View Full Version : Problema con start page, qualcuno può aiutarmi????
snowwhite
11-02-2006, 13:09
Ciao a tutti...da qualche tempo ogni volte che entro in internet mi si apre una pagina iniziale di sfondissimi.net....mi dicono che potrebbe essere un trojan ma ho provato a fare scansioni con antivirus...cleaner....spyware..e nessuno riesce a rilevarlo....qualcono ha una soluzione?????
grazie :)
andorra24
11-02-2006, 13:10
Hai provato anche con ewido? http://download.ewido.net/ewido-setup.exe
snowwhite
12-02-2006, 10:12
Ho provato anche quello ma non lo rileva
andorra24
12-02-2006, 10:21
Ho provato anche quello ma non lo rileva
Posta un log di hijackthis e controlliamo.
ripulisci e immunizza gli hosts
start esegui
ipconfig /flushdns
metti spywareblaster
snowwhite
12-02-2006, 17:12
Posta un log di hijackthis e controlliamo.
Ecco il log...e grazie in anticipo per l'aiuto...molto gentile :)
Logfile of HijackThis v1.91.2
Scan saved at 18.08.15, on 12/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar=http://it.rd.yahoo.com/customize/ycomp/defaults/sb/*http://it.docs.yahoo.com/info/ie6.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default)=http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ConferenceRoom Java Client - http://www.mtv.co.uk/mtv.co.uk/chat/java/cr.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
andorra24
12-02-2006, 17:21
Fixa questa:
R3 - Default URLSearchHook is missing
snowwhite
12-02-2006, 19:31
Fixata ma...purtroppo la pagina resta lì ferma e irremovibile....
andorra24
12-02-2006, 19:36
Fixata ma...purtroppo la pagina resta lì ferma e irremovibile....
Dovresti ripostare un nuovo log di hijackthis ma stavolta me lo devi postare tutto intero e non meta' come il log precedente. Inoltre lancia questo tool:http://www.francydelorenzi.it/component/option,com_remository/Itemid,49/func,download/filecatid,105
snowwhite
13-02-2006, 09:34
ripulisci e immunizza gli hosts
start esegui
ipconfig /flushdns
metti spywareblaster
...ho provato anke questa ma niente....ormai è una questione di principio...devo assolutamente eliminare quella pagina... ;)
snowwhite
13-02-2006, 09:35
Dovresti ripostare un nuovo log di hijackthis ma stavolta me lo devi postare tutto intero e non meta' come il log precedente. Inoltre lancia questo tool:http://www.francydelorenzi.it/component/option,com_remository/Itemid,49/func,download/filecatid,105
...spero che questo log sia completo
Running Processes:
-----------------
#:1 [smss.exe]
File Path: C:\WINDOWS\System32\smss.exe
ProcessID: 448
Threads: 3
Priority: Normal
File Size: 49 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. Tutti i diritti riservati.
Company Name: Microsoft Corporation
File Description: Windows NT Session Manager
Internal Name: smss.exe
Original Filename: smss.exe
Product Name: Sistema operativo Microsoft® Windows®
Created on: 09/09/2002 12.51.38
Last accessed: 13/02/2006 9.44.16
Last modified: 19/08/2004 23.39.44
#:2 [winlogon.exe]
File Path: C:\WINDOWS\system32\winlogon.exe
ProcessID: 536
Threads: 18
Priority: High
File Size: 493 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. Tutti i diritti riservati.
Company Name: Microsoft Corporation
File Description: Applicazione Accesso a Windows NT
Internal Name: winlogon
Original Filename: WINLOGON.EXE
Product Name: Sistema operativo Microsoft® Windows®
Created on: 09/09/2002 12.51.42
Last accessed: 13/02/2006 10.31.01
Last modified: 19/08/2004 23.39.44
#:3 [services.exe]
File Path: C:\WINDOWS\system32\services.exe
ProcessID: 580
Threads: 15
Priority: Normal
File Size: 106 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. Tutti i diritti riservati.
