HiJackThis - Analisi Log - leggere Regole di Sezione - Pagina 124

SerPaguroSniffa³ · 12-06-2006, 12:59

nessuno sa risolvere il mio problema?

chevalier · 12-06-2006, 13:01

ecco...e te pareva?...
sono al punto di partenza ed ora... diciamo che quasi tutte le pagine web hanno lo stesso problema...
visto che alla fine dell'indirizzo del pop-up fantasma appare una scritta di java.com:,
http://cc0000&color_border=ffffff&re...10&u_java=true
(se ci clikki sopra vedrai che appare anche a te la pagina bianca)
ho disinstallato il java della sun system.... ma non è servito a nulla!!
non so più cosa fare... spero che qualcun'altro abbia qualche idea...
il mio timore è che, anche se formatto di nuovo... il problema mi si ripresenti
nello stesso modo...
grazie dell'aiuto

Guglielmo

lucadue · 12-06-2006, 13:46

potete dare uno sguardo al log di un mio amico
grazie

Logfile of HijackThis v1.99.1
Scan saved at 14.29.43, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\Programmi\ewido anti-malware\ewidoctrl.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\CyberLink\Shared files\RichVideo.exe
D:\WINDOWS\System32\snmp.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\D-Tools\daemon.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\WINDOWS\sm56hlpr.exe
D:\Programmi\Web Accelerator\slipcore.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
D:\Programmi\Web Accelerator\slipgui.exe
D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
D:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Francesco\Programmi\Analizza sistema\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [kis] "D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [SlipStream] "D:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = D:\Programmi\Web Accelerator\slipgui.exe
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programmi\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programmi\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing)
O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

Bugs Bunny · 12-06-2006, 14:48

mai vista roba del genere:
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com

poi per questo scansiona con un antivirus:
D:\WINDOWS\system32\inetsrv\inetinfo.exe
mi pare nient'altro

Pollo82 · 12-06-2006, 14:58

Quote:

Originariamente inviato da juninho85

il log non mostra nulla di sospetto,hai provato ad eseguire un programma antispyware?

Appunto è questo che mi puzza... Ho provato di tutto 8000 antivirus, antispyware, utility ma niente che può essere? Più che altro mi preoccupa la scritta della memoria virtuale su qualsiasi pc della rete...

Cheza89 · 12-06-2006, 17:03

Salve a tutti!
Purtroppo questa mattina quando ho acceso il computer mi è arrivato un messaggio allarmante dal mio antivirus‚ avast‚ che mi ha avvertita dell'invasione di questo strano virus (WIN32:ADWARE–GEN·?[adw])·
Le conseguenze sono state immediate infatti questo maledetto virus deve aver scombinato qualcosa all'interno tanto che ora non posso più nemmeno andare in internet (compare la pagina “impossibile trovare il server") e così via per qualunque cosa (non si aggiorna nemmeno avast perchè dice che non riesce a connettersi a nessun server)·?Lì per lì ho pensato subito a un problema di connessione ma invece ho scoperto che nel computer (un mac dal quale sto scrivendo ora) di mia madre va tutto benissimo·
Aiutatemi‚ vi prego‚ non so come fare!
Ho fatto fare la scansione di ogni singola parte del computer da parte di avast: inizialmente mi ha trovato una valanga di virus che ho cancellato immediatamente poi non ha più rilevato nulla ma il problema non è risolto‚ anzi‚ persiste!
Ho letto su vari forum che per aiutarmi era necessario una cosa di cui non avevo mai sentito parlare‚ il logfile di HijackThis‚ ma che ho fatto nella speranza di risolvere questo disastro·
Eccol0:

Logfile of HijackThis v1.99.1
Scan saved at 16.04.08‚ on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\HPConfig.exe
C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\PROGRA~1\HPQ\ONE–TO~1\OneTouch.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programmi\MessengerPlus! 3\MsgPlus.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
C:\WINDOWS\system32\ctfmon.exe
D:\HijackThis.exe

R0 – HKCU\Software\Microsoft\Internet Explorer\Main‚Start Page = http://www.google.it/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Default_Page_URL = http://desktop.presario.net/scripts/red … 410&ac
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Search Bar = http://search.presario.net/scripts/redi … mp;ap=b204
R0 – HKLM\Software\Microsoft\Internet Explorer\Main‚Start Page = http://desktop.presario.net/scripts/red … 410&ac
R0 – HKLM\Software\Microsoft\Internet Explorer\Search‚SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar‚LinksFolderName = Collegamenti
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 – BHO: My Search BHO – {014DA6C1–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 – BHO: MySearch Search Assistant BHO – {04079851–5845–4dea–848C–3ECD647AA554} – C:\Programmi\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Programmi\MSN Apps\ST\01.03.0000.1005\en–xu\stmain.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\programmi\google\googletoolbar1.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\programmi\google\googletoolbar1.dll
O3 – Toolbar: My Search Bar – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O4 – HKLM\..\Run: [CARPService] carpserv.exe
O4 – HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe –d
O4 – HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 – HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s
O4 – HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE–TO~1\OneTouch.EXE
O4 – HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 – HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 – HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 – HKLM\..\Run: [iTunesHelper] “C:\Programmi\iTunes\iTunesHelper.exe"
O4 – HKLM\..\Run: [QuickTime Task] “C:\Programmi\QuickTime\qttask.exe” –atboottime
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [MessengerPlus3] “C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe
O4 – HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe –quiet
O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O8 – Extra context menu item: &Google Search – res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.h … zeb01264IT
O8 – Extra context menu item: &Translate English Word – res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html
O8 – Extra context menu item: Backward Links – res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 – Extra context menu item: Cached Snapshot of Page – res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O8 – Extra context menu item: Similar Pages – res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 – Extra context menu item: Translate Page into English – res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html
O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programmi\Messenger\msmsgs.exe
O10 – Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing
O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/ms … b31267.cab
O16 – DPF: {14B87622–7E19–4EA8–93B3–97215F77A6BC} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/Me … b31267.cab
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/fu … 8211;2.cab
O16 – DPF: {1EDF25DE–DFB2–40CA–AA83–30AE7DA8C203} (FileSharingCtrl Class) – http://appdirectory.messenger.msn.com/A … ngctrl.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab
O16 – DPF: {2917297F–F02B–4B9D–81DF–494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/Mi … b31267.cab
O16 – DPF: {4F1E5B1A–2A80–42CA–8532–2D05CB959537} (MSN Photo Upload Tool) – http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/Me … b31267.cab
O16 – DPF: {9122D757–5A4F–4768–82C5–B4171D8556A7} (PhotoPickConvert Class) – http://appdirectory.messenger.msn.com/A … tPkMSN.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMe … loader.cab
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://messenger.zone.msn.com/binary/ZI … b32846.cab
O16 – DPF: {E6187999–9FEC–46A1–A20F–F4CA977D5643} (ZoneChess Object) – http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 – DPF: {F04A8AE2–A59D–11D2–8792–00C04F8EF29D} (Hotmail Attachments Control) – http://by109fd.bay109.hotmail.msn.com/a … Atchmt.ocx
O16 – DPF: {F6BF0D00–0B2A–4A75–BF7B–F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/So … b31267.cab
O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing)
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashWebSv.exe” /service (file missing)
O23 – Service: C–DillaCdaC11BA – C–Dilla Ltd – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: HP Configuration Interface Service (HPConfig) – Hewlett–Packard – C:\WINDOWS\system32\HPConfig.exe
O23 – Service: HPWirelessMgr – Hewlett–Packard Co·?– C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 – Service: iPod Service (iPodService) – Apple Computer‚ Inc·?– C:\Programmi\iPod\bin\iPodService.exe
O23 – Service: Macromedia Licensing Service – Macromedia – C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe

Spero che qualcuno di voi possa aiutarmi perchè sto letteralmente impazzendo a causa di tutto questo!!!
Vi ringrazio per l'attenzione‚
Buona giornata!
Sofia

andorra24 · 12-06-2006, 17:11

Cheza89 fixa queste voci:

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Default_Page_URL = http://desktop.presario.net/scripts/red … 410&ac
R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Search Bar = http://search.presario.net/scripts/redi … mp;ap=b204
R0 – HKLM\Software\Microsoft\Internet Explorer\Main‚Start Page = http://desktop.presario.net/scripts/red … 410&ac
R0 – HKLM\Software\Microsoft\Internet Explorer\Search‚SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm
R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing)
O2 – BHO: My Search BHO – {014DA6C1–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O2 – BHO: MySearch Search Assistant BHO – {04079851–5845–4dea–848C–3ECD647AA554} – C:\Programmi\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL
O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 – Toolbar: My Search Bar – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL
O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE
O4 – HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe
O4 – HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe
O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.h … zeb01264IT
O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O10 – Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing
O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/fu … 8211;2.cab
O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab

Fai una scansione con ewido:
http://download.ewido.net/ewido-setup.exe

Cheza89 · 12-06-2006, 17:21

Cosa vuol dire fixa???? O____O

aaaaarg scusate ma nn ci capisco 'na mazza!!!
Grazie mille cmq x avermi risposto!
Ciaoooo

andorra24 · 12-06-2006, 17:36

Quote:

Originariamente inviato da Cheza89

Cosa vuol dire fixa???? O____O

aaaaarg scusate ma nn ci capisco 'na mazza!!!
Grazie mille cmq x avermi risposto!
Ciaoooo

Metti la spunta nella casellina accanto a tutte le voci che ti ho elencato sopra e premi fix checked. Fallo a browser chiuso, mi raccomando. E fai la scansione con ewido anche.

wgator · 12-06-2006, 17:44

Quote:

Originariamente inviato da andorra24

...

lucadue · 12-06-2006, 17:47

Quote:

Originariamente inviato da Bugs Bunny

mai vista roba del genere:
O1 - Hosts: 205.238.40.2 www.winmx.com
O1 - Hosts: 205.238.40.2 err.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com
O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com
O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com
O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com
O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com
O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com
O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com
O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com
O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com
O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com
O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com
O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com
O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com

sono gli host di winmx
chiunque abbia installato winmx sul pc li ha
sul mio ci sono anche x cui non sono pericolosi

andorra24 · 12-06-2006, 17:51

Quote:

Originariamente inviato da wgator

Mi sento la protagonista del film Torna a casa Lassie.

chry80 · 12-06-2006, 18:03

Quote:

Originariamente inviato da andorra24

Mi sento la protagonista del film Torna a casa Lassie.

ben tornataaaa

SerPaguroSniffa³ · 12-06-2006, 18:29

nessuno sa risolvere il mio problema?

Logfile of HijackThis v1.99.1
Scan saved at 19.28.40, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Temp\oyna1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\Admin\IMPOST~1\Temp\Directory temporanea 7 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

andorra24 · 12-06-2006, 18:29

Quote:

Originariamente inviato da chry80

ben tornataaaa

Grazie

andorra24 · 12-06-2006, 18:34

SerPaguroSniffa³ fixa queste:

C:\WINDOWS\Temp\oyna1.exe
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

lucadue · 12-06-2006, 18:40

Quote:

Originariamente inviato da SerPaguroSniffa³

nessuno sa risolvere il mio problema?

Logfile of HijackThis v1.99.1
Scan saved at 19.28.40, on 12/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\acer\epm\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\Temp\oyna1.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Messenger\msmsgs.exe
C:\DOCUME~1\Admin\IMPOST~1\Temp\Directory temporanea 7 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

dovrebbero essere questi

C:\WINDOWS\Temp\oyna1.exe
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe

SerPaguroSniffa³ · 12-06-2006, 18:42

ora gli ho eliminati..ma certi li avevo già eliminati e sono tornati..speriamo che ora funzioni

andorra24 · 12-06-2006, 18:51

Quote:

Originariamente inviato da SerPaguroSniffa³

ora gli ho eliminati..ma certi li avevo già eliminati e sono tornati..speriamo che ora funzioni

Dopo aver fatto il fix con hijackthis vai in C:\Programmi e assicurati di sbarazzarti della cartella LinkOptimizer.

lucadue · 12-06-2006, 18:53

disattiva il ripristino altrimenti ritornano x forza

12-06-2006, 14:48	#2464
Bugs Bunny Senior Member Iscritto dal: Aug 2005 Città: Genova Messaggi: 3397	mai vista roba del genere: O1 - Hosts: 205.238.40.2 www.winmx.com O1 - Hosts: 205.238.40.2 err.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com poi per questo scansiona con un antivirus: D:\WINDOWS\system32\inetsrv\inetinfo.exe mi pare nient'altro __________________ Rimozione Worm/Rootkit Bagle - Rimozione Trojan Vundo - Rimozione virus MSN Messenger -Rimozione virus su chiavetta o errori di file mancante all'apertura del disco fisso - NT AUTHORITY SYSTEM spegne il pc ad ogni avvio. Cosa fare?(worm sasser/blaster/rustock) - Thread Ufficiale firewall software

12-06-2006, 17:03	#2466
Cheza89 Junior Member Iscritto dal: Jun 2006 Messaggi: 6	WIN32:ADWARE-GEN. [adw] ha infestato il mio pc! Salve a tutti! Purtroppo questa mattina quando ho acceso il computer mi è arrivato un messaggio allarmante dal mio antivirus‚ avast‚ che mi ha avvertita dell'invasione di questo strano virus (WIN32:ADWARE–GEN·?[adw])· Le conseguenze sono state immediate infatti questo maledetto virus deve aver scombinato qualcosa all'interno tanto che ora non posso più nemmeno andare in internet (compare la pagina “impossibile trovare il server") e così via per qualunque cosa (non si aggiorna nemmeno avast perchè dice che non riesce a connettersi a nessun server)·?Lì per lì ho pensato subito a un problema di connessione ma invece ho scoperto che nel computer (un mac dal quale sto scrivendo ora) di mia madre va tutto benissimo· Aiutatemi‚ vi prego‚ non so come fare! Ho fatto fare la scansione di ogni singola parte del computer da parte di avast: inizialmente mi ha trovato una valanga di virus che ho cancellato immediatamente poi non ha più rilevato nulla ma il problema non è risolto‚ anzi‚ persiste! Ho letto su vari forum che per aiutarmi era necessario una cosa di cui non avevo mai sentito parlare‚ il logfile di HijackThis‚ ma che ho fatto nella speranza di risolvere questo disastro· Eccol0: Logfile of HijackThis v1.99.1 Scan saved at 16.04.08‚ on 12/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\HPConfig.exe C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\carpserv.exe C:\PROGRA~1\HPQ\ONE–TO~1\OneTouch.EXE C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\Programmi\iPod\bin\iPodService.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe C:\WINDOWS\system32\ctfmon.exe D:\HijackThis.exe R0 – HKCU\Software\Microsoft\Internet Explorer\Main‚Start Page = http://www.google.it/ R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Default_Page_URL = http://desktop.presario.net/scripts/red … 410&ac R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Search Bar = http://search.presario.net/scripts/redi … mp;ap=b204 R0 – HKLM\Software\Microsoft\Internet Explorer\Main‚Start Page = http://desktop.presario.net/scripts/red … 410&ac R0 – HKLM\Software\Microsoft\Internet Explorer\Search‚SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar‚LinksFolderName = Collegamenti R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 – BHO: My Search BHO – {014DA6C1–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL O2 – BHO: Yahoo! Companion BHO – {02478D38–C3F9–4efb–9B51–7695ECA05670} – C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O2 – BHO: MySearch Search Assistant BHO – {04079851–5845–4dea–848C–3ECD647AA554} – C:\Programmi\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 – BHO: ST – {9394EDE7–C8B5–483E–8773–474BF36AF6E4} – C:\Programmi\MSN Apps\ST\01.03.0000.1005\en–xu\stmain.dll O2 – BHO: Google Toolbar Helper – {AA58ED58–01DD–4d91–8333–CF10577473F7} – c:\programmi\google\googletoolbar1.dll O2 – BHO: MSNToolBandBHO – {BDBD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 – Toolbar: MSN – {BDAD1DAD–C946–4A17–ADC1–64B5B4FF55D0} – C:\Programmi\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 – Toolbar: Yahoo! Companion – {EF99BD32–C1FB–11D2–892F–0090271D4F88} – C:\Programmi\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll O3 – Toolbar: &Google – {2318C2B1–4965–11d4–9B18–009027A5CD4F} – c:\programmi\google\googletoolbar1.dll O3 – Toolbar: My Search Bar – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL O4 – HKLM\..\Run: [CARPService] carpserv.exe O4 – HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe –d O4 – HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 – HKLM\..\Run: [Display Settings] C:\Programmi\HPQ\Notebook Utilities\hptasks.exe /s O4 – HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HPQ\ONE–TO~1\OneTouch.EXE O4 – HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 – HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 – HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe O4 – HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 – HKLM\..\Run: [iTunesHelper] “C:\Programmi\iTunes\iTunesHelper.exe" O4 – HKLM\..\Run: [QuickTime Task] “C:\Programmi\QuickTime\qttask.exe” –atboottime O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 – HKLM\..\Run: [MessengerPlus3] “C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 – HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe O4 – HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 – HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe –quiet O4 – Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 – Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE O8 – Extra context menu item: &Google Search – res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.h … zeb01264IT O8 – Extra context menu item: &Translate English Word – res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 – Extra context menu item: Backward Links – res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 – Extra context menu item: Cached Snapshot of Page – res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O8 – Extra context menu item: Similar Pages – res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 – Extra context menu item: Translate Page into English – res://c:\programmi\google\GoogleToolbar1.dll/cmtrans.html O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programmi\Messenger\msmsgs.exe O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Programmi\Messenger\msmsgs.exe O10 – Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing O16 – DPF: {00B71CFB–6864–4346–A978–C0A14556272C} (Checkers Class) – http://messenger.zone.msn.com/binary/ms … b31267.cab O16 – DPF: {14B87622–7E19–4EA8–93B3–97215F77A6BC} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/Me … b31267.cab O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation Tool) – http://go.microsoft.com/fwlink/?linkid=39204 O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/fu … 8211;2.cab O16 – DPF: {1EDF25DE–DFB2–40CA–AA83–30AE7DA8C203} (FileSharingCtrl Class) – http://appdirectory.messenger.msn.com/A … ngctrl.cab O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab O16 – DPF: {2917297F–F02B–4B9D–81DF–494B6333150B} (Minesweeper Flags Class) – http://messenger.zone.msn.com/binary/Mi … b31267.cab O16 – DPF: {4F1E5B1A–2A80–42CA–8532–2D05CB959537} (MSN Photo Upload Tool) – http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 – DPF: {8E0D4DE5–3180–4024–A327–4DFAD1796A8D} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/Me … b31267.cab O16 – DPF: {9122D757–5A4F–4768–82C5–B4171D8556A7} (PhotoPickConvert Class) – http://appdirectory.messenger.msn.com/A … tPkMSN.cab O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab O16 – DPF: {B38870E4–7ECB–40DA–8C6A–595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/MsnMe … loader.cab O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) – http://messenger.zone.msn.com/binary/ZI … b32846.cab O16 – DPF: {E6187999–9FEC–46A1–A20F–F4CA977D5643} (ZoneChess Object) – http://messenger.zone.msn.com/binary/Chess.cab31267.cab O16 – DPF: {F04A8AE2–A59D–11D2–8792–00C04F8EF29D} (Hotmail Attachments Control) – http://by109fd.bay109.hotmail.msn.com/a … Atchmt.ocx O16 – DPF: {F6BF0D00–0B2A–4A75–BF7B–F385591623AF} (Solitaire Showdown Class) – http://messenger.zone.msn.com/binary/So … b31267.cab O18 – Protocol: msnim – {828030A1–22C1–4009–854F–8E305202313F} – “C:\PROGRA~1\MSNMES~1\msgrapp.dll” (file missing) O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 – Service: avast! Antivirus – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 – Service: avast! Mail Scanner – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe” /service (file missing) O23 – Service: avast! Web Scanner – Unknown owner – C:\Programmi\Alwil Software\Avast4\ashWebSv.exe” /service (file missing) O23 – Service: C–DillaCdaC11BA – C–Dilla Ltd – C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 – Service: HP Configuration Interface Service (HPConfig) – Hewlett–Packard – C:\WINDOWS\system32\HPConfig.exe O23 – Service: HPWirelessMgr – Hewlett–Packard Co·?– C:\Programmi\HPQ\Notebook Utilities\HPWirelessMgr.exe O23 – Service: iPod Service (iPodService) – Apple Computer‚ Inc·?– C:\Programmi\iPod\bin\iPodService.exe O23 – Service: Macromedia Licensing Service – Macromedia – C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe Spero che qualcuno di voi possa aiutarmi perchè sto letteralmente impazzendo a causa di tutto questo!!! Vi ringrazio per l'attenzione‚ Buona giornata! Sofia

12-06-2006, 17:11	#2467
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	Cheza89 fixa queste voci: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Default_Page_URL = http://desktop.presario.net/scripts/red … 410&ac R1 – HKLM\Software\Microsoft\Internet Explorer\Main‚Search Bar = http://search.presario.net/scripts/redi … mp;ap=b204 R0 – HKLM\Software\Microsoft\Internet Explorer\Main‚Start Page = http://desktop.presario.net/scripts/red … 410&ac R0 – HKLM\Software\Microsoft\Internet Explorer\Search‚SearchAssistant = http://resultsmaster.com/SmartOffers/Se … ftPane.htm R3 – URLSearchHook: (no name) – {00A6FAF6–072E–44cf–8957–5838F569A31D} – C:\Programmi\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 – BHO: My Search BHO – {014DA6C1–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL O2 – BHO: MySearch Search Assistant BHO – {04079851–5845–4dea–848C–3ECD647AA554} – C:\Programmi\MySearch\SrchAstt\1.bin\MYSRCHAS.DLL O2 – BHO: mwsBar BHO – {07B18EA1–A523–4961–B6BB–170DE4475CCA} – C:\Programmi\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 – Toolbar: My Search Bar – {014DA6C9–189F–421a–88CD–07CFE51CFF10} – C:\Programmi\MySearch\bar\1.bin\S4BAR.DLL O4 – HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 – Global Startup: MyWebSearch Email Plugin.lnk = C:\Programmi\MyWebSearch\bar\1.bin\MWSOEMON.EXE O4 – HKLM\..\Run: [WeatherOnTray] C:\Programmi\HbTools\Bin\4.7.7.0\HbtWeatherOnTray.exe O4 – HKLM\..\Run: [HbTools] C:\Programmi\HbTools\Bin\4.7.7.0\HbtOEAddOn.exe O8 – Extra context menu item: &Search – http://bar.mywebsearch.com/menusearch.h … zeb01264IT O9 – Extra button: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O9 – Extra 'Tools' menuitem: Yahoo! Messenger – {E5D12C4E–7B4F–11D3–B5C9–0050045C3C96} – C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing) O10 – Broken Internet access because of LSP provider 'c:\programmi\newdotnet\newdotnet7_22.dll' missing O16 – DPF: {1D4DB7D2–6EC9–47A3–BD87–1E41684E07BB} – http://ak.imgfarm.com/images/nocache/fu … 8211;2.cab O16 – DPF: {205FF73B–CA67–11D5–99DD–444553540006} (CInstall Class) – http://www.errorguard.com/installation/Install.cab Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe Ultima modifica di andorra24 : 12-06-2006 alle 17:20.

