|
|||||||
|
|
|
 |
|
|
Strumenti |
18-07-2006, 21:41
|
#2841 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
http://www.pcreview.co.uk/startup/ru...de/Ptipbmf.php http://www.castlecops.com/s3140-rund...CacheMode.html |
|
|
|
|
18-07-2006, 22:37
|
#2842 | |
|
Senior Member
Iscritto dal: Jul 2005
Messaggi: 663
|
Quote:
 Ho 4 hd in 0+1, grazie
__________________
▲ Parlare di guerra non mi piace, è troppo audace, preferisco parlare di forze di pace ▲ lucamad79.leonardo.it ▲ Guida a Easy Boot ▲ RETEEEE!!! Cliccami e rivivi i mondiali Ciao Steve... |
|
|
|
|
|
19-07-2006, 19:13
|
#2843 |
|
Senior Member
Iscritto dal: Feb 2005
Messaggi: 351
|
E da mesi che non funziona la modalita' provvisoria, l'S.O in avvio normale e penso anche nelle altre modalita' funziona alla perfezione, velocissimo, nessun errore o riavvio. Mi piacerebbe capire perche' la modalita' provvisoria non funziona, non penso di avere virus, uso avast 4.7.844, zonealarm 6.1.744.001, spyware terminator 1.5.0.7.18 e ogni tanto fa anche un giretto ad-aware se 6, tutto sempre aggiornatissimo.
Qualche anima buona puo' controllarmi il log? Logfile of HijackThis v1.99.1 Scan saved at 20.06.54, on 19/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Microsoft Private Folder 1.0\PrfldSvc.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\ehome\ehtray.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe C:\Programmi\rapget111\rapget.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Free Download Manager\fdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Allway Sync\bin\syncappw.exe C:\Programmi\VisualTaskTips\VisualTaskTips.exe C:\Programmi\USDownloader\USDownloader.exe C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe C:\Programmi\Digisoft AntiDialer\AntiDialer.exe C:\Programmi\Xi\NetTransport 2\NetTransport.exe C:\Programmi\WellGet\WellGet.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\ciao\Documenti\new\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: SafeIE Utility - {B5D4581D-ED6A-4905-A267-25BAF7BE79C1} - C:\WINDOWS\system32\safeie.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Rapget] C:\Programmi\rapget111\rapget.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Allway Sync] "C:\Programmi\Allway Sync\bin\syncappw.exe" -m O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [USDownloader] "C:\Programmi\USDownloader\USDownloader.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe O4 - Startup: WellGet.lnk = C:\Programmi\WellGet\WellGet.exe O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe O4 - Global Startup: Net Transport.lnk = C:\Programmi\Xi\NetTransport 2\NetTransport.exe O8 - Extra context menu item: &Scarica tutto con WellGet - C:\Programmi\WellGet\nxall.htm O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica con WellGet - C:\Programmi\WellGet\nxcatch.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: WellGet - {35980F6E-A258-4E50-953D-813BB8556899} - C:\Programmi\WellGet\WellGet.exe O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{32316DFA-214D-4E41-820E-6F2679FDB41B}: NameServer = 85.37.17.41 85.38.28.83 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programmi\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) |
|
|
|
|
19-07-2006, 23:05
|
#2844 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
20-07-2006, 11:25
|
#2845 | |
|
Senior Member
Iscritto dal: Feb 2005
Messaggi: 351
|
Quote:
 Grazie comunque, spero di non avere mai bisogno della "modalita' provvisoria".... Logfile of HijackThis v1.99.1 Scan saved at 12.37.16, on 20/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Microsoft Private Folder 1.0\PrfldSvc.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\ehome\ehtray.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\IPM\Adsl\DataWay\dslstat.exe C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe C:\Programmi\Free Download Manager\fdm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Allway Sync\bin\syncappw.exe C:\Programmi\VisualTaskTips\VisualTaskTips.exe C:\Programmi\USDownloader\USDownloader.exe C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Programmi\Vidalia\vidalia.exe C:\Programmi\Digisoft AntiDialer\AntiDialer.exe C:\Programmi\Xi\NetTransport 2\NetTransport.exe C:\Programmi\Privoxy\privoxy.exe C:\WINDOWS\system32\dllhost.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\eHome\ehmsas.exe C:\Programmi\Mozilla Firefox 2 Beta 1\firefox.exe C:\Programmi\Mozilla Thunderbird\thunderbird.exe C:\Programmi\Tor\tor.exe C:\Documents and Settings\ciao\Documenti\new\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Programmi\Xi\NetTransport 2\NTIEHelper.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe O4 - HKLM\..\Run: [Zone Labs Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Allway Sync] "C:\Programmi\Allway Sync\bin\syncappw.exe" -m O4 - HKCU\..\Run: [VisualTaskTips] C:\Programmi\VisualTaskTips\VisualTaskTips.exe O4 - HKCU\..\Run: [USDownloader] "C:\Programmi\USDownloader\USDownloader.exe" O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia\vidalia.exe" O4 - Global Startup: Digisoft AntiDialer.lnk = C:\Programmi\Digisoft AntiDialer\AntiDialer.exe O4 - Global Startup: Net Transport.lnk = C:\Programmi\Xi\NetTransport 2\NetTransport.exe O4 - Global Startup: Privoxy.lnk = C:\Programmi\Privoxy\privoxy.exe O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Salva oggetto con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: Salva tutti gli oggetti con Net Transport - C:\Programmi\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{32316DFA-214D-4E41-820E-6F2679FDB41B}: NameServer = 85.37.17.41 85.38.28.83 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Programmi\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) Ultima modifica di fenomeno ita : 20-07-2006 alle 11:34. |
|
|
|
|
|
20-07-2006, 12:04
|
#2846 |
|
Senior Member
Iscritto dal: May 2006
Messaggi: 828
|
Questo è il mio log ma non ne capisco assolutamente nulla, ho letto un pò la guida presa da www.ilsoftware.it ma continuo a non saper interpretrare.
