Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Mi controllate log per favore?Grazie Opzioni
Ikks
Inviato: Saturday, May 21, 2005 2:41:12 PM

Rank: Member

Iscritto dal : 11/16/2004
Posts: 4
Logfile of HijackThis v1.99.1
Scan saved at 14.39.59, on 21/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP3 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\RealVNC\WinVNC\winvnc.exe
C:\WINNT\System32\rundll32.exe
D:\HiJack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1D12F839-D7AC-49F2-99CB-68340A3D459D} - C:\WINNT\System32\glhe.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll,DllInstall
O4 - Startup: Run VNC Server.lnk = C:\Programmi\RealVNC\WinVNC\winvnc.exe
O4 - Startup: WinMX.lnk = C:\Programmi\WinMX\WinMX.exe
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://it.msn.com
O14 - IERESET.INF: MS_START_PAGE_URL=http://it.msn.com
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.yeak.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O18 - Filter: text/html - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O18 - Filter: text/plain - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
Sponsor
Inviato: Saturday, May 21, 2005 2:41:12 PM

 
alfonso
Inviato: Saturday, May 21, 2005 3:03:30 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
O2 - BHO: (no name) - {1D12F839-D7AC-49F2-99CB-68340A3D459D} - C:\WINNT\System32\glhe.dll
-
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\Pc1\IMPOST~1\Temp\se.dll,DllInstall
-
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.skymasters.biz
O15 - Trusted Zone: www.yeak.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O17 - HKLM\System\CS2\Services\Tcpip\..\{22A4A604-4770-45C6-AF72-E4EC91D2442D}: NameServer = 212.216.112.222,212.216.172.62
O18 - Filter: text/html - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
O18 - Filter: text/plain - {366EE813-99BC-4CE9-BBF0-9E513F4F21B9} - C:\WINNT\System32\glhe.dll
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
se.dll
spage.html
glhe.dll
==================================

SVUOTA LA CARTELLA
C:\DOCUME~1\Pc1\IMPOST~1\Temp


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA


al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.