Company Name: Microsoft Corporation
File Description: Applicazione Servizi e Controller
Internal Name: services.exe
Original Filename: services.exe
Product Name: Sistema operativo Microsoft® Windows®
Created on: 31/08/2001 13.00.00
Last accessed: 13/02/2006 9.44.34
Last modified: 19/08/2004 23.39.44
#:4 [lsass.exe]
File Path: C:\WINDOWS\system32\lsass.exe
ProcessID: 592
Threads: 20
Priority: Normal
File Size: 13 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
Internal Name: lsass.exe
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Created on: 09/09/2002 12.51.32
Last accessed: 13/02/2006 9.44.54
Last modified: 19/08/2004 23.39.37
#:5 [svchost.exe]
File Path: C:\WINDOWS\system32\svchost.exe
ProcessID: 744
Threads: 18
Priority: Normal
File Size: 14 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Created on: 31/08/2001 13.00.00
Last accessed: 13/02/2006 9.49.04
Last modified: 19/08/2004 23.39.44
#:6 [svchost.exe]
File Path: C:\WINDOWS\System32\svchost.exe
ProcessID: 860
Threads: 72
Priority: Normal
File Size: 14 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Created on: 31/08/2001 13.00.00
Last accessed: 13/02/2006 10.31.07
Last modified: 19/08/2004 23.39.44
#:7 [CCSETMGR.EXE]
File Path: C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
ProcessID: 1128
Threads: 7
Priority: Normal
File Size: 161 KB
Version: 103.0.3.8
File Version: 103.0.3.8
Product Version: 103.0.3.8
Copyright: Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Symantec Settings Manager Service
Internal Name: ccSetMgr
Original Filename: ccSetMgr.exe
Product Name: Client and Host Security Platform
Created on: 24/08/2004 17.44.18
Last accessed: 13/02/2006 9.47.18
Last modified: 22/02/2005 12.09.40
#:8 [explorer.exe]
File Path: C:\WINDOWS\Explorer.EXE
ProcessID: 1136
Threads: 13
Priority: Normal
File Size: 1010 KB
Version: 6.0.2900.2180
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 6.00.2900.2180
Copyright: © Microsoft Corporation. Tutti i diritti riservati.
Company Name: Microsoft Corporation
File Description: Esplora risorse
Internal Name: explorer
Original Filename: EXPLORER.EXE
Product Name: Sistema operativo Microsoft® Windows®
Created on: 09/09/2002 12.51.30
Last accessed: 13/02/2006 9.44.44
Last modified: 19/08/2004 23.39.35
#:9 [CCEVTMGR.EXE]
File Path: C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
ProcessID: 1224
Threads: 22
Priority: Normal
File Size: 193 KB
Version: 103.0.3.8
File Version: 103.0.3.8
Product Version: 103.0.3.8
Copyright: Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Symantec Event Manager Service
Internal Name: ccEvtMgr
Original Filename: ccEvtMgr.exe
Product Name: Client and Host Security Platform
Created on: 24/08/2004 17.43.12
Last accessed: 13/02/2006 9.47.19
Last modified: 22/02/2005 12.09.38
#:10 [LEXBCES.EXE]
File Path: C:\WINDOWS\system32\LEXBCES.EXE
ProcessID: 1384
Threads: 8
Priority: Normal
File Size: 296 KB
Version: 8.29.0.0
File Version: 8.29
Product Version: 8.29
Copyright: (C) 1993 - 2003 Lexmark International, Inc.
Company Name: Lexmark International, Inc.
File Description: LexBce Service
Internal Name: LexBce Service
Original Filename: LexBceS.exe
Product Name: MarkVision for Windows (32 bit)
Created on: 18/08/2003 15.37.10
Last accessed: 13/02/2006 9.44.48
Last modified: 18/08/2003 15.37.10
#:11 [LEXPPS.EXE]
File Path: C:\WINDOWS\system32\LEXPPS.EXE
ProcessID: 1408
Threads: 10
Priority: Normal
File Size: 170 KB
Version: 8.29.0.0
File Version: 8.29
Product Version: 8.29
Copyright: (C) 1993 - 2003 Lexmark International, Inc.
Company Name: Lexmark International, Inc.
File Description: LEXPPS.EXE
Internal Name: LEXPPS
Original Filename: LEXPPS.EXE
Product Name: MarkVision for Windows (32 bit)
Created on: 18/08/2003 15.32.56
Last accessed: 13/02/2006 9.44.48
Last modified: 18/08/2003 15.32.56
#:12 [spoolsv.exe]
File Path: C:\WINDOWS\system32\spoolsv.exe
ProcessID: 1416
Threads: 13
Priority: Normal
File Size: 56 KB
Version: 5.1.2600.2696
File Version: 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Product Version: 5.1.2600.2696
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: Spooler SubSystem App
Internal Name: spoolsv.exe
Original Filename: spoolsv.exe
Product Name: Microsoft® Windows® Operating System
Created on: 31/08/2001 13.00.00
Last accessed: 13/02/2006 9.44.48
Last modified: 11/06/2005 0.53.32
#:13 [ewidoctrl.exe]
File Path: C:\Programmi\ewido anti-malware\ewidoctrl.exe
ProcessID: 1696
Threads: 5
Priority: Normal
File Size: 13 KB
Version: 3.0.0.1
File Version: 3, 0, 0, 1
Product Version: 3, 0, 0, 1
Copyright: Copyright © 2004
Company Name: ewido networks
File Description: ewido control
Internal Name: ewido control
Original Filename: ewidoctrl.exe
Product Name: ewido control
Created on: 30/11/2005 10.47.52
Last accessed: 13/02/2006 9.49.32
Last modified: 30/11/2005 10.47.52
#:14 [ewidoguard.exe]
File Path: C:\Programmi\ewido anti-malware\ewidoguard.exe
ProcessID: 1744
Threads: 9
Priority: Normal
File Size: 148 KB
Version: 3.0.0.1
File Version: 3, 0, 0, 1
Product Version: 3, 0, 0, 1
Copyright: Copyright © 2004
Company Name: ewido networks
File Description: guard
Internal Name: guard
Original Filename: guard.exe
Product Name: guard
Created on: 18/12/2005 18.41.35
Last accessed: 13/02/2006 9.49.32
Last modified: 18/12/2005 18.41.35
#:15 [NAVAPSVC.EXE]
File Path: C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
ProcessID: 1788
Threads: 11
Priority: Normal
File Size: 154 KB
Version: 10.0.10.13
File Version: 10.00.13
Product Version: 10.00.13
Copyright: Norton AntiVirus 2004 for Windows 98/ME/2000/XP Copyright (c) 2003 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Norton AntiVirus Auto-Protect Service
Internal Name: NAVAPSVC
Original Filename: NAVAPSVC.EXE
Product Name: Norton AntiVirus
Created on: 22/08/2003 9.31.20
Last accessed: 13/02/2006 9.52.30
Last modified: 04/12/2003 20.14.04
#:16 [SAVSCAN.EXE]
File Path: C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
ProcessID: 1860
Threads: 7
Priority: Normal
File Size: 189 KB
Version: 9.2.2.7
File Version:
Product Version: 9.2
Copyright: Copyright (c) 2004 Symantec Corporation
Company Name: Symantec Corporation
File Description: Symantec AntiVirus Scanner
Internal Name: SAVSCAN
Original Filename: SAVSCAN.EXE
Product Name: Symantec AntiVirus AutoProtect
Created on: 09/08/2003 17.26.24
Last accessed: 13/02/2006 9.44.55
Last modified: 25/01/2005 20.48.50
#:17 [svchost.exe]
File Path: C:\WINDOWS\System32\svchost.exe
ProcessID: 1912
Threads: 8
Priority: Normal
File Size: 14 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
Internal Name: svchost.exe
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Created on: 31/08/2001 13.00.00
Last accessed: 13/02/2006 10.31.07
Last modified: 19/08/2004 23.39.44
#:18 [symwsc.exe]
File Path: C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
ProcessID: 292
Threads: 10
Priority: Normal
File Size: 309 KB
Version: 2005.1.2.20
File Version: 2005.1.2.20
Product Version: 2005.1
Copyright: Copyright (c) 1997-2004 Symantec Corporation
Company Name: Symantec Corporation
File Description: Norton Security Center Service
Internal Name: SymWSC.exe
Original Filename: SymWSC.exe
Product Name: Norton Security Center
Created on: 20/07/2005 12.22.39
Last accessed: 13/02/2006 9.45.06
Last modified: 02/11/2004 15.59.50
#:19 [gsicon.exe]
File Path: C:\WINDOWS\system32\GSICON.EXE
ProcessID: 2200
Threads: 3
Priority: Normal
File Size: 88 KB
Version: 3.1.0.0
File Version: 3.1.0
Product Version: 3.1.0
Copyright: Copyright © 2001 GlobeSpan, Inc.
