Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Nuovo log Opzioni
loden
Inviato: Wednesday, March 02, 2005 9:31:38 AM
Rank: Member

Iscritto dal : 6/26/2004
Posts: 0
Ciao a tutti,
era un po' che non avevo problemi con i pc, ma si sa, la pace con i computer dura sempre poco per cui rieccomi a mandarvi un altro log da controllare.
Come sempre grazie mille in anticipo.
Marco
Sponsor
Inviato: Wednesday, March 02, 2005 9:31:38 AM

 
loden
Inviato: Wednesday, March 02, 2005 11:07:18 AM
Rank: Member

Iscritto dal : 6/26/2004
Posts: 0
Sono stordito, mi sono dimenticato di mettere il log :-)
Marco

Logfile of HijackThis v1.98.2
Scan saved at 10.59.44, on 02/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\TightVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Apoint2K\Apoint.exe
C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Admanager Controller\AdManCtl.exe
C:\Program Files\Windows ServeAd\WinServAd.exe
C:\Program Files\Admanager Controller\AdManKeep.exe
C:\Program Files\Windows ServeAd\WinServSuit.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Corel\Suite8\Programs\DAD8.EXE
C:\gpi\ereport\ereport.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dongnocchi.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.dongnocchi.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtaET2S.EXE
O4 - HKLM\..\Run: [WorksFUD] C:\Programmi\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Programmi\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [Microsoft System] lssas.exe
O4 - HKLM\..\RunServices: [Advanced Internet Protocol v2.0] helpmgr.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Corel Desktop Application Director 8.LNK = C:\Corel\Suite8\Programs\DAD8.EXE
O4 - Global Startup: Collegamento a ereport.lnk = C:\gpi\ereport\ereport.exe
O4 - Global Startup: Collegamento a GIANO.lnk = Giano\GIANO.EXE
O4 - Global Startup: Ereport.lnk = C:\gpi\ereport\ereport.exe
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B1} - http://www.google.com.super-fast-search.apsua.com/find.htm (file missing)
O9 - Extra button: ENTERTAINMENT - {FE5A1910-F121-11d2-BE9E-01C04A7936B2} - http://www.google.com.super-fast-search.apsua.com/av.htm (file missing)
O9 - Extra button: PILLS - {FE5A1910-F121-11d2-BE9E-01C04A7936B3} - http://www.google.com.super-fast-search.apsua.com/med.htm (file missing)
O9 - Extra button: SECURITY - {FE5A1910-F121-11d2-BE9E-01C04A7936B4} - http://www.google.com.super-fast-search.apsua.com/check.htm (file missing)
O9 - Extra button: SEARCH - {FE5A1910-F121-11d2-BE9E-01C04A7936B5} - http://www.google.com.super-fast-search.apsua.com (file missing)
O16 - DPF: {BB1B5064-1496-4E40-A80D-EFF7C5A953A6} (VacPro.italy_vdem) - http://207.234.185.217/italy_vdem.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9A92E4D-EB5F-4B1D-817C-C023EA893182}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAE9271C-D7C0-44AA-900C-704237AEAAB8}: NameServer = 151.99.125.2,151.99.125.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = interbusiness.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = interbusiness.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = interbusiness.it
alfonso
Inviato: Wednesday, March 02, 2005 3:47:16 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R3 - Default URLSearchHook is missing
-
O2 - BHO: (no name) - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
-
O4 - HKLM\..\Run: [Admanager Controller] C:\Program Files\Admanager Controller\AdManCtl.exe
O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe
-
O4 - HKLM\..\RunServices: [Microsoft System] lssas.exe
O4 - HKLM\..\RunServices: [Advanced Internet Protocol v2.0] helpmgr.exe
O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe
-
O4 - HKCU\..\Run: [Windows Compliant] winole.exe
-
O4 - Global Startup: Collegamento a ereport.lnk = C:\gpi\ereport\ereport.exe
O4 - Global Startup: Collegamento a GIANO.lnk = Giano\GIANO.EXE
O4 - Global Startup: Ereport.lnk = C:\gpi\ereport\ereport.exe
-
O16 - DPF: {BB1B5064-1496-4E40-A80D-EFF7C5A953A6} (VacPro.italy_vdem) - http://207.234.185.217/italy_vdem.CAB
-
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = interbusiness.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = interbusiness.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = interbusiness.it
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
SEARCH~1.DLL
AdManCtl.exe
WinServAd.exe
lssas.exe
helpmgr.exe
winole.exe
ereport.exe
GIANO.EXE
==================================

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

E' necessario installare un programma Firewall.

Collaboratore Aiutamici
loden
Inviato: Wednesday, March 02, 2005 4:20:40 PM
Rank: Member

Iscritto dal : 6/26/2004
Posts: 0
Grazie Alfonso
tutto ok. Per la cronaca, ho lasciato Giano ed Ereport che sono due applicativi particolari che tu non potevi certo conoscere.
Ancora grazie 100000000
Marco
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.