View Full Version : TR/Dldr.ConHook.Gen incancellabile
lo_straniero
11-10-2007, 19:37
dopo vari tentativi grazie alla pazienza di 2 utenti non sono riuscito ancora a togliere questo maledetto TR/Dldr.ConHook.Gen
http://www.hwupgrade.it/forum/showpost.php?p=19104121&postcount=6964
e
http://www.hwupgrade.it/forum/showpost.php?p=18944313&postcount=6735
ho provato i piu blastonati antivirus ma nulla....
ora ho avira che li vede ma non riesce a toglierli ...................
aiutoooooooooooooooooooooooooooo
wizard1993
11-10-2007, 20:14
log di hiajctkhis ( www.trendsecure.com )
e possibilmente scansione co a-sqared ( www.emsisoft.com )
lo_straniero
11-10-2007, 20:19
log di hiajctkhis ( www.trendsecure.com )
e possibilmente scansione co a-sqared ( www.emsisoft.com )
hihihihihi magari fossi cosi una cagata :D
leggi bene i 2 link che ho messo apposta :p
wizard1993
11-10-2007, 20:23
fai te; ma vorrei vederlo anche io; possibilmente nuovo ì, per lo meno vediamo se è cambiato qualcosa e già che ci sei fai una anche una scan con gmer
Riverside
11-10-2007, 20:42
dopo vari tentativi grazie alla pazienza di 2 utenti non sono riuscito ancora a togliere questo maledettoTR/Dldr.ConHook.Gen
Scarica e lancia Avenger, seleziona input script manually
ed inserisci questo script:
Files to delete:
C:\WINDOWS\system32\pmnnn.dll
c:\WINDOWS\system32\ntesybyt.dll
Ti avevo detto di fixare queste voci:
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\yqkjfhoi.dll",sitypnow
questa, la fixi dopo aver killato quel servizio e dopo aver fatto analizzare atsymtdo.exe su VirusTotal:
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\atsymtdo.exe (file missing)
lo_straniero
11-10-2007, 21:08
fai te; ma vorrei vederlo anche io; possibilmente nuovo ì, per lo meno vediamo se è cambiato qualcosa e già che ci sei fai una anche una scan con gmer
ho messo gmer che devo fare ora?
Scarica e lancia Avenger, seleziona input script manually
ed inserisci questo script:
Files to delete:
C:\WINDOWS\system32\pmnnn.dll
c:\WINDOWS\system32\ntesybyt.dll
Ti avevo detto di fixare queste voci:
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\yqkjfhoi.dll",sitypnow
questa, la fixi dopo aver killato quel servizio e dopo aver fatto analizzare atsymtdo.exe su VirusTotal:
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\atsymtdo.exe (file missing)
grazie per la pazienza i hijackThins li ho fixati
con the avenger mi da errore appena li seleziono e clicco il semaforino :doh: :D
Riverside
11-10-2007, 21:14
con the avenger mi da errore appena li seleziono e clicco il semaforino :doh: :D
Non lo posizionare sul desktop, ma in C:/Avenger
juninho85
11-10-2007, 21:42
è virtumonde,hai voglia a fare scansioni con HJT,se solo avessi letto qualche post prima del tuo sul thread di hijactkhis....;)
prova con questo (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe) tool.
lo_straniero
11-10-2007, 21:43
Non lo posizionare sul desktop, ma in C:/Avenger
fatto ma niente mi da errore
ho provato anche con AGVPFIX.exe mi riavvia e i 2 file sono sempre li li odio :mad:
sei un santo ad avere pazienza :p
lo_straniero
11-10-2007, 21:44
è virtumonde,hai voglia a fare scansioni con HJT,se solo avessi letto qualche post prima del tuo sul thread di hijactkhis....;)
prova con questo (http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe) tool.