Company Name: GlobeSpan, Inc.
File Description: DSL Modem Monitor
Internal Name: GSICON.EXE
Original Filename: GSICON.EXE
Product Name: DSL Modem
Created on: 24/04/2004 15.33.23
Last accessed: 13/02/2006 10.31.05
Last modified: 13/08/2001 18.28.28
#:20 [dslagent.exe]
File Path: C:\WINDOWS\system32\dslagent.exe
ProcessID: 2236
Threads: 1
Priority: Normal
File Size: 16 KB
Created on: 24/04/2004 15.33.22
Last accessed: 13/02/2006 9.46.20
Last modified: 21/08/2001 18.50.02
#:21 [Amoumain.exe]
File Path: C:\Programmi\Trust\Ami Mouse 250S Cordless\Amoumain.exe
ProcessID: 2364
Threads: 1
Priority: Normal
File Size: 192 KB
Created on: 15/11/2001 12.44.54
Last accessed: 13/02/2006 9.46.25
Last modified: 15/11/2001 12.44.54
#:22 [iTunesHelper.exe]
File Path: C:\Programmi\iTunes\iTunesHelper.exe
ProcessID: 2432
Threads: 4
Priority: Normal
File Size: 280 KB
Version: 4.5.0.31
File Version: 4.5.0.31
Product Version: 4.5.0.31
Copyright: © 2003-2004 Apple Computer, Inc. All Rights Reserved.
Company Name: Apple Computer, Inc.
File Description: iTunesHelper Module
Internal Name: iTunesHelper
Original Filename: iTunesHelper.exe
Product Name: iTunes
Created on: 21/04/2004 10.28.18
Last accessed: 13/02/2006 9.46.35
Last modified: 21/04/2004 10.28.18
#:23 [qttask.exe]
File Path: C:\Programmi\QuickTime\qttask.exe
ProcessID: 2484
Threads: 2
Priority: Normal
File Size: 96 KB
Version: 6.5.1.17
File Version: 6.5.1
Product Version: QuickTime 6.5.1
Copyright: © Apple Computer, Inc. 2001-2004
Company Name: Apple Computer, Inc.
File Description:
Internal Name: QuickTime Task
Original Filename: QTTask.exe
Product Name: QuickTime
Created on: 30/04/2004 16.55.17
Last accessed: 13/02/2006 9.46.33
Last modified: 30/04/2004 16.55.17
#:24 [lxbkbmgr.exe]
File Path: C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe
ProcessID: 2496
Threads: 1
Priority: Normal
File Size: 56 KB
Version: 0.1.1.1
File Version: 0.1.1.1
Product Version: 0.1.1.1
Copyright: (C) 2002 Lexmark International, Inc.
Company Name: Lexmark International, Inc.
File Description: Lexmark X1100 Series Button Manager
Internal Name: lxbkbmgr.exe
Original Filename: lxbkbmgr.exe
Product Name: Button Manager Executable
Created on: 19/08/2003 16.01.32
Last accessed: 13/02/2006 10.31.10
Last modified: 19/08/2003 16.01.32
#:25 [iPodService.exe]
File Path: C:\Programmi\iPod\bin\iPodService.exe
ProcessID: 2508
Threads: 6
Priority: Normal
File Size: 392 KB
Version: 4.5.0.31
File Version: 4.5.0.31
Product Version: 4.5.0.31
Copyright: © 2003-2004 Apple Computer, Inc. All Rights Reserved.
Company Name: Apple Computer, Inc.
File Description: iPodService Module
Internal Name: iPodService
Original Filename: iPodService.exe
Product Name: iTunes
Created on: 21/04/2004 10.28.04
Last accessed: 13/02/2006 9.46.35
Last modified: 21/04/2004 10.28.04
#:26 [CCAPP.EXE]
File Path: C:\Programmi\File comuni\Symantec Shared\ccApp.exe
ProcessID: 2528
Threads: 22
Priority: Normal
File Size: 57 KB
Version: 103.0.3.8
File Version: 103.0.3.8
Product Version: 103.0.3.8
Copyright: Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Symantec User Session
Internal Name: ccApp
Original Filename: ccApp.exe
Product Name: Client and Host Security Platform
Created on: 24/08/2004 17.42.40
Last accessed: 13/02/2006 9.47.22
Last modified: 22/02/2005 12.09.38
#:27 [lxbkbmon.exe]
File Path: C:\Programmi\Lexmark X1100 Series\lxbkbmon.exe
ProcessID: 2572
Threads: 1
Priority: Normal
File Size: 52 KB
Version: 0.1.1.1
File Version: 0.1.1.1
Product Version: 0.1.1.1
Copyright: (C) 2002 Lexmark International, Inc.
Company Name: Lexmark International, Inc.
File Description: Lexmark X1100 Series Button Monitor
Internal Name: lxbkbmon.exe
Original Filename: lxbkbmon.exe
Product Name: Button Monitor Executable
Created on: 19/08/2003 16.00.40
Last accessed: 13/02/2006 9.46.36
Last modified: 19/08/2003 16.00.40
#:28 [CfgWiz.exe]
File Path: C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe
ProcessID: 2692
Threads: 7
Priority: Normal
File Size: 121 KB
Version: 4.0.0.92
File Version: 4.0.0.92
Product Version: 4.0
Copyright: Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Symantec Internal Component
Internal Name: ConfigWiz
Original Filename: ConfigWiz.exe
Product Name: Symantec Shared Components
Created on: 09/09/2003 13.30.24
Last accessed: 13/02/2006 9.46.47
Last modified: 09/09/2003 13.30.24
#:29 [ctfmon.exe]
File Path: C:\WINDOWS\system32\ctfmon.exe
ProcessID: 2776
Threads: 1
Priority: Normal
File Size: 15 KB
Version: 5.1.2600.2180
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product Version: 5.1.2600.2180
Copyright: © Microsoft Corporation. All rights reserved.
Company Name: Microsoft Corporation
File Description: CTF Loader
Internal Name: CTFMON
Original Filename: CTFMON.EXE
Product Name: Microsoft® Windows® Operating System
Created on: 09/09/2002 12.51.28
Last accessed: 13/02/2006 9.46.51
Last modified: 19/08/2004 23.39.35
#:30 [SpySweeper.exe]
File Path: C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
ProcessID: 2888
Threads: 1
Priority: Normal
File Size: 595 KB
Version: 1.7.0.8
File Version: 1.7.0.8
Product Version: 1.0.0.0
Copyright: Copyright (c) 2001-2003 Webroot Software, Inc.
Company Name: Webroot Software, Inc.
File Description: Spy Sweeper
Internal Name:
Original Filename:
Product Name: Spy Sweeper
Created on: 09/02/2006 21.11.51
Last accessed: 13/02/2006 9.47.35
Last modified: 21/05/2003 13.56.24
#:31 [msmsgs.exe]
File Path: C:\Programmi\Messenger\msmsgs.exe
ProcessID: 3896
Threads: 5
Priority: Normal
File Size: 1654 KB
Version: 4.7.0.3001
File Version: 4.7.3001
Product Version: Version 4.7.3001
Copyright: Copyright (c) Microsoft Corporation 2004
Company Name: Microsoft Corporation
File Description: Windows Messenger
Internal Name: msmsgs
Original Filename: msmsgs.exe
Product Name: Messenger
Created on: 14/04/2003 18.30.14
Last accessed: 13/02/2006 10.29.25
Last modified: 13/10/2004 17.24.37
#:32 [OPSCAN.EXE]
File Path: C:\Programmi\Norton Internet Security\Norton AntiVirus\OPScan.exe
ProcessID: 324
Threads: 8
Priority: Normal
File Size: 65 KB
Version: 10.0.2.610
File Version: 10.0.2.610
Product Version: 10.0.2.610
Copyright: Copyright (c) 2000-2003 Symantec Corporation. All rights reserved.