Qualcuno puo aiutarmi?  Logfile of HijackThis v1.99.1 Scan saved at 12.56.39, on 20/07/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AVPersonal\AVWUPSRV.EXE C:\WINDOWS\System32\CTSvcCDA.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE C:\Programmi\AVPersonal\AVGNT.EXE C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\QuickTime\qttask.exe C:\Program Files\Libero\Adsl\dslstat.exe C:\Program Files\Libero\Adsl\dslagent.exe C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\System32\devldr32.exe C:\Programmi\Creative\SBLive2k\Launcher\CTLauncher.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\WinZip\WZQKPICK.EXE C:\WINDOWS\System32\wuauclt.exe C:\Programmi\Internet Explorer\iexplore.exe C:\hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Libero R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F1 - win.ini: load=c:\01comm32\bin\01comm32.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Speed racer] C:\Programmi\Creative\SBLive2k\PlayCenter\CTSRReg.exe O4 - HKLM\..\Run: [EPSON Stylus C44 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C44 Series" /O6 "USB001" /M "Stylus C44" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [AVGCtrl] "C:\Programmi\AVPersonal\AVGNT.EXE" /min O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Libero\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Libero\Adsl\dslagent.exe O4 - HKLM\..\Run: [mmtask] "C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" O4 - HKLM\..\Run: [AudioHQ] C:\Programmi\Creative\SBLive2k\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [Creative Launcher] C:\Programmi\Creative\SBLive2k\Launcher\CTLauncher.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Avvio veloce di Microsoft Office OneNote 2003.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.skymasters.biz O15 - Trusted Zone: www.yeak.net O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E8AC5884-F0B7-43BD-B286-CD7EABAB396E}: NameServer = 193.70.152.15 193.70.152.25 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Programmi\AVPersonal\AVGUARD.EXE O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Programmi\AVPersonal\AVWUPSRV.EXE O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe |
|
|
|
|
20-07-2006, 12:16
|
#2847 |
|
Senior Member
Iscritto dal: Jan 2002
Messaggi: 1574
|
Mi date un'occhiata per cortesia? ho un trojan (R3)che continua a cancellare ma torna inesorabilmente.Ho fatto anche scansioni con Ewido....grazie.