[10/11/2007, 21:44:24] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Fatima\Desktop\VirtumundoBeGone.exe" )
[10/11/2007, 21:44:26] - Detected System Information:
[10/11/2007, 21:44:26] - Windows Version: 5.1.2600, Service Pack 2
[10/11/2007, 21:44:26] - Current Username: Fatima (Admin)
[10/11/2007, 21:44:26] - Windows is in NORMAL mode.
[10/11/2007, 21:44:26] - Searching for Browser Helper Objects:
[10/11/2007, 21:44:26] - BHO 1: {048CA0A1-6299-49EC-9778-B4328EA33A34} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[10/11/2007, 21:44:26] - BHO 3: {07C3FDB2-C751-44DC-B7DA-842C771E7980} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 4: {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 5: {20D05B9E-F885-446E-A7AC-1B7C43E69343} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 6: {23EB30A0-37F8-4F04-B551-38A31B516262} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 7: {4224703C-B626-4366-A8B9-0482A33BDF53} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 8: {4C77326C-8D27-41D6-851A-14E5A355A9DC} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 9: {6506A94B-6278-46F5-B861-8AEE3E09398B} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/11/2007, 21:44:26] - BHO 11: {777EA270-3F1F-4101-BE82-D3D45CF9C060} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 12: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 13: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - Checking for HKLM\...\Winlogon\Notify\ntesybyt
[10/11/2007, 21:44:26] - Key not found: HKLM\...\Winlogon\Notify\ntesybyt, continuing.
[10/11/2007, 21:44:26] - BHO 14: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/11/2007, 21:44:26] - BHO 15: {9B70DD28-3024-4D2E-94E8-1B54442B9A51} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 16: {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 17: {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 18: {D358182C-4E05-4300-A3CB-BB2FFCA761DC} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 19: {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - No filename found. Continuing.
[10/11/2007, 21:44:26] - BHO 20: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)
[10/11/2007, 21:44:26] - BHO 21: {E666B026-29F4-41F9-B095-FE0D262CB145} ()
[10/11/2007, 21:44:26] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:44:26] - Checking for HKLM\...\Winlogon\Notify\pmnnn
[10/11/2007, 21:44:26] - Key not found: HKLM\...\Winlogon\Notify\pmnnn, continuing.
[10/11/2007, 21:44:26] - Finished Searching Browser Helper Objects
[10/11/2007, 21:44:26] - Finishing up...
[10/11/2007, 21:44:26] - Nothing found! Exiting...
[10/11/2007, 21:45:18] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[10/11/2007, 21:45:20] - Detected System Information:
[10/11/2007, 21:45:20] - Windows Version: 5.1.2600, Service Pack 2
[10/11/2007, 21:45:20] - Current Username: Fatima (Admin)
[10/11/2007, 21:45:20] - Windows is in NORMAL mode.
[10/11/2007, 21:45:20] - Searching for Browser Helper Objects:
[10/11/2007, 21:45:20] - BHO 1: {048CA0A1-6299-49EC-9778-B4328EA33A34} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[10/11/2007, 21:45:20] - BHO 3: {07C3FDB2-C751-44DC-B7DA-842C771E7980} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 4: {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 5: {20D05B9E-F885-446E-A7AC-1B7C43E69343} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 6: {23EB30A0-37F8-4F04-B551-38A31B516262} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 7: {4224703C-B626-4366-A8B9-0482A33BDF53} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 8: {4C77326C-8D27-41D6-851A-14E5A355A9DC} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 9: {6506A94B-6278-46F5-B861-8AEE3E09398B} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 10: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/11/2007, 21:45:20] - BHO 11: {777EA270-3F1F-4101-BE82-D3D45CF9C060} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 12: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 13: {89AD4D75-2429-462e-BD4E-443F233F6033} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - Checking for HKLM\...\Winlogon\Notify\ntesybyt
[10/11/2007, 21:45:20] - Key not found: HKLM\...\Winlogon\Notify\ntesybyt, continuing.
[10/11/2007, 21:45:20] - BHO 14: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[10/11/2007, 21:45:20] - BHO 15: {9B70DD28-3024-4D2E-94E8-1B54442B9A51} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 16: {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 17: {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 18: {D358182C-4E05-4300-A3CB-BB2FFCA761DC} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 19: {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - No filename found. Continuing.
[10/11/2007, 21:45:20] - BHO 20: {E5A1691B-D188-4419-AD02-90002030B8EE} (FlashFXP Helper for Internet Explorer)
[10/11/2007, 21:45:20] - BHO 21: {E666B026-29F4-41F9-B095-FE0D262CB145} ()
[10/11/2007, 21:45:20] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/11/2007, 21:45:20] - Checking for HKLM\...\Winlogon\Notify\pmnnn
[10/11/2007, 21:45:20] - Key not found: HKLM\...\Winlogon\Notify\pmnnn, continuing.
[10/11/2007, 21:45:20] - Finished Searching Browser Helper Objects
[10/11/2007, 21:45:20] - Finishing up...
[10/11/2007, 21:45:20] - Nothing found! Exiting...
:confused: :confused: :confused: :confused:
juninho85
11-10-2007, 21:46
brutto recchione :mbe:
prova con questo (http://www.atribune.org/public-beta/VundoFix.exe),in alternativa ci sarebbe quest'altro (http://securityresponse.symantec.com/avcenter/FixVundo.exe)
Mazda RX8
11-10-2007, 22:01
dimmi se su C:/Programmi/File Comuni/system ci sono file strani...
lo_straniero
11-10-2007, 22:22
http://www.ourlady.ca/pictures/virpines2.jpg
:yeah: :yeah: :yeah: :yeah: :yeah: :yeah:
problema risolto ragazzi...dopo 1mese e mezzo :D
:yeah: :yeah: :yeah: :yeah:
ho usato VundoFix.exe e mi li ha tolti(non capisco perche l'altra volta non ci è riuscito :confused: )
grazie a tutti quelli che mi hanno suportato ....sopratutto a juninho85 Riverside Mazda RX8 :sofico:
una volta rimosso i vundo ho riavviato .....il bello che il pc si è avviato subito :cool: senza troppi minuti seccanti...ho messo la password all'avvio e ci ha messo un minuto scarso.:cool:
x juninho85:read:
http://i20.tinypic.com/4rs5y0.jpg
________________________________________________________________________
ragazzi queste sono i software per gli antivirus/ecc che ho installati nel pc
ccleaner/a-squared/spybot/avira personaledition classic/comodo firewall pro/vundo
bastano o aggiungo qualche altro soft utile ?:D
________________________________________________________________
ecco spero sia pulito :D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22.19.54, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pack.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {048CA0A1-6299-49EC-9778-B4328EA33A34} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07C3FDB2-C751-44DC-B7DA-842C771E7980} - (no file)
O2 - BHO: (no name) - {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} - (no file)
O2 - BHO: (no name) - {20D05B9E-F885-446E-A7AC-1B7C43E69343} - (no file)
O2 - BHO: (no name) - {23EB30A0-37F8-4F04-B551-38A31B516262} - (no file)
O2 - BHO: (no name) - {4224703C-B626-4366-A8B9-0482A33BDF53} - (no file)
O2 - BHO: (no name) - {4C77326C-8D27-41D6-851A-14E5A355A9DC} - (no file)
O2 - BHO: (no name) - {6506A94B-6278-46F5-B861-8AEE3E09398B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {777EA270-3F1F-4101-BE82-D3D45CF9C060} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8B7C8F78-4470-4AED-89EA-6A5C2A518CEF} - C:\WINDOWS\system32\pmnnn.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B70DD28-3024-4D2E-94E8-1B54442B9A51} - (no file)
O2 - BHO: (no name) - {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} - (no file)
O2 - BHO: (no name) - {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} - (no file)
O2 - BHO: (no name) - {D358182C-4E05-4300-A3CB-BB2FFCA761DC} - (no file)
O2 - BHO: (no name) - {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqrppmm - C:\WINDOWS\
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 7573 bytes
Mazda RX8
11-10-2007, 22:31
fixa:
O20 - Winlogon Notify: rqrppmm - C:\WINDOWS\
O2 - BHO: (no name) - {8B7C8F78-4470-4AED-89EA-6A5C2A518CEF} - C:\WINDOWS\system32\pmnnn.dll (file missing)
xké qsti xké sono tanti??:confused: :confused:
O2 - BHO: (no name) - {9B70DD28-3024-4D2E-94E8-1B54442B9A51} - (no file)
O2 - BHO: (no name) - {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} - (no file)
O2 - BHO: (no name) - {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} - (no file)
O2 - BHO: (no name) - {D358182C-4E05-4300-A3CB-BB2FFCA761DC} - (no file)
O2 - BHO: (no name) - {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} - (no file)
O2 - BHO: (no name) - {07C3FDB2-C751-44DC-B7DA-842C771E7980} - (no file)
O2 - BHO: (no name) - {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} - (no file)
O2 - BHO: (no name) - {048CA0A1-6299-49EC-9778-B4328EA33A34} - (no file)
O2 - BHO: (no name) - {20D05B9E-F885-446E-A7AC-1B7C43E69343} - (no file)
O2 - BHO: (no name) - {23EB30A0-37F8-4F04-B551-38A31B516262} - (no file)
O2 - BHO: (no name) - {4224703C-B626-4366-A8B9-0482A33BDF53} - (no file)
O2 - BHO: (no name) - {4C77326C-8D27-41D6-851A-14E5A355A9DC} - (no file)
O2 - BHO: (no name) - {6506A94B-6278-46F5-B861-8AEE3E09398B} - (no file)
O2 - BHO: (no name) - {777EA270-3F1F-4101-BE82-D3D45CF9C060} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
straniero
puoi anche fixiare(disabilitato prima il ripristinio di config di sistema) alcuni voci dell'avvio che sono superlfue come:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
cosi il pc si avvierà ancora più veloce:D
Mazda RX8
11-10-2007, 22:36
straniero
puoi anche fixiare(disabilitato prima il ripristinio di config di sistema) alcuni voci dell'avvio che sono superlfue come:
cosi il pc si avvierà ancora più veloce:D
qsti no!!!:D :D
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Riverside
11-10-2007, 22:51
problema risolto ragazzi...dopo 1 mese e mezzo ...... ho usato VundoFix.exe e mi li ha tolti
Era ora ;)
grazie a tutti quelli che mi hanno suportato ....sopratutto a juninho85 Riverside Mazda RX8 :sofico:
Riverside :nonsifa: porcaccia miseria :cry: il mio primo script per Avenger e non ci ho preso :muro:
qsti no!!!:D :D
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
pardon
juninho85
11-10-2007, 22:58
qsti no!!!:D :D
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
son comunque superflui,nel senso che son tutte impostazione facilmente raggiungibili con un tasto destro sul desktop/impostazioni/avanzate e sopratutto non compromettono il corretto funzionamento della scheda video
lo_straniero
11-10-2007, 22:58
fixa:
O20 - Winlogon Notify: rqrppmm - C:\WINDOWS\
O2 - BHO: (no name) - {8B7C8F78-4470-4AED-89EA-6A5C2A518CEF} - C:\WINDOWS\system32\pmnnn.dll (file missing)
xké qsti xké sono tanti??:confused: :confused:
