Vi prego aiutatemi a risolvere questo problema che mi logora da giorni sul pc dell'ufficio...Ho provato a fare tutto quello indicato nella guida ma niente da fare...AVG continua a segnalarmi questo virus: 2028.exe nella cartella content.ie5 sotto la cartella temporary internet files di windows. ecco il log di hajackthis...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.30.25, on 03/06/2008
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.51 SP2 (5.51.4807.2300)
Boot mode: Normal
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\APPSERV\APACHE\APACHE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\EXPLORER.EXE
C:\APPSERV\APACHE\APACHE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAMMI\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\COBIAN BACKUP 6\COBBU.EXE
C:\PROGRAMMI\TEXTBRIDGE PRO 8.0\BIN\INSTANTACCESS.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\CAPRPCS.EXE
C:\PROGRAMMI\ULTRAVNC\WINVNC.EXE
C:\PROGRAMMI\APS01\APS01.EXE
C:\PROGRAMMI\TAGREADER\TAGREADER.EXE
C:\PROGRAMMI\GESTIONENEGOZIO\GESTIONENEGOZIO.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\CAPPSW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\COBIAN BACKUP 6\COBUI.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\HIJACKTHIS\HIJACKTHIS.EXE
C:\WINDOWS\SYSTEM\WBEM\WINMGMT.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAMMI\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAMMI\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\SYSTEM\CAPON.EXE
O4 - HKLM\..\Run: [Cobian Backup 6] "C:\PROGRAMMI\COBIAN BACKUP 6\CobBU.exe"
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\BIN\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus DX4000 Series] C:\WINDOWS\SYSTEM\E_S7I0E1.EXE /F "c:\windows\TEMP\E_SF161.TMP" /EF "HKLM"
O4 - HKLM\..\Run: [wimsnn] Wscript C:\WINDOWS\LICENSEMSE.VBS /B
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\BIN\REGIST~1.EXE
O4 - HKLM\..\RunServices: [Apache] "C:\APPSERV\APACHE\APACHE.EXE" -k start -n Apache
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe /background
O4 - HKUS\.DEFAULT\..\Run: [MSMSGS] C:\Programmi\Messenger\msmsgs.exe /background (User 'Default user')
O4 - .DEFAULT Startup: UltraVNC Server.lnk = C:\Programmi\UltraVNC\winvnc.exe (User 'Default user')
O4 - .DEFAULT Startup: Finestra di stato di Canon LBP-810.LNK = C:\WINDOWS\SYSTEM\CAPPSW.EXE (User 'Default user')
O4 - .DEFAULT Startup: APS01.lnk = C:\Programmi\APS01\APS01.exe (User 'Default user')
O4 - .DEFAULT Startup: TAGReader.lnk = C:\Programmi\TAGReader\TAGReader.exe (User 'Default user')
O4 - .DEFAULT Startup: Gestione Negozio.lnk = C:\Programmi\GestioneNegozio\GestioneNegozio.exe (User 'Default user')
O4 - .DEFAULT Startup: mysqld-nt.exe (User 'Default user')
O4 - Startup: UltraVNC Server.lnk = C:\Programmi\UltraVNC\winvnc.exe
O4 - Startup: Finestra di stato di Canon LBP-810.LNK = C:\WINDOWS\SYSTEM\CAPPSW.EXE
O4 - Startup: APS01.lnk = C:\Programmi\APS01\APS01.exe
O4 - Startup: TAGReader.lnk = C:\Programmi\TAGReader\TAGReader.exe
O4 - Startup: Gestione Negozio.lnk = C:\Programmi\GestioneNegozio\GestioneNegozio.exe
O4 - Startup: mysqld-nt.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
--
End of file - 5233 bytes
Grazie a tutti !
Rispondi quotando