Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Ho provato da solo ma non ci riesco a togliere ENERGY PLUS

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Ho provato da solo ma non ci riesco a togliere ENERGY PLUS

Postdi pinolino » 05/05/06 23:46

Ho letto alcuni vostri post speravo di farcela da solo... ma torna sempre a comparire ENERGY PLUS non mi vuole mollare AIUTO!!!!!!!!!!

vi metto il LOG se qualcuno mi può aiutare.... ringrazio fin da ora...

Logfile of HijackThis v1.99.1
Scan saved at 0.46.26, on 06/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\system32,1.exe
C:\WINDOWS\System32\svchozt.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\systrays.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Pinnacle\Studio 8\programs\studio.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Giacomo\IMPOST~1\Temp\Rar$EX00.969\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\System32\ipv6monr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [ioroxxo microsoft sux] system32,1.exe
O4 - HKLM\..\Run: [Microsoft hosst machine] taskhosst.exe
O4 - HKLM\..\Run: [Windows Helper] C:\WINDOWS\System32\svchozt.exe
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [MS Service] systrays.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] system32,1.exe
O4 - HKLM\..\RunServices: [Microsoft hosst machine] taskhosst.exe
O4 - HKLM\..\RunServices: [MS Service] systrays.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] system32,1.exe
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6313636542
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 499_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC7E8F2-34D6-4C6D-B9B5-C2F2D8B58143}: NameServer = 85.37.17.55 85.38.28.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{2CC7E8F2-34D6-4C6D-B9B5-C2F2D8B58143}: NameServer = 85.37.17.55 85.38.28.93
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
pinolino
Newbie
 
Post: 3
Iscritto il: 05/05/06 23:36
Località: Pistoia

Sponsor
 

Postdi Luke57 » 06/05/06 08:13

Ciao, le istruzioni sono lunghe, magari stampa la pagina.
Per prima cosa metti l’eseguibile (.exe) di hijackthis in una cartella tutta sua del disco fisso, tipo C/HJT, in modo che il programma possa fare un backup delle voci rimosse.
Apri hijackthis, disconnesso da internet e con le applicazioni chiuse, premi “opem the misc tools section”, poi “open process manger”, individua ed evidenzia i processi ( se non ci sono, non ti preoccupare)
C:\WINDOWS\System32\system32,1.exe
C:\WINDOWS\System32\svchozt.exe
C:\WINDOWS\System32\systrays.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
Premi kill process.
Torni al menu principale con back, premi “scan”, cerchi e metti la spunta alle seguenti voci:
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\System32\ipv6monr.dll
O4 - HKLM\..\Run: [ioroxxo microsoft sux] system32,1.exe
O4 - HKLM\..\Run: [Microsoft hosst machine] taskhosst.exe
O4 - HKLM\..\Run: [Windows Helper] C:\WINDOWS\System32\svchozt.exe
O4 - HKLM\..\Run: [MS Service] systrays.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\RunServices: [ioroxxo microsoft sux] system32,1.exe
O4 - HKLM\..\RunServices: [Microsoft hosst machine] taskhosst.exe
O4 - HKLM\..\RunServices: [MS Service] systrays.exe
O4 - HKCU\..\Run: [ioroxxo microsoft sux] system32,1.exe
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 499_it.exe
O23 - Service: MicroSoft Media Tools - Unknown owner - C:\WINDOWS\MSmedia.exe
Premi fix checked
Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK
cerchi ed elimini, se ci sono, i seguenti file:
C:\WINDOWS\System32\system32,1.exe
C:\WINDOWS\System32\svchozt.exe
C:\WINDOWS\System32\systrays.exe
C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe------ > tutta la cartella
C:\WINDOWS\System32\ipv6monr.dll
taskhosst.exe ( da cercare)
rock.exe (da cercare)
C:\WINDOWS\MSmedia.exe
Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)
sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)
svuota il cestino.
Da pannello di controllo.installazioni/applicazioni controlla che non vi siano programmi non installati da te
Per finire scansione on line qui:
http://www.bitdefender.com/scan8/ie.html
Posta nuovo log per controllo
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi pinolino » 06/05/06 13:49

ecco il log dopo aver "ripulito" come da te indicato...

Logfile of HijackThis v1.99.1
Scan saved at 14.47.07, on 06/05/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Real\RealPlayer\RealPlay.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\BitTorrent\bittorrent.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://v4.windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [CloneDVDElbyDelay] "C:\Programmi\Elaborate Bytes\CloneDVD\ElbyCheck.exe" /L ElbyDelay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [RealTray] C:\Programmi\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BitTorrent.lnk = C:\Programmi\BitTorrent\bittorrent.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 6313636542
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CC7E8F2-34D6-4C6D-B9B5-C2F2D8B58143}: NameServer = 85.37.17.55 85.38.28.93
O17 - HKLM\System\CS1\Services\Tcpip\..\{2CC7E8F2-34D6-4C6D-B9B5-C2F2D8B58143}: NameServer = 85.37.17.55 85.38.28.93

non so come ringraziarti... in ogni caso
pinolino
Newbie
 
Post: 3
Iscritto il: 05/05/06 23:36
Località: Pistoia

Postdi Luke57 » 06/05/06 14:40

Ciao, buon lavoro, mi sembra OK ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi pinolino » 07/05/06 00:08

Luke57 ha scritto:Ciao, buon lavoro, mi sembra OK ;)


...grazie 1000 :D

pinolino
pinolino
Newbie
 
Post: 3
Iscritto il: 05/05/06 23:36
Località: Pistoia


Torna a Sicurezza e Privacy


Topic correlati a "Ho provato da solo ma non ci riesco a togliere ENERGY PLUS":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti