|
|||||||
|
|
|
 |
|
|
Strumenti |
09-09-2004, 22:52
|
#1 |
|
Member
Iscritto dal: Jun 2004
Messaggi: 207
|
hijackthis
Ciao a tutti... ho dei problemi al pc, già capitati una volta ed eliminati grazie a hijackthis .
ho una pag iniziale indesiderate, icone d connessione sul desktop e una barra di ricerca in internet.. la volta scorsa, siccome nn me ne capisco, mi avevate detto i file da cancellare con il programma e il problema era sparito. visto ke nn me ne capisco qualcuno m puo dire cosa cancellare...? qui c'è la lista datami dal programma hijackthis R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guklrbbzfuogvsnzaj.org/ul...YPihXqFL4.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nyraqnzwbhqa.com/uluDG0HZ...iosH9YeSO.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {3247A30C-E648-26EF-33B2-CE7CD3A9F5DE} - C:\PROGRA~1\OPENON~1\Else Great.exe O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security Professional\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security Professional\UrlLstCk.exe O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [Draw Glue] C:\PROGRA~1\PHONEP~1\Uploadnoungrey.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [HoleAdminRectDefy] C:\Documents and Settings\All Users\Dati applicazioni\Onlinegreatholeadmin\Grey Junk.exe O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe O4 - Global Startup: DSLMON.lnk = ? O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O17 - HKLM\System\CCS\Services\Tcpip\..\{B377DAA5-35B1-4A9C-AD36-44D3D59F57A5}: NameServer = 193.70.192.25 193.70.152.25 Grazie 1000 
|
|
|
|
10-09-2004, 00:36
|
#2 |
|
Senior Member
Iscritto dal: May 2001
Messaggi: 1740
|
ciao ... la prossima volta che posti un lo postalo intero .. è meglio
prova R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.guklrbbzfuogvsnzaj.org/u...zYPihXqFL4.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.nyraqnzwbhqa.com/uluDG0H...uiosH9YeSO.html O2 - BHO: (no name) - {3247A30C-E648-26EF-33B2-CE7CD3A9F5DE} - C:\PROGRA~1\OPENON~1\Else Great.exe O4 - HKLM\..\Run: [Draw Glue] C:\PROGRA~1\PHONEP~1\Uploadnoungrey.exe O4 - HKLM\..\Run: [HoleAdminRectDefy] C:\Documents and Settings\All Users\Dati applicazioni\Onlinegreatholeadmin\Grey Junk.exe dovresti anche eliminare le cartelle che si riferiscono ai file sopracitati... e sarebbe consigliabile svuotare le cartelle temporanee (di iE e di windows) se lo hai avvia anche una scansione con ad-aware Se ciao
__________________
www.tweakness.net - Trucchi per il PC DECALOGO ANTISPY - GUIDA A HIJACKTHIS - GUIDA AI SERVIZI DI WIN XP - CONSIGLI ANTIVIRUS PER BART'S PE - SP2 SLIPSTREAMING - FAQ WINDOWS XPSP2 - I SERVIZI DOPO SP2 - XP SP2 UNATTENDED - GUIDA A nLite |
|
|
|
|
10-09-2004, 10:05
|
#3 |
|
Senior Member
Iscritto dal: Dec 1999
Città: Firenze
Messaggi: 1334
|
Ciao, me la date una controllata anche a me? E' la prima volta che lo uso
 Logfile of HijackThis v1.98.2 Scan saved at 10.01.56, on 10/09/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\00THotkey.exe C:\WINDOWS\System32\TPWRTRAY.EXE C:\Programmi\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\WINDOWS\System32\TFNF5.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\TouchED\TouchED.Exe C:\WINDOWS\System32\ezSP_Px.exe C:\Programmi\Drag'n Drop CD\BinFiles\DragDrop.exe C:\Programmi\File comuni\Real\Update_OB\realsched.exe C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\Apoint2K\Apntex.exe C:\Programmi\Spamihilator\spamihilator.exe C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Opera75\opera.exe C:\Documents and Settings\salvatore\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20 O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Programmi\TOSHIBA\Wireless Hotkey\TosHKCW.exe" O4 - HKLM\..\Run: [TFNF5] TFNF5.exe O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [TouchED] C:\Programmi\TOSHIBA\TouchED\TouchED.Exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Programmi\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Programmi\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp O4 - HKLM\..\Run: [TkBellExe] C:\Programmi\File comuni\Real\Update_OB\realsched.exe -osboot O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [MSZTCE] C:\WINDOWS\System32\MSZTCE.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe" O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A4DC0318-8519-4828-B77F-59DCEB35AB84}: NameServer = 212.131.30.42 O17 - HKLM\System\CCS\Services\Tcpip\..\{F277E0D0-A244-4C8A-B850-85115D779E31}: NameServer = 80.19.134.152 151.99.125.1 |
|
|
|
|
10-09-2004, 13:10
|
#4 |
|
Member
Iscritto dal: Jun 2004
Messaggi: 207
|
[quote]Originariamente inviato da netquik
ciao ... la prossima volta che posti un lo postalo intero .. è meglio scusa nn lo sapevo cmq grazie 1000
|
|
|
|
|
10-09-2004, 13:15
|
#5 |
|
Member
Iscritto dal: Jun 2004
Messaggi: 207
|
ho cancellato file dal programma ma quando provo ad eliminare le cartelle dal pc m dice ke nn è possibile eliminarle....
|
|
|
|
|
10-09-2004, 14:35
|
#6 |
|
Senior Member
Iscritto dal: May 2001
Messaggi: 1740
|
prova dopo il riavvio e magari da modalità provvisoria...
se sei in provissoria fai andhe una scansione con ad-aware
__________________
www.tweakness.net - Trucchi per il PC DECALOGO ANTISPY - GUIDA A HIJACKTHIS - GUIDA AI SERVIZI DI WIN XP - CONSIGLI ANTIVIRUS PER BART'S PE - SP2 SLIPSTREAMING - FAQ WINDOWS XPSP2 - I SERVIZI DOPO SP2 - XP SP2 UNATTENDED - GUIDA A nLite |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 05:04.
