.Ah_9j8aIuVH8pzSp2qoCg9z37hF0qhY8gACN48/B=zgw4Atj8a20-/J=1252090825225621/K=pmFpaSqI9UgVSmAu3nNNgw/A=5836006/R=9/SIG=10n3m6b64/*http://mail.yahoo.com" title="Yahoo! Mail" target="_top">Mail</a></li></ul><div id="pa-left" class="sp"></div><ul id="pa-nav" class="sp"><li class="pa3 sp"><a class="sp" href="http://us.ard.yahoo.com/SIG=15uqalioe/M=650008.13654021.13693393.13153902/D=smallbiz/S=2023010636:HEAD/Y=YAHOO/EXP=1252
O1 - Hosts: <script language=javascript>
O1 - Hosts: if(window.yzq_d==null)window.yzq_d=new Object();
O1 - Hosts: window.yzq_d['zgw4Atj8a20-']='&U=13gmetml2%2fN%3dzgw4Atj8a20-%2fC%3d650008.13654021.13693393.13153902%2fD%3dHEAD%2fB%3d5836006%2fV%3d1';
O1 - Hosts: </script>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr" style="width:898px;margin-top:1.5em">
O1 - Hosts: <Div class="ez-l2a" id="wrapper">
O1 - Hosts: <div class="ez-l2a-1 " style="width:898px">
O1 - Hosts: <div class="ez-box">
O1 - Hosts: <div class="ez-wr" >
O1 - Hosts: <div class="ez-box" style="width:898px">
O1 - Hosts: <h1>Sorry, the GeoCities web site you were trying to reach is no longer available.</h1>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" id="boxyahoourls">
O1 - Hosts: <p> GeoCities has closed, but there's a lot more to explore on Yahoo!</p>
O1 - Hosts: <h2>Visit one of these popular Yahoo! sites:</h2>
O1 - Hosts: <ul class= "services">
O1 - Hosts: <li><a href="http://mail.yahoo.com">Yahoo! Mail</a></li>
O1 - Hosts: <li><a href="http://smallbusiness.yahoo.com/webhosting">Web Hosting</a></li>
O1 - Hosts: <li><a href="http://news.yahoo.com">News</a></li>
O1 - Hosts: <li><a href="http://games.yahoo.com">Games</a></li>
O1 - Hosts: <li><a href="http://sports.yahoo.com/">Sports</a> </li>
O1 - Hosts: <li><a href="http://movies.yahoo.com">Movies</a></li>
O1 - Hosts: <li><a href="http://finance.yahoo.com">Finance</a></li>
O1 - Hosts: <li><a href="http://maps.yahoo.com">Maps</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </div>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: <p>The GeoCities site you were looking for may have been preserved in the Internet Archive's Wayback Machine. To find out, <a href="http://www.archive.org/web/web.php" target="_blank">visit Archive.org</a> and enter the site's web address in the field provided.</p>
O1 - Hosts: <li class="rule"><!----></li>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: <div class="ez-wr">
O1 - Hosts: <div class="ez-box" style="text-align:center; margin-top:25px;">
O1 - Hosts: <font size="-2" face="verdana">Copyright &copy; 2009 <a href="http://yahoo.com/">Yahoo!</a> Inc. All rights reserved.
O1 - Hosts: <ul>
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a
O1 - Hosts: ></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://smallbusiness.yahoo.com/tos/tos.php">Terms of Service
O1 - Hosts: </a></li> -
O1 - Hosts: <li style="display:inline;"><a target="_top" href="http://help.yahoo.com/help/us/geo/">Help</a></li>
O1 - Hosts: </ul>
O1 - Hosts: </font>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </div>
O1 - Hosts: </body>
O1 - Hosts: </html>
O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet>
O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1263557618&f=us-w4" ALT=1 WIDTH=1 HEIGHT=1>
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programmi\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [StatusClient] C:\Programmi\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Programmi\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programmi\File comuni\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MediaFace Integration] C:\Programmi\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKLM\..\Policies\Explorer\Run: [Esent Utl] C:\WINDOWS\System32\drivers\esentutl.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [CmSTP] C:\DOCUME~1\ste\IMPOST~1\Temp\cmstp.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [MqtgSVC] C:\WINDOWS\System\mqtgsvc.exe /waitservice (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF0F2D53-1273-4304-BD4A-8E9DB9DC16B6}: NameServer = 212.216.112.112,212.216.172.62
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Servizio di Google Update (gupdate1c9cd6159964774) (gupdate1c9cd6159964774) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HP Status - Unknown owner - C:\WINDOWS\system32\hpb2ksrv.exe (file missing)
O23 - Service: HP Status Print - Unknown owner - C:\WINDOWS\system32\hpbhksrv.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 17222 bytes
Sponsor
Inviato: Wednesday, January 27, 2010 4:40:55 PM

