Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate questo hijack per favore grazie Opzioni
hydre
Inviato: Tuesday, April 05, 2005 8:34:05 AM
Rank: Member

Iscritto dal : 5/16/2003
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 8.28.07, on 05/11/2004
Platform: Windows 2000 SP1 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINNT\downlo~1\osz8p9\xoz5cv3.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\atiptaxx.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\System32\Inst.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\Programmi\Plaxo\2.1.0.80\InstallStub.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Cerberus\Cerberus.exe
c:\programmi\ibm\client access\emulator\PCSCM.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {48A5462F-8061-435A-ACDB-E2302CA58E82} - C:\WINNT\System32\igfb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeD] D:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeE] E:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeF] F:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeG] G:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeH] H:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\CwbSvStr.Exe"
O4 - HKLM\..\Run: [Client Access Help Update] "C:\Programmi\IBM\Client Access\cwbinhlp.exe"
O4 - HKLM\..\Run: [Client Access Check Version] "C:\Programmi\IBM\Client Access\cwbckver.exe" LOGIN
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [_Hazafibb] C:\WINNT\System32\mcgooelw.exe
O4 - HKLM\..\Run: [Inst] C:\WINNT\System32\Inst.exe install
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Programmi\Plaxo\2.1.0.80\InstallStub.exe -a
O4 - Startup: Cerberus FTP Server.lnk = C:\Programmi\Cerberus\Cerberus.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.pgsconnect.com/access/pgs0235.exe
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {421A63BA-4632-43E0-A942-3B4AB645BE51} - http://64.156.188.99/iwasher/pptproactauth/internetwasherpro.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9780F5E-D828-4D66-8555-A0F995111B8D}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: stibo - {FFAD3420-6D61-44F6-BA25-293F17152D79} - C:\Programmi\File comuni\Stibo\RS_ProtocolHandler.dll
O18 - Filter: text/html - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O18 - Filter: text/plain - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\Ati2evxx.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE
O23 - Service: Comando remoto di Client Access Express (Cwbrxd) - IBM Corporation - C:\WINNT\CWBRXD.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

Sponsor
Inviato: Tuesday, April 05, 2005 8:34:05 AM

 
alfonso
Inviato: Tuesday, April 05, 2005 3:13:22 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {48A5462F-8061-435A-ACDB-E2302CA58E82} - C:\WINNT\System32\igfb.dll
-
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeD] D:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeE] E:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeF] F:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeG] G:\Bin\ILInstallPkgEngine.exe
O4 - HKLM\..\Run: [ILInstallPkgEngine.exeH] H:\Bin\ILInstallPkgEngine.exe
-
O4 - HKLM\..\Run: [_Hazafibb] C:\WINNT\System32\mcgooelw.exe
O4 - HKLM\..\Run: [Inst] C:\WINNT\System32\Inst.exe install
-
O16 - DPF: {00000000-0000-0000-0000-000020040000} - http://www.pgsconnect.com/access/pgs0235.exe
-
O18 - Filter: text/html - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
O18 - Filter: text/plain - {0CC68985-5352-4D12-9D3B-9CB925974F92} - C:\WINNT\System32\igfb.dll
-
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\PROGRA~1\INTERN~2\autocomp.exe (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
spage.html
igfb.dll
ILInstallPkgEngine.exe
mcgooelw.exe
Inst.exe
==================================

SVUOTA LA CARTELLA C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp

ELIMINA LE CARTELLE IN ROSSO
D:\<font color=red><b>Bin</font id=red></b>
E:\<font color=red><b>Bin</font id=red></b>
F:\<font color=red><b>Bin</font id=red></b>
G:\<font color=red><b>Bin</font id=red></b>
H:\<font color=red><b>Bin</font id=red></b>


Vai a Pannello di Controllo e clicca su OPZIONI INTERNET, qui clicca sui tre pulsanti
ELIMINA COOKIE - ELIMINA FILE - CANCELLA CRONOLOGIA
poi clicca su PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

Collaboratore Aiutamici
hydre
Inviato: Tuesday, April 05, 2005 5:10:10 PM
Rank: Member

Iscritto dal : 5/16/2003
Posts: 0
ti ringrazio infinitamente.soltanto una cosa
non sono riuscito a svuotare la cartella dove stanno:
D:/Bin
E:/Bin
F:/Bin
G:/bin
H:/Bin
il pc adesso va bene ma se svuotare quella cartella mi dici come fare? grazie ancora alfonso.
alfonso
Inviato: Tuesday, April 05, 2005 5:57:52 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Vai in modalità provvisoria, entra nelle partizioni D E F G H ed elimina la cartella BIN con tutto il contenuto, se sono presenti.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.