Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

UNA MANO TESA-PC OUT.

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

UNA MANO TESA-PC OUT.

Postdi thethunder » 16/09/06 12:50

Salve a tutti..
Ho un amico che non riesce a collegarsi alla rete e mi ha chiesto di aiutarlo..

Posto il log. di hijackthis..

Grazie!

Logfile of HijackThis v1.99.1
Scan saved at 10.29.47, on 15/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\msijavaup32.exe
C:\WINNT\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINNT\system32\WMWPLAYER.EXE
C:\WINNT\system32\internat.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Alice ti aiuta\bin\mad.exe
C:\PROGRA~1\Motive\ASSTCO~1\MOTIVE~1.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\WINNT\msvbn.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msijavaup32.exe
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [Winsock2 driver] WMWPLAYER.EXE
O4 - HKLM\..\Run: [zxwin] rundll32.exe C:\WINNT\system32\zxwin.dll,start
O4 - HKLM\..\Run: [Diami prosessorers] plscd.exe
O4 - HKLM\..\RunServices: [Diami prosessorers] plscd.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] WMWPLAYER.EXE
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3044170790
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: msvbn - Unknown owner - C:\WINNT\msvbn.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Sponsor
 

Postdi andorra24 » 16/09/06 13:11

Vai nel Pannello di controllo/installazione applicazioni e se hai una voce ToolBar888 disinstallala subito.

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'' :

C:\WINNT\system32\msijavaup32.exe
C:\WINNT\msvbn.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

F2 - REG:system.ini: Shell=Explorer.exe msijavaup32.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,msijavaup32.exe
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Programmi\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Winsock2 driver] WMWPLAYER.EXE
O4 - HKLM\..\Run: [zxwin] rundll32.exe C:\WINNT\system32\zxwin.dll,start
O4 - HKLM\..\Run: [Diami prosessorers] plscd.exe
O4 - HKLM\..\RunServices: [Diami prosessorers] plscd.exe
O4 - HKLM\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\RunServices: [Ms Java for Windows NT] msijavaup32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] WMWPLAYER.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O23 - Service: msvbn - Unknown owner - C:\WINNT\msvbn.exe

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema (consigliato)''.

Scarica killbox: http://www.killbox.net/downloads/KillBox.exe
con killbox elimina i seguenti files:
C:\WINNT\system32\msijavaup32.exe
C:\WINNT\msvbn.exe
C:\Programmi\ToolBar888\MyToolBar.dll (dopo elimina l'intera cartella ToolBar888)
C:\WINNT\system32\WMWPLAYER.EXE
C:\WINNT\system32\zxwin.dll
C:\WINNT\system32\plscd.exe

Fai un paio di scansioni perche' potrebbero esserci altre cose nascoste:
http://www.bitdefender.com/scan8/ie.html
http://www.superantispyware.com/downloa ... PYWAREFREE
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi thethunder » 16/09/06 13:30

Grazie!

Ti faccio sapere...
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi thethunder » 21/09/06 18:24

Ciao Andorra,ti rispondo solo oggi perxhè il mio amico era fuori per lavoro...

Con virit ho trovato di tutto e di più...

ora sembra a posto ma la connessione a volte cade....

ti posto il nuovo log....

Saluti e grazie....

Logfile of HijackThis v1.99.1
Scan saved at 19.10.23, on 21/09/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\MSTask.exe
C:\VEXPLITE\viritsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\PDesk\PDesk.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINNT\system32\cmd.exe
C:\WINNT\system32\FTP.EXE
C:\Programmi\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {F0A342F4-FE29-41D0-9E7C-AEF72AB4CDA9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINNT\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Porta Symantec Fax Starter Edition.lnk = C:\Programmi\Microsoft Office\Office\1040\OLFSNT40.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3044170790
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: ssqqpmm - ssqqpmm.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas http://www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13

Postdi andorra24 » 21/09/06 18:43

Ciao, il log adesso va bene, solo un paio di voci inutili da eliminare:

O2 - BHO: (no name) - {F0A342F4-FE29-41D0-9E7C-AEF72AB4CDA9} - (no file)
O20 - Winlogon Notify: ssqqpmm - ssqqpmm.dll (file missing)
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi thethunder » 21/09/06 22:06

OK!

Grazie di tutto...

Sauti
thethunder
Utente Senior
 
Post: 100
Iscritto il: 12/08/06 10:13


Torna a Sicurezza e Privacy


Topic correlati a "UNA MANO TESA-PC OUT.":


Chi c’è in linea

Visitano il forum: Nessuno e 2 ospiti