Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

potete controllarmi il log Opzioni
ahyeah
Inviato: Saturday, September 17, 2005 11:35:12 AM
Rank: Member

Iscritto dal : 11/6/2004
Posts: 0
Logfile of HijackThis v1.99.1
Scan saved at 8.13.55, on 08/09/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\FILE COMUNI\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\QBTYGO.EXE
C:\PROGRAMMI\BULLSEYE NETWORK\BIN\BARGAINS.EXE
C:\WINDOWS\SYSTEM\USB2CHK.EXE
C:\PROGRAMMI\COMMON FILES\CLOCKWISE.EXE
C:\PROGRAMMI\ISTSVC\ISTSVC.EXE
C:\PROGRAMMI\WINZIP\WZQKPICK.EXE
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAMMI\ENERGYPLUGIN\ENERGYPLUGIN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O2 - BHO: (no name) - {3D54B1FD-DC52-4915-8DB7-B571A946B5D2} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\3INAV.DAT
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [wkJp6aW] C:\WINDOWS\QBTYGO.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [miniport] C:\WINDOWS\SYSTEM\usb2chk.exe /start
O4 - HKLM\..\Run: [wise] C:\Programmi\Common files\clockwise.exe -boot
O4 - HKLM\..\Run: [Dit] C:\WINDOWS\SYSTEM\dit.exe
O4 - HKLM\..\Run: [PowerChute] C:\Programmi\APC_Power\Pwrchute.exe -boot_time
O4 - HKLM\..\Run: [3capplnk] C:\Programmi\US Robotics\\3capplnk.exe
O4 - HKLM\..\Run: [eTrust Realtime Monitor] C:\WINDOWS\SYSTEM\realmon.exe /start
O4 - HKLM\..\Run: [Recguard] C:\Programmi\HP\recguard.exe
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\SYSTEM\APVXDWIN.EXE
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [IPSecMon] C:\Programmi\Common files\VPN Network\IPSecMon.exe /vpncheck
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: WINZIP QUICK PICK.LNK = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Startup: MICROSOFT OFFICE.LNK = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605691.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_656_it.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab?fgiocv=1
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://dialers.dialoff.com/100241/it/adult1/adult1.exe
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 192.168.0.1
O18 - Filter: text/html - {0F55E830-DAA5-460E-8C96-3916A17FAE3D} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.34.DAT

Sponsor
Inviato: Saturday, September 17, 2005 11:35:12 AM

 
alfonso
Inviato: Saturday, September 17, 2005 1:41:39 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=298&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
-
O2 - BHO: (no name) - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - (no file)
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O2 - BHO: (no name) - {3D54B1FD-DC52-4915-8DB7-B571A946B5D2} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\3INAV.DAT
-
O3 - Toolbar: (no name) - {FAA356E4-D317-42a6-AB41-A3021C6E7D52} - (no file)
-
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [wkJp6aW] C:\WINDOWS\QBTYGO.EXE
O4 - HKLM\..\Run: [BullsEye Network] C:\Programmi\BullsEye Network\bin\bargains.exe
-
O4 - HKLM\..\Run: [IST Service] C:\Programmi\ISTsvc\istsvc.exe
-
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
-
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605691.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energyfactor.com/dialer/it/activex_656_it.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge-c9.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab?fgiocv=1
O16 - DPF: {30CE93AE-4987-483C-9ABE-F2BD5301AB70} - http://dialers.dialoff.com/100241/it/adult1/adult1.exe
-
O18 - Filter: text/html - {0F55E830-DAA5-460E-8C96-3916A17FAE3D} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.34.DAT
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
3INAV.DAT
EnergyPlugin.exe
QBTYGO.EXE
bargains.exe
istsvc.exe
V0.34.DAT
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus con questi due programmi
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1043
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1177

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.

Fai un ulteriore controllo antivirus on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
se vengono trovati virus conviene formattare il disco e reinstallare tutto.

Se non ci sono virus Installa questo programma Antivirus
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728

Installa questo programma Firewall
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Installa questo programma antiSpyware
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Collegati al Windows Update e scarica gli aggiornamenti importanti.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.