O2 - BHO: (no name) - {9B70DD28-3024-4D2E-94E8-1B54442B9A51} - (no file)
O2 - BHO: (no name) - {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} - (no file)
O2 - BHO: (no name) - {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} - (no file)
O2 - BHO: (no name) - {D358182C-4E05-4300-A3CB-BB2FFCA761DC} - (nofile)
O2 - BHO: (no name) - {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} - (no file)
O2 - BHO: (no name) - {07C3FDB2-C751-44DC-B7DA-842C771E7980} - (no file)
O2 - BHO: (no name) - {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} - (no file)
O2 - BHO: (no name) - {048CA0A1-6299-49EC-9778-B4328EA33A34} - (no file)
O2 - BHO: (no name) - {20D05B9E-F885-446E-A7AC-1B7C43E69343} - (no file)
O2 - BHO: (no name) - {23EB30A0-37F8-4F04-B551-38A31B516262} - (no file)
O2 - BHO: (no name) - {4224703C-B626-4366-A8B9-0482A33BDF53} - (no file)
O2 - BHO: (no name) - {4C77326C-8D27-41D6-851A-14E5A355A9DC} - (no file)
O2 - BHO: (no name) - {6506A94B-6278-46F5-B861-8AEE3E09398B} - (no file)
O2 - BHO: (no name) - {777EA270-3F1F-4101-BE82-D3D45CF9C060} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
straniero
puoi anche fixiare(disabilitato prima il ripristinio di config di sistema) alcuni voci dell'avvio che sono superlfue come:
cosi il pc si avvierà ancora più veloce:D
qsti no!!!:D :D
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
decidetevi :doh: :ciapet: :banned: :muro: :D :D :D
Era ora ;)
Riverside :nonsifa: porcaccia miseria :cry: il mio primo script per Avenger e non ci ho preso :muro:
grazie Riverside:Prrr: :read:
juninho85
11-10-2007, 23:01
ragazzi queste sono i software per gli antivirus/ecc che ho installati nel pc
ccleaner/a-squared/spybot/avira personaledition classic/comodo firewall pro/vundo
bastano o aggiungo qualche altro soft utile ?:D
ti rimando a questo (http://www.hwupgrade.it/forum/showthread.php?t=1476319) thread
Mazda RX8
11-10-2007, 23:02
decidetevi :doh: :ciapet: :banned: :muro: :D :D :D
fixa tutti quelli ke abbiamo detto io e Gle tranne:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
lo_straniero
11-10-2007, 23:13
ti rimando a questo (http://www.hwupgrade.it/forum/showthread.php?t=1476319) thread
:read: ok :D
fixa tutti quelli ke abbiamo detto io e Gle tranne:
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.11.23, on 11/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pack.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {048CA0A1-6299-49EC-9778-B4328EA33A34} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {07C3FDB2-C751-44DC-B7DA-842C771E7980} - (no file)
O2 - BHO: (no name) - {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} - (no file)
O2 - BHO: (no name) - {20D05B9E-F885-446E-A7AC-1B7C43E69343} - (no file)
O2 - BHO: (no name) - {23EB30A0-37F8-4F04-B551-38A31B516262} - (no file)
O2 - BHO: (no name) - {4224703C-B626-4366-A8B9-0482A33BDF53} - (no file)
O2 - BHO: (no name) - {4C77326C-8D27-41D6-851A-14E5A355A9DC} - (no file)
O2 - BHO: (no name) - {6506A94B-6278-46F5-B861-8AEE3E09398B} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {777EA270-3F1F-4101-BE82-D3D45CF9C060} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B70DD28-3024-4D2E-94E8-1B54442B9A51} - (no file)
O2 - BHO: (no name) - {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} - (no file)
O2 - BHO: (no name) - {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} - (no file)
