|
|
|
|
Strumenti |
22-10-2005, 12:20 | #301 |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O20 - Winlogon Notify: iexplore - C:\WINDOWS\SYSTEM32\1smle.dll O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm installati il service parck 2 |
23-10-2005, 08:43 | #302 |
Senior Member
Iscritto dal: Apr 2002
Città: Roma
Messaggi: 3022
|
ECCOLO, MA CHE C'ENTRA CON IL VIRUS ?
Logfile of HijackThis v1.99.1 Scan saved at 9.40.01, on 23/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe C:\Programmi\ASUS\Probe\AsusProb.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\PROGRA~1\MICROS~4\rapimgr.exe C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\McAfee\McAfee VirusScan\VsStat.exe C:\Programmi\McAfee\McAfee VirusScan\Vshwin32.exe C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe C:\Programmi\McAfee\McAfee VirusScan\Avconsol.exe C:\Programmi\Azureus\Azureus.exe C:\Programmi\Java\jre1.5.0_04\bin\javaw.exe C:\WINDOWS\System32\svchost.exe C:\Downloads\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot\SDHelper.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Programmi\McAfee\McAfee VirusScan\VSCShellExtension.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ASUS Probe] C:\Programmi\ASUS\Probe\AsusProb.exe O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Programmi\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti nel file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm O8 - Extra context menu item: Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Programmi\McAfee\McAfee VirusScan\Avsynmgr.exe O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe O23 - Service: McShield - Unknown owner - C:\Programmi\File comuni\Network Associates\McShield\Mcshield.exe
__________________
Case: Coolermaster H500P mesh white | Ali: Antec NEO-ECO 620C | CPU: Ryzen 7 5700x | Motherboard: Gigabyte X470 Aorus gaming 7 wifi Rev. 1.1| RAM: GSkill 2x8 GB Flare X CL14 | Graphics: Zotac 1660 super 6GB AMP | SSD: Samsung 970 plus | HD: Seagate 1TB+1TB+1TB | Printer: Ricoh | Speaker: Creative stage 2.1 | Keyboard: Microsoft Comfort Curve 2000 | Mouse: Logitech M705 | Monitor: Philips 275E 2k 75hz |
23-10-2005, 08:55 | #303 |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Centra perchè permette di vedere tutto ciò che è in esecuzione sul tuo pc.
Dal tuo log mi salta all'occhio questo O23 - Service: COM+ Alerter Service - Unknown owner - C:\WINDOWS\system32\altsvc.exe direi di fixarlo (lo selezioni e clicchi sul pulsante fix).
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
23-10-2005, 10:29 | #304 |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
per il resto sembra tutto ok |
23-10-2005, 11:26 | #305 |
Bannato
Iscritto dal: Dec 2004
Città: Salerno
Messaggi: 2770
|
Ragazzi ho un problema mi si aprono continuamente finestre tipo queste:
Poi da quando ho questo problema dopo essermi connesso mi da anche questo errore dll: Ho provato con Ad Aware PE , Spy Bot Sherch e Destroy, e Pest Patrol tutto aggiornato all'ultima versione + ovviamente la scansione col Norton 2005 ma niente.......ho cancellato tutto il cancellabile ma ste finestre si aprono ancora Ho provato a fare la scansione col norton anche da modalita provv col ripristino di sistema disattivato ma niente........ Ecco il report di HijackThis: Logfile of HijackThis v1.99.1 Scan saved at 12.09.10, on 23/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Mixer.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\PROGRA~1\Webshots\webshots.scr C:\Documents and Settings\Mordalo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SpyHunter] C:\Programmi\SpyHunter\SpyHunter.exe O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124251981371 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37380.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\o0lu0a39ed.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe HELPPPPPPPPPPPPPPPPPPPPPPPP e pensare ke è tutta colpa di mio fratello ke l'ha bekkato uffffffff |
23-10-2005, 11:31 | #306 |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
devi semplicemente disabilitare messenger dai servizi di windows e usare un firewall
|
23-10-2005, 13:01 | #307 | |
Bannato
Iscritto dal: Dec 2004
Città: Salerno
Messaggi: 2770
|
Quote:
Ultima modifica di Kevin[clod] : 23-10-2005 alle 13:07. |
|
23-10-2005, 13:06 | #308 | |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
Quote:
|
|
23-10-2005, 13:10 | #309 | |
Bannato
Iscritto dal: Dec 2004
Città: Salerno
Messaggi: 2770
|
Quote:
ho provato a fixare queste 2 voci + volte O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pr...canner37380.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/m...pdownloader.cab ma quando faccio lo scan di nuovo esse persistono.....sono sempre li' questo invece: O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll come lo vedi? Ultima modifica di Kevin[clod] : 23-10-2005 alle 13:29. |
|
23-10-2005, 17:08 | #310 |
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6383
|
ma quei 2 non devi neanche fixarli
|
23-10-2005, 19:35 | #311 |
Bannato
Iscritto dal: Dec 2004
Città: Salerno
Messaggi: 2770
|
si infatti........ho provato anche con ewido, ha tolto molta roba.....mi sembra ke le finestre non si aprono + ma l'errore all'inizio persiste......ho trovato questo file in C:\WINDOWS\system32\drivers\etc che si kiama hosts e questo è il suo contenuto aperto con notepad.....ci sono i siti ke si aprivano, se li cancello da notepad partendo dal primo all'ultimo dopo 2 secondi si ricreano..........helppppppp
# Copyright (c) 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost 127.0.0.1 www.igetnet.com 127.0.0.1 code.ignphrases.com 127.0.0.1 clear-search.com 127.0.0.1 r1.clrsch.com 127.0.0.1 sds.clrsch.com 127.0.0.1 status.clrsch.com 127.0.0.1 www.clrsch.com 127.0.0.1 clr-sch.com 127.0.0.1 sds-qckads.com 127.0.0.1 status.qckads.com 127.0.0.1 www.qoolaid.com 127.0.0.1 www.qoologic.com 127.0.0.1 www.CLKPrecision.com 127.0.0.1 www.urllogic.com 127.0.0.1 www.clkoptimizer.com 127.0.0.1 www.isearch.com 127.0.0.1 isearch.com 127.0.0.1 www.idownload.com 127.0.0.1 idownload.com 127.0.0.1 www.mytotalsearch.com 127.0.0.1 mytotalsearch.com 127.0.0.1 www.lop.com 127.0.0.1 lop.com 127.0.0.1 www.websearch.com 127.0.0.1 websearch.com 127.0.0.1 www.page-not-found.net 127.0.0.1 page-not-found.net 127.0.0.1 www.isearchhere.com 127.0.0.1 isearchhere.com 127.0.0.1 xads.offeroptimizer.comm 127.0.0.1 search.offeroptimizer.com 127.0.0.1 ximages.offeroptimizer.com 127.0.0.1 xlime.offeroptimizer.com 127.0.0.1 xadsj-o.offeroptimizer.com 127.0.0.1 xadsj.offeroptimizer.com 127.0.0.1 www.offeroptimizer.com 127.0.0.1 as.adwave.com 127.0.0.1 sr.adwave.com 127.0.0.1 www.adwave.com 127.0.0.1 adwave.com EVENT:HOST:127.0.0.1 |
23-10-2005, 19:56 | #312 |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Nel tuo log di hijackthis prova a fixare questa voce
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\o0lu0a39ed.dll poi fai una scansione con ewido http://www.ewido.net/en/ Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
23-10-2005, 20:29 | #313 |
Bannato
Iscritto dal: Dec 2004
Città: Salerno
Messaggi: 2770
|
ho fixato quella voce ma se ne ricrea un'altra ecco il nuovo log:
Logfile of HijackThis v1.99.1 Scan saved at 21.26.07, on 23/10/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe C:\Programmi\ewido\security suite\ewidoctrl.exe C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Mixer.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Mordalo\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton SystemWorks\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\Launcher.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Programmi\VisualRoute\vrie.dll O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124251981371 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37380.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{835E4C94-429C-4474-AD8F-C00F50DD6266}: NameServer = 62.211.69.150 212.48.4.15 O17 - HKLM\System\CS1\Services\Tcpip\..\{835E4C94-429C-4474-AD8F-C00F50DD6266}: NameServer = 62.211.69.150 212.48.4.15 O20 - Winlogon Notify: Boot - C:\WINDOWS\system32\n62ulgf9162.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton SystemWorks\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe X quanto riguarda il prob del file ke si ricreava e delle finestre ke si aprivano ho risolto.......il problemi rimasti sono soltanto dei dll e dei tmp ke non mi fa cancellare xkè sono già in uso.....neanche con ewido, ekkoli: poi c'è anke questo pedx5016.dll C:\WINDOWS\system32 sempre trovato da ewido in modalità provissoria ke cmq non si riesce a cancellare uffffffff |
23-10-2005, 21:18 | #314 | |
Junior Member
Iscritto dal: Jan 2004
Messaggi: 8
|
Ecco il log di HiJackThis (per i problemi, vedere qui ) .
Ecco lì in prima fila (gli R1-R0 e poi O1) il sito truffaldino che mi compariva ovunque, e penso ecco lì spiegato perchè le ricerche con google erano sballate. Ora come posso procedere, secondo voi? Quote:
__________________
Busko Niubbo impenitente! Ultima modifica di Busko : 23-10-2005 alle 21:22. |
|
23-10-2005, 21:37 | #315 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.file-webber.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank Fixa tutti gli 01 O2 - BHO: (no name) - {9E0D2E2A-373F-4FDE-AC57-E9292D6FB7A7} - C:\WINDOWS\SYSTEM\BJHG.DLL (file missing) O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\SYSTEM\winlogin.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) |
|
23-10-2005, 21:38 | #316 |
Junior Member
Iscritto dal: Jan 2004
Messaggi: 8
|
Ricevuto. Grazie infinite
__________________
Busko Niubbo impenitente! |
23-10-2005, 21:45 | #317 |
Junior Member
Iscritto dal: Jan 2004
Messaggi: 8
|
Azz...il problema persiste.
Cancellato tutte le entrate che mi hai consigliato, ma se visito certe pagine (io ho provato, per esempio, www.mozilla.org) mi ritrovo nella pagina truffaldina.
__________________
Busko Niubbo impenitente! |
23-10-2005, 21:48 | #318 | |
Senior Member
Iscritto dal: May 2005
Città: Palermo
Messaggi: 6390
|
Quote:
|
|
23-10-2005, 22:20 | #319 | |
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
http://www.pchell.com/support/look2me.shtml
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
23-10-2005, 22:24 | #320 |
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28661
|
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.file-webber.de R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.file-webber.de R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/spage.html O1 - Hosts: 195.158.172.121 www.file-webber.de O1 - Hosts: 195.158.172.121 file-webber.de O1 - Hosts: 195.158.172.121 www-google.ae O1 - Hosts: 195.158.172.121 www-google.as O1 - Hosts: 195.158.172.121 www-google.at O1 - Hosts: 195.158.172.121 www-google.au O1 - Hosts: 195.158.172.121 www-google.bi O1 - Hosts: 195.158.172.121 www-google.br O1 - Hosts: 195.158.172.121 www-google.ca O1 - Hosts: 195.158.172.121 www-google.cc O1 - Hosts: 195.158.172.121 www-google.cd O1 - Hosts: 195.158.172.121 www-google.cg O1 - Hosts: 195.158.172.121 www-google.ch O1 - Hosts: 195.158.172.121 www-google.cl O1 - Hosts: 195.158.172.121 www-google.co.cr O1 - Hosts: 195.158.172.121 www-google.co.gg O1 - Hosts: 195.158.172.121 www-google.co.hu O1 - Hosts: 195.158.172.121 www-google.co.il O1 - Hosts: 195.158.172.121 www-google.co.in O1 - Hosts: 195.158.172.121 www-google.co.je O1 - Hosts: 195.158.172.121 www-google.co.jp O1 - Hosts: 195.158.172.121 www-google.co.kr O1 - Hosts: 195.158.172.121 www-google.co.ls O1 - Hosts: 195.158.172.121 www-google.co.nz O1 - Hosts: 195.158.172.121 www-google.com O1 - Hosts: 195.158.172.121 www-google.com.ae O1 - Hosts: 195.158.172.121 www-google.com.au O1 - Hosts: 195.158.172.121 www-google.com.ca O1 - Hosts: 195.158.172.121 www-google.com.do O1 - Hosts: 195.158.172.121 www-google.com.fj O1 - Hosts: 195.158.172.121 www-google.com.gr O1 - Hosts: 195.158.172.121 www-google.com.ly O1 - Hosts: 195.158.172.121 www-google.com.mt O1 - Hosts: 195.158.172.121 www-google.com.my O1 - Hosts: 195.158.172.121 www-google.com.nf O1 - Hosts: 195.158.172.121 www-google.com.ni O1 - Hosts: 195.158.172.121 www-google.com.pa O1 - Hosts: 195.158.172.121 www-google.com.pe O1 - Hosts: 195.158.172.121 www-google.com.pk O1 - Hosts: 195.158.172.121 www-google.com.pr O1 - Hosts: 195.158.172.121 www-google.com.py O1 - Hosts: 195.158.172.121 www-google.com.ru O1 - Hosts: 195.158.172.121 www-google.com.sg O1 - Hosts: 195.158.172.121 www-google.com.sv O1 - Hosts: 195.158.172.121 www-google.com.tr O1 - Hosts: 195.158.172.121 www-google.com.tw O1 - Hosts: 195.158.172.121 www-google.com.vc O1 - Hosts: 195.158.172.121 www-google.com.vn O1 - Hosts: 195.158.172.121 www-google.cr O1 - Hosts: 195.158.172.121 www-google.de O1 - Hosts: 195.158.172.121 www-google.dj O1 - Hosts: 195.158.172.121 www-google.do O1 - Hosts: 195.158.172.121 www-google.es O1 - Hosts: 195.158.172.121 www-google.fj O1 - Hosts: 195.158.172.121 www-google.fr O1 - Hosts: 195.158.172.121 www-google.gg O1 - Hosts: 195.158.172.121 www-google.gl O1 - Hosts: 195.158.172.121 www-google.gm O1 - Hosts: 195.158.172.121 www-google.gr O1 - Hosts: 195.158.172.121 www-google.hn O1 - Hosts: 195.158.172.121 www-google.hu O1 - Hosts: 195.158.172.121 www-google.ie O1 - Hosts: 195.158.172.121 www-google.il O1 - Hosts: 195.158.172.121 www-google.in O1 - Hosts: 195.158.172.121 www-google.it O1 - Hosts: 195.158.172.121 www-google.je O1 - Hosts: 195.158.172.121 www-google.jp O1 - Hosts: 195.158.172.121 www-google.kr O1 - Hosts: 195.158.172.121 www-google.kz O1 - Hosts: 195.158.172.121 www-google.ls O1 - Hosts: 195.158.172.121 www-google.lt O1 - Hosts: 195.158.172.121 www-google.lu O1 - Hosts: 195.158.172.121 www-google.lv O1 - Hosts: 195.158.172.121 www-google.ly O1 - Hosts: 195.158.172.121 www-google.mt O1 - Hosts: 195.158.172.121 www-google.mu O1 - Hosts: 195.158.172.121 www-google.mw O1 - Hosts: 195.158.172.121 www-google.my O1 - Hosts: 195.158.172.121 www-google.nf O1 - Hosts: 195.158.172.121 www-google.ni O1 - Hosts: 195.158.172.121 www-google.nl O1 - Hosts: 195.158.172.121 www-google.nz O1 - Hosts: 195.158.172.121 www-google.pa O1 - Hosts: 195.158.172.121 www-google.pe O1 - Hosts: 195.158.172.121 www-google.pk O1 - Hosts: 195.158.172.121 www-google.pl O1 - Hosts: 195.158.172.121 www-google.pn O1 - Hosts: 195.158.172.121 www-google.pr O1 - Hosts: 195.158.172.121 www-google.pt O1 - Hosts: 195.158.172.121 www-google.py O1 - Hosts: 195.158.172.121 www-google.ru O1 - Hosts: 195.158.172.121 www-google.rw O1 - Hosts: 195.158.172.121 www-google.se O1 - Hosts: 195.158.172.121 www-google.sg O1 - Hosts: 195.158.172.121 www-google.sh O1 - Hosts: 195.158.172.121 www-google.sk O1 - Hosts: 195.158.172.121 www-google.sm O1 - Hosts: 195.158.172.121 www-google.sv O1 - Hosts: 195.158.172.121 www-google.td O1 - Hosts: 195.158.172.121 www-google.tr O1 - Hosts: 195.158.172.121 www-google.tw O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\SYSTEM\winlogin.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE (file missing) Ultima modifica di juninho85 : 23-10-2005 alle 22:27. |
Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 23:11.