View Full Version : Non so piu' che fare!!
Facendo la scanzione con SPYBOT S&D mi esce questo:
COMMON HIJACKER
lo evidenzio e dico al programma " CORREGGI PROBLEMI" cosa che avviene.
Il problema e' che ad ogni riavvio rifacendo la scansione SPYBOT S&D lo ritrova, scanzionando con decine di gli altri programmi nulla.
Chi mi aiuta ????
ciao
juninho85
08-04-2005, 00:13
posta il log di hijack this;)
BravoGT83
08-04-2005, 10:09
Originariamente inviato da juninho85
posta il log di hijack this;)
esatto...:)
hai provato a fare una bella scansione di antivirus e spyware magari con quello di microsoft:)
Originariamente inviato da juninho85
posta il log di hijack this;)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Soft4Ever\looknstop\looknstop.exe
D:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Prolific\USB Flash Disk Utility\PLBkMon.exe
D:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
D:\Programmi\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\WINDOWS\System32\nvsvc32.exe
D:\Programmi\FirstCap V2.1\CapHk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Desktop\SPYWARE\hijackthis_199\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Not Available
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - D:\PROGRA~2\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - D:\PROGRA~2\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Programmi\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [Look 'n' Stop] "d:\Program Files\Soft4Ever\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PLUtil] C:\Programmi\Prolific\USB Flash Disk Utility\PLBkMon.exe
O4 - HKLM\..\Run: [KAVPersonal50] "d:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [RegFirewall] d:\Programmi\Registry Firewall\RegFirewall.exe -A
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [sunasDTServ] D:\Programmi\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] D:\Programmi\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [SpyBlocker] C:\Programmi\SpyBlocker Software\spyblocker.exe
O4 - HKCU\..\Run: [FirstCap] d:\Programmi\FirstCap V2.1\CapHk.exe
O4 - HKCU\..\Run: [Spyware Doctor] "D:\Programmi\Spyware Doctor\swdoctor.exe" /Q
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~2\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
O23 - Service: Aluria Security Center Spyware Eliminator Service (ASCService) - Unknown owner - C:\PROGRA~1\ALURIA~1\ascserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - D:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: kavsvc - Kaspersky Lab - d:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Queste due righe sono sospette se non conosci a cosa si riferiscono fixale:
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
poi avvia in modalità provvisoria e fai una scansione con microsoft antispyware e ad-aware che sono i migliori software antispyware esistenti!
E' un problema di "falso positivo".
Entra nel file hosts e cancella quello che viene segnalato.
Poi dichiara il file "Hosts" read only.
Vedrai che la segnalazione sparirà.
ciao
:confused: e come faccio ad entrare nel file hosts ????
ciaO
Cerca il file Hosts (così com'è senza estensione)
Editalo con Blocco Note e salvalo senza estensione.
(Se viene eventualmente aggiunta l'estensione TXT toglila.)
Trovo un casino di file hosts.....
:mc:
Dipende da che windows hai.
XP=C:WINDOWS\SYSTEM32\DRIVERS\etc\HOSTS
W2K=C:WINNT\SYSTEM32\DRIVERS\etc\HOSTS
W98-ME=C:WINDOWS\HOSTS
XP... e ci sono 66 file hosts:confused: :muro: :mc:
Cancellali tutti e mettine uno nuovo con il seguente contenuto:
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
basta e avanza
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.