|
|||||||
|
|
|
 |
|
|
Strumenti |
13-11-2004, 22:07
|
#1 |
|
Junior Member
Iscritto dal: Nov 2004
Città: roma
Messaggi: 9
|
dirottamento del browser
Ho provato di tutto, anche quanto consigliato nel forum. Vi listo la "Stratuplist" AIUTATEMIIIIIIIIIIII.
StartupList report, 13/11/2004, 14.44.42 StartupList version: 1.52 Started from : C:\DOCUME~1\GAETAN~1\IMPOST~1\Temp\StartupList.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccProxy.exe F:\PROGRAMMI\NORTON\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Programmi\File comuni\WinTools\WToolsS.exe C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe F:\PROGRAMMI\NORTON\Norton AntiVirus\SAVScan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe C:\WINDOWS\system32\letsroll.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\WINDOWS\SYSTEM32\qttask.exe C:\Programmi\File comuni\WinTools\WToolsA.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Toolbar\PIB.exe C:\Programmi\Nikon\NkView6\NkvMon.exe C:\Programmi\File comuni\WinTools\WSup.exe C:\Programmi\Microsoft Office\Office\1040\msoffice.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Messenger\msmsgs.exe C:\PROGRA~1\WinZip\winzip32.exe C:\DOCUME~1\GAETAN~1\IMPOST~1\Temp\StartupList.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Gaetano PERROTTA\Menu Avvio\Programmi\Esecuzione automatica] Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica] Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run SystemTray = SysTray.Exe GSICONEXE = GSICON.EXE DSLAGENTEXE = dslagent.exe USB msnappau = "C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\msnappau.exe" NeroCheck = C:\WINDOWS\system32\NeroCheck.exe system = C:\WINDOWS\system32\letsroll.exe ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" URLLSTCK.exe = F:\PROGRAMMI\NORTON\UrlLstCk.exe SSC_UserPrompt = C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe QuickTime Task = "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime WinTools = C:\Programmi\File comuni\WinTools\WToolsA.exe TBPS = C:\Programmi\Toolbar\TBPS.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe msnmsgr = "C:\Programmi\MSN Messenger\msnmsgr.exe" /background Symantec NetDriver Warning = C:\PROGRA~1\SYMNET~1\SNDWarn.exe -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Programmi\NewDotNet\newdotnet6_38.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} (no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F} (no name) - C:\PROGRA~1\FILECO~1\WinTools\WToolsB.dll - {87766247-311C-43B4-8499-3D5FEC94A183} (no name) - C:\Programmi\Toolbar\toolbar.dll - {8952A998-1E7E-4716-B23D-3DBE03910972} (no name) - C:\Programmi\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} Web assistant - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (no name) - C:\Programmi\MSN Apps\MSN Toolbar\01.02.3000.1001\it\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} NAV Helper - F:\PROGRAMMI\NORTON\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} -------------------------------------------------- Enumerating Task Scheduler jobs: Avvio ottimizzazione applicazione.job Utilità di pianificazione di Prevenzione e risoluzione dei problemi per Raccolta dati.job Symantec NetDetect.job {0DBB8607-2469-4604-9C2C-08B9D316121A}_Default.job {4D4F8DD4-0648-4ED6-8509-B243F036266D}_Default.job {80180815-867D-4D13-9E78-FB7D8A080389}_Default.job {8D150EEB-D55C-400D-BC06-60680B6180A0}_Gaetano PERROTTA.job {1C654E7A-C328-45A7-835A-28CDC47A7C6C}_Gaetano PERROTTA.job {A329ADB7-71EB-46C0-B4C0-B97B1746CE7E}_Gaetano PERROTTA.job Disinstalla Promemoria scadenza.job -------------------------------------------------- Enumerating Download Program Files: [Yahoo! Audio Conferencing] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\YACSCOM.DLL CODEBASE = http://cs6.chat.yahoo.com/v43/yacscom.cab [HouseCall Control] InProcServer32 = C:\WINDOWS\DOWNLO~1\xscan53.ocx CODEBASE = http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab [{9F1C11AA-197B-4942-BA54-47A8489BB47F}] CODEBASE = http://v4.windowsupdate.microsoft.co...919.1735416667 [MSN Photo Upload Control] InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\MSNPUPLD.DLL CODEBASE = http://communities.msn.it/scr/MsnPUpld.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/s...sh/swflash.cab -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: C:\DOCUME~1\GAETAN~1\IMPOST~1\Temp\~611026.tmp -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: UPnPMonitor: C:\WINDOWS\system32\upnpui.dll PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll -------------------------------------------------- End of report, 7.950 bytes Report generated in 0,180 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only 
|
|
|
|
13-11-2004, 23:23
|
#2 |
|
Senior Member
Iscritto dal: Nov 2004
Città: Modena ©2007 Diritti Riservati Vecchio Nick: Pinhead Vecchi Post: 2204
Messaggi: 584
|
Prova a dare una ripulita con questo:
http://www.intermute.com/spysubtract..._download.html ricorda di disabilitare il system restore e di chiudere tutte le finestre di explorer prima...
__________________
Quant'è bella giovinezza che si fugge tuttavia! Chi vuol esser lieto, sia: di doman non c'è certezza  La croce nel nick non è una T...è proprio una croce... |
|
|
|
|
13-11-2004, 23:44
|
#3 |
|
Junior Member
Iscritto dal: Nov 2004
Città: roma
Messaggi: 9
|
risposta
Ho provato ma nulla da fare. Il file in questione che non riesco a cancellare è:
C:\Programmi\File comuni\WinTools\WToolsS.exe Come posso fare? |
|
|
|
|
14-11-2004, 00:12
|
#4 |
|
Senior Member
Iscritto dal: Mar 2004
Città: Rimini
Messaggi: 10296
|
Ciao,
la tua "startup list" indica parecchi processi legati a toolbar e schifezze assortite. I processi seguenti andrebbero tutti eliminati, unitamente alle cartelle "toolbar" e "wintools", naturalmente riavviando in modalità provvisoria. C:\PROGRA~1\Toolbar\TBPSSvc.exe C:\Programmi\File comuni\WinTools\WToolsS.exe C:\Programmi\File comuni\WinTools\WToolsA.exe C:\PROGRA~1\Toolbar\TBPS.exe C:\Programmi\Toolbar\PIB.exe C:\Programmi\File comuni\WinTools\WSup.exe Naturalmente devi attivare la visualizzazione di file e cartelle nascoste e di sistema, devi cancellare tutti i file temporanei, i temporanei di internet e disattivare il system restore. Il log però dovresti generarlo con hijackthis che fornisce un quadro molto più completo
__________________
sometimes they come back *** Life Happens! - (Professionista I.T. - Tecnico Telecomunicazioni) Latitude E6420 I7 2760QM SSD Crucial M4-512GB --- Tecra R840 I5 2520M SSD Samsung 830-256GB --- Macbook Pro 13,3" I5 2435M SSD Samsung 830-256GB |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 10:47.
