Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi puoi controllare il log? Opzioni
brucio
Inviato: Tuesday, April 26, 2005 10:42:55 AM
Rank: Member

Iscritto dal : 2/18/2005
Posts: 5
Logfile of HijackThis v1.99.0
Scan saved at 10.36.34, on 26/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\d3cc32.exe
C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
C:\Programmi\Network Associates\VirusScan\Mcshield.exe
C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\addny32.exe
C:\Program Files\Video1\Dialers\Hot_Tarts_it\Hot_Tarts_it.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
C:\TMCEPCW2\Gcdrom.exe
C:\TMCEPCW2\Gcdrom.exe
C:\Programmi\putty\putty.exe
C:\Programmi\putty\putty.exe
c:\windows\system32\hgfedcba.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9AC37E11-63C7-D3E6-8EAE-1319DCCFBDC1} - C:\WINDOWS\ntwq32.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmi\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Programmi\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [addny32.exe] C:\WINDOWS\addny32.exe
O4 - HKLM\..\Run: [Hot_Tarts_it] C:\Program Files\Video1\Dialers\Hot_Tarts_it\Hot_Tarts_it.exe /dontdial
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Programmi\Yahoo!\Messenger\ypager.exe" -quiet
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/082c26ed63e4fce4c405/netzip/RdxIE601_it.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1FBA296-9FF1-42CA-B6A9-F9C46C035685}: NameServer = 151.99.125.2,151.99.125.3
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programmi\HP\hpcoretech\comp\hpuiprot.dll
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\d3cc32.exe
O23 - Service: Servizio di framework di McAfee - Network Associates, Inc. - C:\Programmi\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Programmi\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Intel(R) NMS - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: VNC Server - RealVNC Ltd. - C:\Programmi\RealVNC\WinVNC\WinVNC.exe
Sponsor
Inviato: Tuesday, April 26, 2005 10:42:55 AM

 
a.roselli
Inviato: Tuesday, April 26, 2005 4:54:40 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,056
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\epccc.dll/sp.html#83556
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {9AC37E11-63C7-D3E6-8EAE-1319DCCFBDC1} - C:\WINDOWS\ntwq32.dll
-
O4 - HKLM\..\Run: [addny32.exe] C:\WINDOWS\addny32.exe
O4 - HKLM\..\Run: [Hot_Tarts_it] C:\Program Files\Video1\Dialers\Hot_Tarts_it\Hot_Tarts_it.exe /dontdial
O4 - HKLM\..\Run: [hgfedcba] c:\windows\system32\hgfedcba.exe /install
-
O23 - Service: Network Security Service (NSS) - Unknown - C:\WINDOWS\d3cc32.exe
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
epccc.dll
sp.html
ntwq32.dll
addny32.exe
Hot_Tarts_it.exe
hgfedcba.exe
d3cc32.exe
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE . CANCELLA CRONOOLOGIA
clicca inoltre sul pulsante PAGINA PREDEFINITA e poi su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Collegati al WINDOWS UPDATE e scarica tutti gli aggiornamenti di protezione.

alfonso_aiutamici@hotmail.it

Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.