 
fdaccc
Inviato: Wednesday, January 27, 2010 4:49:44 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
scarica questo file zip,
http://www.mvps.org/winhelp2002/hosts.zip disconnetti il pc, estrai sul desktop dal file zip solo il file Hosts, selezionalo, tasto destro del mouse, copia, poi apri la cartella C:\Windows\System32\drivers\etc\ in un punto libero fai incolla, accetta la sostituzione del file hosts esistente, potrebbe darti errori non preoccuparti, riavvia il pc.


Esegui questa scansione:
Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Elimina i file che vengono rilevati.
Posta il log.
maopapof
Inviato: Wednesday, January 27, 2010 4:50:53 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,185
prima che qualcuno possa darti dei buoni consigli ... parlo di persone autorizzate .... potresti anticipare quale problema hai con il pc ? grazie

fdaccc
Inviato: Wednesday, January 27, 2010 4:54:14 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
fai come vuoi
monsee
Inviato: Thursday, January 28, 2010 1:28:00 AM
Rank: AiutAmico

Iscritto dal : 4/5/2005
Posts: 22,971
Non ti deprimere fdaccc: l'idea di mettere un file HOSTS "pulito", in sé, è tutt'altro che disprezzabile. Inoltre, dubito che Mao volesse sindacar specificamente su tale consiglio: il fatto è che è per davvero meglio avere almeno un'idea di quali problemi l'Utente riscontra sul proprio PC prima di mettersi a far la lotta libera col LOG...
steve16
Inviato: Thursday, January 28, 2010 9:22:54 AM
Rank: Newbie

Iscritto dal : 1/27/2010
Posts: 2
Dunque prima di utilizzare Avg pulizie varie con programmini vari improvvisamente si spegneva il pc e si riavviava quando andavo a cercare di scaricare qualche programma. Installato Hijack avviandolo mi spegnegeva il pc, non vedevo i file nascosti, andavo a cercare su opzioni cartelle per cambiarle l'0pzione, ma questa era sparita, allora ho lanciato un fil bat restore e ora li fà vedere ma sempre cartella opzioni mancante, non mi faceva entrare in regedit dicendomi che l'amministratore del sistema aveva bloccato questo, poi sono riuscito ad entrarci con un altra scansione, ora mi rimane il fatto che all'avvio del pc mi appare: impossibile trovare kesenyangansosial.exe e non sò se mi rimane qualche altro problema
grazie a tutti Ste
fdaccc
Inviato: Thursday, January 28, 2010 1:51:14 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
posta un log di HJT =)
nckx83
Inviato: Thursday, January 28, 2010 7:17:56 PM

Rank: AiutAmico

Iscritto dal : 10/1/2009
Posts: 258
Salve.
Che strano log, non ne avevo mai visto che presenta il codice html di una pagina web (sembra www.geocities.com).
Tutto ciò che ti posso consigliare è di provare a scaricare MalawareBytes dal link indicato da fdaccc, fare una scansione completa e postare il log.
Un esperto ti dirà poi come procedere.

fdaccc
Inviato: Thursday, January 28, 2010 8:42:49 PM

Rank: AiutAmico

Iscritto dal : 12/12/2009
Posts: 2,114
Forse hai ragione tu Salvo, aspettiamo un log di MBAM, STEVE segui le indicazioni del mio post per scaricare ed utilizzare MalwareBytes AntiMalware..
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.