Vai al contenuto

  • Connettiti con Facebook Log In with Google      Connettiti   
  • Registrati

tambelk

Registrazione 26 ott 2004
Offline Ultima Attività ago 17 2005 11:43
-----

Discussioni che ho iniziato

Hijackthis Log !!!!

26 ottobre 2004 - 01:15

:insane:

Questo il file di Log prodotto dalla scansione sul registro del mio PC.
Chiedo a netquick un aiuto per individuare le chiavi da fixare !!!
Il problema che ho riscontrato sulla macchina e' che la pagina iniziale preimpostata viene costantemente sostituita da un'altra con tutta una serie di links adult, non adult, etc etc e oltre a questo il sistema e' di una lentezza inaudita rispetto a poco tempo fa.
Ho provato a rimuovere gli spyware con adwhare ma puntualmente me lo ritrovo sempre sulla macchina ad ogni riavvio.

Grazie per la cortesia. (Purtroppo non sono molto esperto in queste cose).


Logfile of HijackThis v1.98.2
Scan saved at 14.05.29, on 26/10/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAMMI\LINKBYTE\COMSOCKS\CSKSVR.EXE
C:\PROGRAMMI\SOLSTICE\BIN\SUNWAMD.EXE
C:\WINDOWS\EXPLORER.EXE
C:\SIS300\VI_GRM.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\QBWIN\QBWSCHED.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SOLSTICE\BIN\SUNWLPD.EXE
C:\PROGRAMMI\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMMI\CD-WRITER PLUS\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\PROGRAMMI\TRUST\AMI MOUSE 140T WEB SCROLL\LWBWHEEL.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\APVXDWIN.EXE
C:\PROGRAMMI\AUTOPOSTIT\POSTIT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\OPLIMIT\OCRAWARE.EXE
C:\OPLIMIT\OCRAWR32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\PANDA SOFTWARE\PANDA ANTIVIRUS TITANIUM\PAVPROXY.EXE
C:\PROGRAMMI\AUTOPOSTIT\CNTR.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.rqaevxnpl...M3cxXAC8zRd.jsp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vrlledgpx...hmutU5RaRk.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F1 - win.ini: load=C:\SIS300\VI_GRM.EXE C:\QBWIN\QBWSCHED.EXE
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAMMI\FLASHGET\JCCATCH.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM\OTFQDW~1.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {30E58717-EA3F-7352-9D48-D66E3EAE63A0} - C:\WINDOWS\APPLICATION DATA\KINDMORESECT\SAVECURB.EXE
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CFSLIC] C:\Programmi\Solstice\cachefs\cfslic.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe
O4 - HKLM\..\Run: [sunwlpd] C:\Programmi\Solstice\bin\sunwlpd.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adaptec DirectCD] c:\PROGRA~1\CD-WRI~1\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Rosary Reminder] C:\PROGRAMMI\VIRTUAL ROSARY 4\reminder.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\TRUST\AMI MOUSE 140T WEB SCROLL\LWBWHEEL.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus Titanium\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Wma Each Soap Bin] C:\WINDOWS\All Users\Application Data\SoftHoleWmaEach\Funklong.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [csksvr] C:\PROGRA~1\LINKBYTE\COMSOCKS\csksvr.exe -win32
O4 - HKLM\..\RunServices: [Upsagent] C:\PROGRAMMI\UPSMON\UPSAGENT.EXE
O4 - HKCU\..\Run: [ArGoSoftMailServer] C:\PROGRAM FILES\ARGO SOFTWARE DESIGN\MAIL SERVER\MAILSERVER.EXE
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [online 64] C:\WINDOWS\APPLIC~1\DRAWPR~1\Option Exit.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: AutoPostit.lnk = C:\Programmi\AutoPostit\Postit.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O8 - Extra context menu item: Scarica con FlashGet - C:\PROGRAMMI\FLASHGET\jc_link.htm
O8 - Extra context menu item: Scarica tutto con FlashGet - C:\PROGRAMMI\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\JETCAR.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRAMMI\FLASHGET\JETCAR.EXE
O9 - Extra button: Alice - {D6216605-69CD-4AA8-AB5B-48A8EC2A2A3E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio...tivePreQual.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 194.183.26.1,194.183.26.2,194.183.2.129