Company Name: Symantec Corporation
File Description: Norton AntiVirus Out of Process Scan Server
Internal Name: OPScan
Original Filename: OPScan.exe
Product Name: Norton AntiVirus
Created on: 14/08/2003 18.00.02
Last accessed: 13/02/2006 10.30.10
Last modified: 10/11/2003 12.30.22
#:33 [HiJack.exe]
File Path: C:\Programmi\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
ProcessID: 3712
Threads: 7
Priority: Normal
File Size: 404 KB
Version: 1.0.0.1
File Version: 1, 0, 0, 1
Product Version: 1, 0, 0, 1
Copyright: Copyright (C) 2003
Company Name:
File Description: HiJack MFC Application
Internal Name: System Hijack Scanner
Original Filename: HiJackNT.EXE
Product Name: System Hijack Scanner
Created on: 14/05/2003 20.19.48
Last accessed: 13/02/2006 10.30.40
Last modified: 14/05/2003 20.19.48
System Hijack Scanner Entries:
---------------
R0 - HKCU\Software\Microsoft\Internet Explorer\Main, Local Page=\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main, Local Page=C:\WINDOWS\system32\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar, LinksFolderName=Collegamenti
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_page_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main, Default_search_url=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main, search bar=http://it.rd.yahoo.com/customize/ycomp/defaults/sb/*http://it.docs.yahoo.com/info/ie6.html
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search, SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R2 - HKCU\Software\Microsoft\Internet Explorer\SearchURL, Default=http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R3 - URLSearchHook: Hook per la ricerca di URL Microsoft - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - %SystemRoot%\System32\shdocvw.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - ToolBar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - ToolBar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE (file missing)
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB (file missing)
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe (file missing)
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (file missing)
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Programmi\File comuni\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT" (file missing)
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpySweeper] C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Start Up: C:\Documents and Settings\UTENTE\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
O4 - User Start Up: C:\Documents and Settings\UTENTE\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
O4 - Global Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
O4 - Global Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
O4 - Global Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
O4 - Global User Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\desktop.ini
O4 - Global User Start Up: C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Microsoft Office.lnk
O5 - HKCU\control panel\don't load: ncpa.cpl = No
O5 - HKCU\control panel\don't load: odbccp32.cpl = No
O16 - DPF: ConferenceRoom Java Client ((no name)) - http://www.mtv.co.uk/mtv.co.uk/chat/java/cr.cab
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} ((no name)) - http://codecs.microsoft.com/codecs/i386/msaudio.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} ((no name)) - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} ((no name)) - http://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TCPIP\Parameters\Interfaces\{6758B06E-B93F-4906-B867-56983879B31D}, NameServer=85.37.17.7 85.38.28.95
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll"
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
andorra24
13-02-2006, 10:14
Il log e' pulito. Ci sono solo alcune voci di file missing che potresti fixare:
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE (file missing)
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB (file missing)
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (file missing)
Ti consiglio di disinstallare questo programma:
C:\Programmi\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
SpywareRemover e' inserito nella rogue list di SpywareWarrior ed e' ritenuto inaffidabile e sospetto.
Fai una scansione con questo tool:http://www.francydelorenzi.it/component/option,com_remository/Itemid,49/func,download/filecatid,105
e una scansione con bitdefender free:http://www.bitdefender.com/site/Download/downloadFile/340/EN/
snowwhite
13-02-2006, 18:31
Il log e' pulito. Ci sono solo alcune voci di file missing che potresti fixare:
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE (file missing)
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB (file missing)
O4 - HKLM\..\Run: [WheelMouse] Amoumain.exe (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime (file missing)
Ti consiglio di disinstallare questo programma:
C:\Programmi\BulletProofSoft.com\SpywareRemover\HS\HiJack.exe
SpywareRemover e' inserito nella rogue list di SpywareWarrior ed e' ritenuto inaffidabile e sospetto.
Fai una scansione con questo tool:http://www.francydelorenzi.it/component/option,com_remository/Itemid,49/func,download/filecatid,105
e una scansione con bitdefender free:http://www.bitdefender.com/site/Download/downloadFile/340/EN/
...ma sei fantasticaaaaaaaaaaaa.....ho lanciato il primo tool che mi hai suggerito e...in unminuto problema risolto....davvero non so come ringraziarti.....
andorra24
13-02-2006, 19:22
...ma sei fantasticaaaaaaaaaaaa.....ho lanciato il primo tool che mi hai suggerito e...in unminuto problema risolto....davvero non so come ringraziarti.....
Bene, mi fa piacere. :)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.