12-06-2006, 17:21	#2468
Cheza89 Junior Member Iscritto dal: Jun 2006 Messaggi: 6	Logfile Cosa vuol dire fixa???? O____O aaaaarg scusate ma nn ci capisco 'na mazza!!! Grazie mille cmq x avermi risposto! Ciaoooo

12-06-2006, 12:59	#2461
SerPaguroSniffa³ Bannato Iscritto dal: Oct 2004 Città: Verona Messaggi: 227	nessuno sa risolvere il mio problema?

12-06-2006, 13:01	#2462
chevalier Member Iscritto dal: Apr 2001 Messaggi: 68	ecco...e te pareva?... sono al punto di partenza ed ora... diciamo che quasi tutte le pagine web hanno lo stesso problema... visto che alla fine dell'indirizzo del pop-up fantasma appare una scritta di java.com:, http://cc0000&color_border=ffffff&re...10&u_java=true (se ci clikki sopra vedrai che appare anche a te la pagina bianca) ho disinstallato il java della sun system.... ma non è servito a nulla!! non so più cosa fare... spero che qualcun'altro abbia qualche idea... il mio timore è che, anche se formatto di nuovo... il problema mi si ripresenti nello stesso modo... grazie dell'aiuto Guglielmo

12-06-2006, 13:46	#2463
lucadue Senior Member Iscritto dal: Mar 2006 Città: Saluzzo (Cuneo) - Trattative ok: 51 Messaggi: 3656	potete dare uno sguardo al log di un mio amico grazie Logfile of HijackThis v1.99.1 Scan saved at 14.29.43, on 12/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe D:\WINDOWS\system32\spoolsv.exe D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe D:\Programmi\ewido anti-malware\ewidoctrl.exe D:\WINDOWS\system32\inetsrv\inetinfo.exe D:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE D:\WINDOWS\system32\nvsvc32.exe D:\Programmi\CyberLink\Shared files\RichVideo.exe D:\WINDOWS\System32\snmp.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wscntfy.exe D:\WINDOWS\Explorer.EXE D:\Programmi\D-Tools\daemon.exe D:\WINDOWS\system32\RUNDLL32.EXE D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe D:\WINDOWS\sm56hlpr.exe D:\Programmi\Web Accelerator\slipcore.exe D:\WINDOWS\system32\ctfmon.exe D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe D:\Programmi\Web Accelerator\slipgui.exe D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe D:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Francesco\Programmi\Analizza sistema\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 205.238.40.2 www.winmx.com O1 - Hosts: 205.238.40.2 err.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3310.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3312.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3315.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3317.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1305.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1305.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1305.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1305.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1305.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1305.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1305.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1305.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1306.winmx.com O1 - Hosts: 67.18.233.36 c3311.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3312.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3313.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3314.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3315.z1306.winmx.com O1 - Hosts: 67.18.233.36 c3316.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3317.z1306.winmx.com O1 - Hosts: 209.67.209.50 c3318.z1306.winmx.com O1 - Hosts: 212.227.64.159 c3319.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1301.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1301.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1301.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1301.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1301.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1302.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1302.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1302.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1302.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1302.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1303.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1303.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1303.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1303.winmx.com O1 - Hosts: 212.227.64.159 c3529.z1303.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3521.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3522.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3523.z1304.winmx.com O1 - Hosts: 212.227.64.159 c3524.z1304.winmx.com O1 - Hosts: 205.238.40.2 c3525.z1304.winmx.com O1 - Hosts: 67.18.233.36 c3526.z1304.winmx.com O1 - Hosts: 82.43.224.20 c3527.z1304.winmx.com O1 - Hosts: 209.67.209.50 c3528.z1304.winmx.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - D:\Programmi\Web Accelerator\PBHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programmi\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - D:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - D:\Programmi\Web Accelerator\components\NOWImaging.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Programmi\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [CloneCDTray] "D:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [kis] "D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [SlipStream] "D:\Programmi\Web Accelerator\slipcore.exe" O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hp psc 2000 Series.lnk = D:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: SlipStream Web Accelerator.lnk = D:\Programmi\Web Accelerator\slipgui.exe O8 - Extra context menu item: Add to Kaspersky Anti-Banner - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programmi\WINnerTweakSE2\PopUp Blocker.exe O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - D:\Programmi\WINnerTweakSE2\PopUp Blocker.exe O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - D:\Programmi\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r (file missing) O23 - Service: ewido security suite control - ewido networks - D:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\Win32\RpcDataSrv.exe O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Programmi\SiSoftware\SiSoftware Sandra Lite 2007\RpcSandraSrv.exe

12-06-2006, 18:29	#2474
SerPaguroSniffa³ Bannato Iscritto dal: Oct 2004 Città: Verona Messaggi: 227	nessuno sa risolvere il mio problema? Logfile of HijackThis v1.99.1 Scan saved at 19.28.40, on 12/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Acer\eManager\anbmServ.exe C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe C:\Programmi\ewido anti-malware\ewidoctrl.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\Programmi\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Programmi\Synaptics\SynTP\SynTPLpr.exe C:\Acer\Empowering Technology\eRecovery\Monitor.exe C:\Programmi\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Programmi\Acer\Acer Arcade\PCMService.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\acer\epm\epm-dm.exe C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\Temp\oyna1.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Messenger\msmsgs.exe C:\DOCUME~1\Admin\IMPOST~1\Temp\Directory temporanea 7 per hijackthis.zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [LaunchApp] Alaunch O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [PCMService] "C:\Programmi\Acer\Acer Arcade\PCMService.exe" O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25 O17 - HKLM\System\CS1\Services\Tcpip\..\{035DB4F8-61C3-4799-9CF3-084EF24BB021}: NameServer = 193.70.152.25 193.70.192.25 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Programmi\Acer\Acer Arcade\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

12-06-2006, 18:34	#2476
andorra24 Senior Member Iscritto dal: May 2005 Città: Palermo Messaggi: 6390	SerPaguroSniffa³ fixa queste: C:\WINDOWS\Temp\oyna1.exe O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll O4 - HKLM\..\Run: [oyna1.exe] C:\WINDOWS\Temp\oyna1.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

12-06-2006, 18:42	#2478
SerPaguroSniffa³ Bannato Iscritto dal: Oct 2004 Città: Verona Messaggi: 227	ora gli ho eliminati..ma certi li avevo già eliminati e sono tornati..speriamo che ora funzioni

12-06-2006, 18:53	#2480
lucadue Senior Member Iscritto dal: Mar 2006 Città: Saluzzo (Cuneo) - Trattative ok: 51 Messaggi: 3656	disattiva il ripristino altrimenti ritornano x forza

Strumenti
Mostra una versione stampabile Invia questa pagina per email