Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Il mio Log Help! Opzioni
X-MaN
Inviato: Sunday, February 19, 2006 1:53:44 AM
Rank: Member

Iscritto dal : 2/19/2006
Posts: 0
x favore potete controllarmelo?
Grazie:

Logfile of HijackThis v1.99.1
Scan saved at 1.57.22, on 19/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\explorer.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
G:\Programmi\Ahead\InCD\InCDsrv.exe
G:\WINDOWS\system32\ZoneLabs\vsmon.exe
G:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
G:\Programmi\Mouse Driver\MouseDrv.exe
G:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
G:\WINDOWS\system32\devldr32.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Programmi\Samurize\Client.exe
G:\Programmi\Stardock\ObjectDock\ObjectDock.exe
G:\Programmi\Messenger\msmsgs.exe
F:\Programmi\DC++\oDC\oDC.exe
G:\Programmi\Avant Browser\avant.exe
C:\WINDOWS\Desktop\INTERNET\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "G:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O1 - Hosts: 205.214.67.212 auto.search.msn.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - g:\programmi\google\googletoolbar1.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - G:\Programmi\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - g:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "G:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AVG7_CC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] G:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [CreativeMouse ] G:\Programmi\Mouse Driver\MouseDrv.exe
O4 - HKLM\..\Run: [Zone Labs Client] G:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [CTFMON.EXE] G:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Client Default.lnk = G:\Programmi\Samurize\Client.exe
O4 - Startup: Stardock ObjectDock.lnk = G:\Programmi\Stardock\ObjectDock\ObjectDock.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://G:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://G:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Aggiungi l'indirizzo alla Lista Nera della pubblicità - G:\Programmi\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Apri tutti i collegamenti nella pagina in linguette diverse - G:\Programmi\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Blocca tutte le immagini provenienti dal server di questa - G:\Programmi\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cerca con Google - G:\Programmi\Avant Browser\Search.htm
O8 - Extra context menu item: Evidenzia in questa pagina - G:\Programmi\Avant Browser\Highlight.htm
O8 - Extra context menu item: Link a ritroso - res://G:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open In New Avant Browser - G:\Programmi\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Pagine simili - res://G:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Salva oggetto con Net Transport - G:\Programmi\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - G:\Programmi\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Sothink SWF Catcher - G:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Versione cache della pagina - res://G:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - G:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - G:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.baciamistupido.biz
O15 - Trusted Zone: www.dolcezze.biz
O15 - Trusted Zone: www.nanobyte.biz
O15 - Trusted Zone: www.popup-freesex-adv.biz
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.roserosse.biz
O15 - Trusted Zone: www.super-videochat-community.biz
O15 - Trusted Zone: www.terzodesiderio.biz
O15 - Trusted Zone: www.umts-gprs-mondo-telefonino-cellulare.biz
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c11.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://67.15.101.3/g_bin/ginuser_eng_2_0_0_3.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotions/spywaredetector/ICSScanner37610.cab
O16 - DPF: {BE4C27AC-2F23-437E-95F7-7505DBC0937D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://sessogratis.net/ProWeb604.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_01290.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_23.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_23.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.a99b.com/super-adult.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D37D1141-AF5D-47C7-97C0-9D3CD2554231}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - G:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - G:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InCD Helper (InCDsrv) - AHEAD Software - G:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - G:\WINDOWS\system32\ZoneLabs\vsmon.exe



Edited by - X-MaN on 02/19/2006 01:57:07
Sponsor
Inviato: Sunday, February 19, 2006 1:53:44 AM

 
alfonso
Inviato: Sunday, February 19, 2006 9:09:08 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
F2 - REG:system.ini: Shell=explorer.exe "G:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00001.exe"
O1 - Hosts: 205.214.67.211 auto.search.msn.com
O1 - Hosts: 205.214.67.212 auto.search.msn.com
-
O15 - Trusted Zone: www.baciamistupido.biz
O15 - Trusted Zone: www.dolcezze.biz
O15 - Trusted Zone: www.nanobyte.biz
O15 - Trusted Zone: www.popup-freesex-adv.biz
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.roserosse.biz
O15 - Trusted Zone: www.super-videochat-community.biz
O15 - Trusted Zone: www.terzodesiderio.biz
O15 - Trusted Zone: www.umts-gprs-mondo-telefonino-cellulare.biz
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/bridge-c11.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4BDAF1F5-6D21-42F9-AAB9-CE0050407803} (GameDesire Uninstaller) - http://67.15.101.3/g_bin/ginuser_eng_2_0_0_3.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
-
O16 - DPF: {BE4C27AC-2F23-437E-95F7-7505DBC0937D} (VPlayer Control) - http://www.bigad.com.au/player/vivid_ocx.jpeg
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://sessogratis.net/ProWeb604.CAB
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1058972.exe
O16 - DPF: {F7FD91D1-45E6-4349-B698-F976062DAC26} - http://www.storage-tasp.com/gs/gsa_01290.exe
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_23.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/eng/snooker_2_0_0_23.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.a99b.com/super-adult.exe
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
ibm00001.exe
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Installa questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Collaboratore Aiutamici
X-MaN
Inviato: Sunday, February 19, 2006 12:53:17 PM
Rank: Member

Iscritto dal : 2/19/2006
Posts: 0
In modalità provvisoria Gli O15 non li ho trovati, per il resto tutto ok, sembra che le cose siano tornate alla normalità.
1000 GRAZIE
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.