Logfile of HijackThis v1.98.0 Scan saved at 13.09.25, on 20/07/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Messenger\msmsgs.exe C:\programmi\voipstunt.com\voipstunt\voipstunt.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\SkypeLink\SkypeLink.exe C:\Programmi\Logitech\MouseWare\system\em_exec.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\ewido\security suite\ewidoguard.exe D:\CRYPTY\45bE\emule.exe D:\Programmi\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - Default URLSearchHook is missing O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Class - {130A1E45-0FFA-FB8C-8225-7AA014172B28} - C:\WINDOWS\xnwfl1.dll (file missing) O2 - BHO: Class - {45F75B15-DEB8-AE47-F241-A6C23078704D} - C:\WINDOWS\xnwfl1.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [VoipStunt] "C:\programmi\voipstunt.com\voipstunt\voipstunt.exe" -nosplash -minimized O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [SkypeLink] C:\Programmi\SkypeLink\SkypeLink.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{79DC17F0-18EF-4789-A331-7CF4DA805D08}: NameServer = 62.94.0.1,62.94.0.2 O17 - HKLM\System\CS1\Services\Tcpip\..\{79DC17F0-18EF-4789-A331-7CF4DA805D08}: NameServer = 62.94.0.1,62.94.0.2 O17 - HKLM\System\CS2\Services\Tcpip\..\{79DC17F0-18EF-4789-A331-7CF4DA805D08}: NameServer = 62.94.0.1,62.94.0.2
__________________
Corsair RM650 - Asus Prime B550 plus - AMD Ryzen 5 5600X - Corsair Vengeance RGB PRO 16 GB - GeForce2070 RTX ROg Strix - Crucial Mx300 525 GB SATA 3 - LiteOn LH-20A1H - Pioneer 212D -ASUS TUF Gaming VG27AQ1A (2560x1440)- - Win 11 - LG OLED 65CX - Audio analogue maestro - Snell Tower - ---> Half-Life Club <--- |
|
|
|
|
20-07-2006, 12:40
|
#2848 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
pierotten fixa queste voci:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.skymasters.biz O15 - Trusted Zone: www.yeak.net |
|
|
|
|
20-07-2006, 12:43
|
#2849 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
viemme52 fixa:
R3 - Default URLSearchHook is missing O2 - BHO: Class - {130A1E45-0FFA-FB8C-8225-7AA014172B28} - C:\WINDOWS\xnwfl1.dll (file missing) O2 - BHO: Class - {45F75B15-DEB8-AE47-F241-A6C23078704D} - C:\WINDOWS\xnwfl1.dll (file missing) |
|
|
|
|
20-07-2006, 13:38
|
#2850 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
20-07-2006, 16:58
|
#2851 | |
|
Junior Member
Iscritto dal: Dec 2005
Messaggi: 15
|
Quote:
Grazie Andorra 
|
|
|
|
|
|
22-07-2006, 18:50
|
#2852 |
|
Member
Iscritto dal: Jul 2006
Messaggi: 248
|
Ciao a tutti! scusate se ho messo un titolo poco chiaro , ma a causa della natura del problema non sono riuscito a trovare un titolo che spiegasse bene cosa mi sta succedendo.
Da qualche settimana mi ritrovo a dover lottare contro finestre del browser che aprono da sole verso siti commerciali di suonerie , ebay , ricerca e molti altri...Le ho provate tutte , i vari spybot , ad aware , ewido , e vi giuro tutti quelli che esistono..Alla fine im sono deciso a formattare tutto con la certezza di risolvere..ebbene amici...Oggi ho formattato , ma i problemi continuano a presentarsi..ho formattato due volte , ma non ci ho concluso niente..il pc e' lento , le pagine del broser sono lente da scorrere e si aprono decine di finestre verso siti di vario genere... io mi domando..com'e' possibile che dopo la formattazione continuano a presentarsi problemi di questo tipo? dove risiedono i vari malware , spyware , troyan , downloader e chi piu' ne ha piu' ne metta? Per facilitarvi ad aiutarmi e per velocizzare i tempi ho fatto gia una scansione con hijackthis , vi riporto di seguito i risultati.... Logfile of HijackThis v1.99.1 Scan saved at 19.29.00, on 22/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\rundll32.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE C:\Documents and Settings\Andrea Gallina\Impostazioni locali\Temp\Directory temporanea 2 per hijackthis[1].zip\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\dn4m01h1e.dll O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\lvn8095ue.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVh\command.exe (file missing) O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe ________________________ Spero che sappiate darmi una mano , perche' vi giuro che non ne posso piu'...Vorrei denunciare questi bastardi che mettono all'insaputa dell'utente sti caxxo di programmini...devono morire tutti!!! Grazie thread originale : http://www.hwupgrade.it/forum/showth...ght=hijackthis anche dopo il fix e il riavvio ho sempre gli stessi problemi |
|
|
|
|
22-07-2006, 18:52
|
#2853 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Allora le voci da fixare con hijackthis sono queste:
O20 - Winlogon Notify: RunOnceEx - C:\WINDOWS\system32\dn4m01h1e.dll O20 - Winlogon Notify: Syncmgr - C:\WINDOWS\system32\lvn8095ue.dll O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\QW5kcmVh\command.exe (file missing) Sei affetto dall'adware Look2me e devi rimuoverlo con questo tool: http://www.atribune.org/content/view/28/ Se la voce 023 non volesse andarsene con hijackthis prova cosi: start>esegui>sc stop cmdService>OK start>esegui>sc delete cmdService>OK Ultima modifica di andorra24 : 22-07-2006 alle 18:54. |
|
|
|
|
23-07-2006, 08:21
|
#2854 |
|
Senior Member
Iscritto dal: Dec 2004
Messaggi: 2608
|
Salve ragazzi, sono stato infettato da un cavallo di troia che mi fa crashare il firewall.
Adesso il cavallo di troia l'ho rimosso con kaspersky, ma il problema del firewall (sygate) che crasha è rimasto. Vi posto il log di HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 9.11.13, on 23/07/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\System32\GEARSec.exe C:\Programmi\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Aston\aston.exe C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Raxco\PerfectDisk\PDSched.exe C:\Aston\XP\internat.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Norton Ghost\Agent\GhostTray.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe C:\Programmi\Babylon\Babylon-Pro\Babylon.exe C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe C:\Programmi\common\Bin\WinCinemaMgr.exe C:\Programmi\Firefox\firefox\firefox.exe C:\Documents and Settings\Crash\Desktop\cureit.exe C:\DOCUME~1\Crash\IMPOST~1\Temp\RarSFX1\_start.exe C:\PROGRA~1\FREEDO~1\fdm.exe C:\Downloads\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti F2 - REG:system.ini: Shell=explorer.exe ,svchost.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe O4 - HKLM\..\Run: [9xadiras] 9xadiras.exe O4 - HKLM\..\Run: [2kadiras] 2kadiras.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Norton Ghost 10.0] "C:\Programmi\Norton Ghost\Agent\GhostTray.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Babylon Client] C:\Programmi\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [kav] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - Global Startup: DSLMON.lnk = C:\Programmi\ADSL\StarModem ADSL USB MODEM\DSLMON.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programmi\common\Bin\WinCinemaMgr.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica sito web con Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F8665CA2-178C-4C9E-839B-AE17778A11B3}: NameServer = 85.37.17.49 151.99.125.1 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: CLKERN.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: License Management Service ESD - Unknown owner - C:\Programmi\File comuni\element5 Shared\Service\Licence Manager ESD.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Programmi\Norton Ghost\Agent\VProSvc.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Window Dispaly System - Unknown owner - C:\WINDOWS\system32\lsays.exe (file missing) |
|
|
|
|
23-07-2006, 08:44
|
#2855 |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Fixa queste:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O23 - Service: Window Dispaly System - Unknown owner - C:\WINDOWS\system32\lsays.exe (file missing) Poi ci sarebbe questo crack che e' illegale ma suppongo che tu l'abbia messo coscientemente: O20 - AppInit_DLLs: CLKERN.DLL |
|
|
|
|
23-07-2006, 09:25
|
#2856 |
|
Senior Member
Iscritto dal: Dec 2004
Messaggi: 2608
|
Grazie per l'aiuto, ho fixato le voci e rimosso quel crack, ma il firewall mi continua a crashare.
 
|
|
|
|
|
23-07-2006, 09:31
|
#2857 |
|
Senior Member
Iscritto dal: Sep 2003
Messaggi: 346
|
Ragazzi, per favore potete dare un occhio a questo elemento trovato con HJThis e il suo tool Adsspy:
C:\WINDOWS\Prefetch\SYSTEM32 : QXWJG.EXE-0C38FDDC.pf (20386 bytes) ----------------------- Questa chiave so già cos'è, va eliminata, ma siccome è impossibile farlo col prog, magari spero abbiate qualche dritta O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file) |
|
|
|
|
23-07-2006, 09:46
|
#2858 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
|
|
|
|
23-07-2006, 09:49
|
#2859 | |
|
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
start>esegui>regedt32 >ok. Si apre l’editor del registro, cliccando sui + accanto alle singole voci segui questo percorso: HKEY_LOCAL_MACHINE\SOFTWARE\Micosoft\Windows\CurrentVersion\Explorer\Browser Helper Objects, individui la voce che ti interessa rimuovere(in gergo tecnico è un CLSID) ,clic con il tasto destro su di essa, sul menu che compare scegli Autorizzazioni, sulla finestra che si apre scegli Avanzate, vai su Proprietario e confermi ( evidenziando di solito il nome dell’utente del computer)con ok, torni sulla pagina precedente e consenti il controllo completo mettendo le relative spunte>ok. A quel punto, cliccando con il tastro dx del mouse sul CLSID e scegliendo Elimina se ne dovrebbe andare. . |
|
|
|
|
|
23-07-2006, 10:04
|
#2860 | |
|
Senior Member
Iscritto dal: Dec 2004
Messaggi: 2608
|
Quote:
Ho la vers 5.5, è andata sempre bene fino a 2 giorni fa quando ha iniziato a darmi questo problema, così ho pensato ad un virus ho fatto la scansione con kaspersky e mi ha trovato un cavallo di troia, e l'ho rimosso. Adesso il cavallo di troia il kasper non me lo rileva +, ma il prob del crash del sygate è rimasto.
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 04:44.