O2 - BHO: (no name) - {D358182C-4E05-4300-A3CB-BB2FFCA761DC} - (no file)
O2 - BHO: (no name) - {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} - (no file)
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 6756 bytes
____________________________________________________
O2 - BHO: (no name) - {9B70DD28-3024-4D2E-94E8-1B54442B9A51} - (no file)
O2 - BHO: (no name) - {A23AE8EA-D6BA-403A-BFB5-C34FCD43CC1F} - (no file)
O2 - BHO: (no name) - {AB638F54-8A87-4EB8-BF4B-9769946ACE8E} - (no file)
O2 - BHO: (no name) - {D358182C-4E05-4300-A3CB-BB2FFCA761DC} - (no file)
O2 - BHO: (no name) - {DE6FB5C6-97C8-49B7-BCC2-1DA7BB307D2F} - (no file)
O2 - BHO: (no name) - {07C3FDB2-C751-44DC-B7DA-842C771E7980} - (no file)
O2 - BHO: (no name) - {0BA06BE8-4873-43E5-AC4B-D89EB94C2DB4} - (no file)
O2 - BHO: (no name) - {048CA0A1-6299-49EC-9778-B4328EA33A34} - (no file)
O2 - BHO: (no name) - {20D05B9E-F885-446E-A7AC-1B7C43E69343} - (no file)
O2 - BHO: (no name) - {23EB30A0-37F8-4F04-B551-38A31B516262} - (no file)
O2 - BHO: (no name) - {4224703C-B626-4366-A8B9-0482A33BDF53} - (no file)
O2 - BHO: (no name) - {4C77326C-8D27-41D6-851A-14E5A355A9DC} - (no file)
O2 - BHO: (no name) - {6506A94B-6278-46F5-B861-8AEE3E09398B} - (no file)
O2 - BHO: (no name) - {777EA270-3F1F-4101-BE82-D3D45CF9C060} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
e questi?che faccio fixo :D
Riverside
11-10-2007, 23:23
..... e questi?che faccio fixo :D
Fixali tutti.
lo_straniero
12-10-2007, 00:39
Fixali tutti.
grazie capo :sofico:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.38.43, on 12/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Comodo\Firewall\CPF.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Winamp\winamp.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://pack.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Programmi\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{57F6F824-557B-480D-900B-60C81D672323}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\__GameS__\medal airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
--
End of file - 5709 bytes
Riverside
12-10-2007, 10:57
Logfile of Trend Micro HijackThis v2.0.2
Adesso è a posto :cool:
lo_straniero
12-10-2007, 13:22
Adesso è a posto :cool:
non smetto mai di ringraziarvi raga...:sofico: :sofico: :sofico: il mio pc è una scheggia e non si blocca piu :oink:
Salve raga... :help: :help: :help: :help: :help: :help: :help: :help: :help:
Ho lo stesso identico problema..
Ma dal topic non ho ben capito come fare per togliere questo virus...
Scusate se rompo ma sono disperato..
ho antivir e ogni 5 secondi circa mi segnala questo maledetto trojan.
Per ora l'ho messo in ignore perchè sennò è impossibile utilizzare er pc...
Potreste dirmi cosa devo fare per farvi vedere tutta la lista di file, fixare, non fixare, etc etc....
Spero in un aiuto..
Grazie comunque.
juninho85
20-10-2007, 13:07
hai eseguito i vari vundofix?
Mazda RX8
20-10-2007, 14:45
Salve raga... :help: :help: :help: :help: :help: :help: :help: :help: :help:
Ho lo stesso identico problema..
Ma dal topic non ho ben capito come fare per togliere questo virus...
Scusate se rompo ma sono disperato..
ho antivir e ogni 5 secondi circa mi segnala questo maledetto trojan.
Per ora l'ho messo in ignore perchè sennò è impossibile utilizzare er pc...
Potreste dirmi cosa devo fare per farvi vedere tutta la lista di file, fixare, non fixare, etc etc....
Spero in un aiuto..
Grazie comunque.
posta il log di HiJackThis...
juninho85
20-10-2007, 14:46
posta il log di HiJackThis...
guarda,senza ravanarsi troppo i pensieri,eseguendo i vundofix pone rimedio
Mazda RX8
20-10-2007, 14:47
guarda,senza ravanarsi troppo i pensieri,eseguendo i vundofix pone rimedio
mi ma io voglio vedere se ci sono altre skifezze...:D
Ecco qui:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.28.13, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\eMule\eMule\emule.exe
C:\Program Files\mIRC\mirc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Program Files\HiJackThis\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O4 - HKLM\..\Run: [OFFICEKB] C:\Programmi\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [E06IXLRD_128453] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.sfondissimi.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38CB21A0-389D-43D7-8F10-20F8522EC57A}: NameServer = 85.37.17.44 85.38.28.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC27226-02FB-4227-9F58-F1242E6C2011}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ssqrrrr.dll
O20 - Winlogon Notify: mcdduk - C:\WINDOWS\SYSTEM32\mcdduk.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: DirectX Service (Suroj) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
--
End of file - 10712 bytes
Mazda RX8
20-10-2007, 18:03
fixa:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O15 - Trusted Zone: www.sfondissimi.net
O20 - AppInit_DLLs: c:\windows\system32\ssqrrrr.dll
O20 - Winlogon Notify: mcdduk - C:\WINDOWS\SYSTEM32\mcdduk.dll
O23 - Service: DirectX Service (Suroj) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
fixa:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - ....
...ecc ecc.
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
Eltura
Come diceva il buon juninho85, devi usare VUNDOFIX: clicca qui per il download (http://www.atribune.org/ccount/click.php?id=4) e se non sai usarlo ecco qui una breve e semplice guida: guida Vundofix (http://security.p2pforum.it/vundofix)
Facci sapere
Mazda RX8
20-10-2007, 21:27
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
me lo scordo sempre di dirlo...:fagiano: :stordita:
EDIT: Raga..... alcune domande...
Per fixare gli altri cos'è che devo fare prima?
Ultima domanda, con vundo se faccio scan, non ho capito COSA mi trova...
Comunque credo di aver rimosso totalmente la minaccia, almeno, ora antivir non lo rileva + ogni 5 secondi quindi....
Per essere sicuri vi posto HiJackThis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.09.18, on 20/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\intel_a\code\bin\CATSysDemon.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HiJackThis_v2.exe
C:\Programmi\Internet Explorer\iexplore.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O4 - HKLM\..\Run: [OFFICEKB] C:\Programmi\Trust\DS-3300X Wireless Optical Deskset\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Trust_CR-1200_16-in-1_USB2_CARD_READER\shwicon2k.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SMSTray] C:\Programmi\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [MAAgent] C:\Programmi\MarkAny\ContentSafer\MAAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKCU\..\Run: [E06IXLRD_128453] "C:\Programmi\Microsoft Encarta\Microsoft Encarta Enciclopedia DVD - 2006\EDICT.EXE" -m
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programmi\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: www.sfondissimi.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{38CB21A0-389D-43D7-8F10-20F8522EC57A}: NameServer = 85.37.17.44 85.38.28.90
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAC27226-02FB-4227-9F58-F1242E6C2011}: NameServer = 212.216.112.222,212.216.172.162
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\ssqrrrr.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Programmi\Dassault Systemes\B16\intel_a\code\bin\intel_a\code\bin\CATSysDemon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Unknown owner - C:\Programmi\iPod\bin\iPodService.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: DirectX Service (Suroj) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
--
End of file - 10592 bytes
Mazda RX8
20-10-2007, 22:11
qsti nn li hai fixati??:confused:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O15 - Trusted Zone: www.sfondissimi.net
O20 - AppInit_DLLs: c:\windows\system32\ssqrrrr.dll
O20 - Winlogon Notify: mcdduk - C:\WINDOWS\SYSTEM32\mcdduk.dll
O23 - Service: DirectX Service (Suroj) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
qsti nn li hai fixati??:confused:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - (no file)
O15 - Trusted Zone: www.sfondissimi.net
O20 - AppInit_DLLs: c:\windows\system32\ssqrrrr.dll
O20 - Winlogon Notify: mcdduk - C:\WINDOWS\SYSTEM32\mcdduk.dll
O23 - Service: DirectX Service (Suroj) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing)
No perchè prima:
Mazda RX8 Quote:
Originariamente inviato da Gle89
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
me lo scordo sempre di dirlo...
Cioè che dovrei fare prima?
juninho85
21-10-2007, 00:42
parti dal presupposto che se ti intestardisci con hijackthis per eliminare vundo non ne vieni a capo.
se vuoi risolvere il problema esegui questo dannato vundofix e non se ne parla più,una volta per tutte....risolvi prima il problema te ed eviti di far perdere del tempo a noi
Eltura
Come diceva il buon juninho85, devi usare VUNDOFIX: clicca qui per il download (http://www.atribune.org/ccount/click.php?id=4) e se non sai usarlo ecco qui una breve e semplice guida: guida Vundofix (http://security.p2pforum.it/vundofix)
Facci sapere
infatti ribadisco le cose qui sopra quotate!
parti dal presupposto che se ti intestardisci con hijackthis per eliminare vundo non ne vieni a capo.
se vuoi risolvere il problema esegui questo dannato vundofix e non se ne parla più,una volta per tutte....risolvi prima il problema te ed eviti di far perdere del tempo a noi
No allora forse non si è capito...
Io col programma vundofix ho fatto tutto...
Ora il virus non compare più ok?
Ora ho postato hijackthis per vedere gli altri problemi..
Mi è stato detto di fixare delle cose con hijackthis ( altre cose non il virus in questione ) però io ho un dubbio perchè lo farei anche ma nel post di Gle89 dice questo:
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
Capito? Ecco come faccio a fare questo che ha detto Gle89 per poi fixare le altre cose dette da Mazda con hijackthis?
Ora spero sia chiaro :D
Mazda RX8
21-10-2007, 10:05
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
Capito? Ecco come faccio a fare questo che ha detto Gle89 per poi fixare le altre cose dette da Mazda con hijackthis?
Ora spero sia chiaro :D
vai su pannello di controllo--->Sistema--->ripristino di configuazione di sys e metti la spunta su disattiva...:)
lancetta
21-10-2007, 11:14
calma...a volte nel voler aiutare tutti insieme si confonde l'utente..............
@Eltura
la regola è:qualsiasi cosa si faccia prima si deve disabilitare il ripristino perchè spessissimo i virus per riavviarsi si annidano lì.....
Saluti:cool:
calma...a volte nel voler aiutare tutti insieme si confonde l'utente..............
@Eltura
la regola è:qualsiasi cosa si faccia prima si deve disabilitare il ripristino perchè spessissimo i virus per riavviarsi si annidano lì.....
Saluti:cool:
pardon, non volevo creare confusione :D
xcdegasp
21-10-2007, 17:51
No allora forse non si è capito...
Io col programma vundofix ho fatto tutto...
Ora il virus non compare più ok?
Ora ho postato hijackthis per vedere gli altri problemi..
Mi è stato detto di fixare delle cose con hijackthis ( altre cose non il virus in questione ) però io ho un dubbio perchè lo farei anche ma nel post di Gle89 dice questo:
Madza se vuoi far fixare delle voci devi far disabilitare il ripristinio di configurazione di sistema!!!
Capito? Ecco come faccio a fare questo che ha detto Gle89 per poi fixare le altre cose dette da Mazda con hijackthis?
Ora spero sia chiaro :D
se quoti un utente cerca di usare correttamente i tag [QUOTE] altrimenti non si capisce nulla e viene fuori un miscuglio come sopra ;)
prima di un nuovo log fai il vundofix, se lo hai già fatto sappi che non hai una situazione proprio rosea nel pc ;)
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.