Condividi:        

PROBLEMI POWERSOFT NAME

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

PROBLEMI POWERSOFT NAME

Postdi citroen2 » 08/08/06 22:45

CIAO MI PRESENTO SONO DI ROMA NON SONO UN GRANDE DEL PC HO UN GRANDE PROBLEMA IL PROBLEMA (POWERSOFT)LEGGENDO HO ESEGUITO Logfile of HijackThis v1.99.1
Scan saved at 23.31.39, on 08/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\QuickTime\qttask.exe
C:\Documents and Settings\IBMR51\Dati applicazioni\sgrunt\IE4321.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\IBMR51\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trenoincasa.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Ipswitch.WsftpBrowserHelper - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Programmi\WS_FTP Pro\wsbho2K0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\IBMR51\Dati applicazioni\sgrunt\IE4321.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.3
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.linkautomatici.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.playitalia.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.skymasters.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.superspots.biz
O15 - Trusted Zone: http://www.xbeta69.com
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://bad-rap.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/free/adulto.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{09B03992-20CE-44FD-9585-2AD032C2F084}: NameServer = 85.37.17.16 85.38.28.68
O17 - HKLM\System\CS1\Services\Tcpip\..\{09B03992-20CE-44FD-9585-2AD032C2F084}: NameServer = 85.37.17.16 85.38.28.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe

QUESTA FORMA.POTETE AIUTARMI.GRAZIE DI CUORE
l'arte di riprodure in miniatura
citroen2
Newbie
 
Post: 1
Iscritto il: 08/08/06 22:35
Località: roma ostia lido

Sponsor
 

Postdi andorra24 » 08/08/06 22:57

Ciao, come prima cosa lancia il tool di rimozione del malware sgrunt:
http://www.francydelorenzi.it/component ... ecatid,105

Dopo aver effettuato la scansione con quel tool passiamo al log di hijackthis. Metti la spunta nella casellina accanto alle seguenti voci e dopo aver chiuso il browser e ogni altra finestra di programmi aperta premi fix checked:

O4 - HKLM\..\Run: [Olympic] C:\Documents and Settings\IBMR51\Dati applicazioni\sgrunt\IE4321.exe
O15 - Trusted Zone: *.3 (se non lo conosci eliminalo)
O15 - Trusted Zone: http://www.adslconnection.name
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.linkautomatici.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.playitalia.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.skymasters.biz
O15 - Trusted Zone: http://www.softlab.name
O15 - Trusted Zone: http://www.superspots.biz
O15 - Trusted Zone: http://www.xbeta69.com
O15 - Trusted Zone: http://www.xxx-content.name
O16 - DPF: {16E166F9-35E8-4CA5-B50D-5CEFABF45B09} - http://www.sgrunt.biz/dai.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.sgrunt.biz/free/adulto.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Assicurati che sparisca dal tuo pc il seguente file:
C:\Documents and Settings\IBMR51\Dati applicazioni\sgrunt\IE4321.exe (dopo elimina anche la cartella sgrunt)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "PROBLEMI POWERSOFT NAME":


Chi c’è in linea

Visitano il forum: Nessuno e 30 ospiti