Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Consulto Hijackthis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Consulto Hijackthis

Messaggioda ame23 » mar ott 12, 2004 9:42 pm

Mi servirebbe un consulto suquesta scansione Hijack this:

Logfile of HijackThis v1.98.2
Scan saved at 22.26.46, on 12/10/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\BNL Multiservizi\Multicertify Client\MlsProxy.exe
C:\WINDOWS\PGUpdate.exe
C:\Documents and Settings\Videosound 2000 Srl\Desktop\sciambagnnnnnnn per brindare a un incontrooooooooooooo scambaaaaaaaagnnnnn pre brindare a un ingontrooooooo\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.virgilio.it/clubnet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.netscape.com/home/winsearch.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = https=127.0.0.1:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {714D8667-405F-431C-92C7-057F47A820C4} - C:\WINDOWS\System32\ohe.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Virgilio Rapido - {844FC402-F06A-4A47-ACB9-45BDC9721BD1} - C:\WINDOWS\Downloaded Program Files\VirgilioBands187.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVSCHED32] C:\Programmi\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [AVGuard] C:\PROGRA~1\AVPERS~1\AVGNT.EXE /min
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] C:\Programmi\File comuni\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe
O4 - Global Startup: Multicertify Proxy.lnk = C:\Programmi\BNL Multiservizi\Multicertify Client\MlsProxy.exe
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra button: Umail - {2C7A1F63-499E-4D64-BCAD-CCBCC965023B} - http://www.umail.it (file missing) (HKCU)
O12 - Plugin for .mp3: C:\Programmi\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.virgilio.it/clubnet
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O18 - Filter: text/html - {66E0AF08-08F6-4C19-82A8-0A9B426426D4} - C:\WINDOWS\System32\ohe.dll
O18 - Filter: text/plain - {66E0AF08-08F6-4C19-82A8-0A9B426426D4} - C:\WINDOWS\System32\ohe.dll

Grazie bye ame 23
Avatar utente
ame23
Senior Member
Senior Member
 
Messaggi: 234
Iscritto il: gio set 23, 2004 7:44 pm

Messaggioda crazy.cat » mer ott 13, 2004 7:25 am

Trova questo file ohe.dll lo devi spostare sul desktop e rinominare,riavii il pc in modalità provvisoria e lo cancelli, elimini anche tutti i file temporanei di internet e con hijackthis le voci che ti segnalo qui sotto.
ti scarichi questo programma http://www.MegaLab.it/3002 e fai la scansione e pulizia.
Riprovi a navigare e vediamo come và.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\VIDEOS~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O2 - BHO: (no name) - {714D8667-405F-431C-92C7-057F47A820C4} - C:\WINDOWS\System32\ohe.dll
O9 - Extra button: Umail - {2C7A1F63-499E-4D64-BCAD-CCBCC965023B} - http://www.umail.it (file missing) (HKCU)
O18 - Filter: text/html - {66E0AF08-08F6-4C19-82A8-0A9B426426D4} - C:\WINDOWS\System32\ohe.dll
O18 - Filter: text/plain - {66E0AF08-08F6-4C19-82A8-0A9B426426D4} - C:\WINDOWS\System32\ohe.dll
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising