| Precedente :: Successivo |
| Autore |
Messaggio |
Paolo333
Mortale adepto
Registrato: 17/09/06 21:37
Messaggi: 31
|
 Inviato: 25 Feb 2007 17:47 Oggetto: Problemi con Internet Explorer 6 |
 |
|
Un ciao a tutti,
ho dei problemi nel visualizzare le pagine di internet explorer poco dopo l'avvio del PC
Non so se sia dovuto a NORTON, comunque recentemente mi è successo che a seguito dell'installazione di un applicazione, che ho poi rimosso, ho poi dovuto procedere a reinstallare IE6 poichè mi dava "errore negli script della pagina" e poi non riuscivo a fare la scansione antivirus
Giorni fa comunque, lo stesso Norton mi ha avvisato improvvisamente di procedere alla reinstallazione del Norton Antivirus per presunti conflitti.
Il messaggio non è poi più apparso e ora funziona regolarmente
Grazie.
Posto il log:
Logfile of HijackThis v1.99.1
Scan saved at 04:30:10 PM, on 2/25/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\Linksts.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\D4\D4.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\internat.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Documents and Settings\Max1\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINNT\system32\cyohfeii.dll (file missing)
O2 - BHO: (no name) - {BCC7749B-F15E-44C1-8B7C-711C983E5253} - C:\WINNT\system32\awtqo.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .aspx: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: awtqo - C:\WINNT\system32\awtqo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe |
|
| Top |
|
 |
Smjert
Dio maturo
Registrato: 01/04/06 18:19
Messaggi: 1619
Residenza: Perso nella rete
|
| Inviato: 25 Feb 2007 19:15 Oggetto: |
|
|
Molto probabilmente hai il Trojan Vundo.
Avvia HijackThis, premi Do a system scan only, spunta queste voci e poi premi FixChecked:
| Citazione: | O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINNT\system32\cyohfeii.dll (file missing)
O2 - BHO: (no name) - {BCC7749B-F15E-44C1-8B7C-711C983E5253} - C:\WINNT\system32\awtqo.dll (file missing)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O20 - Winlogon Notify: awtqo - C:\WINNT\system32\awtqo.dll (file missing) |
Prova a scaricare il removal tool del Vundo.
Mettilo sul desktop e avvialo.
Quando ti si apre premi su Scan for Vundo.
Quando ha finito la scansione premi su Remove Vundo.
Ti chiederà se vuoi rimuovere i files, tu rispondi YES
Quando cliccherai yes il desktop diventerà bianco perchè il VundoFix inizierà a rimuovere i files.
Quando avrà finito ti chiederà se può riavviare il pc, premi OK.
Posta un nuovo log di HijackThis. |
|
| Top |
|
|
Paolo333
Mortale adepto
Registrato: 17/09/06 21:37
Messaggi: 31
|
| Inviato: 26 Feb 2007 09:48 Oggetto: |
|
|
Ho fatto come hai suggerito, ma lo Scan di Vundo non ha rilevato nulla
Ecco il nuovo log di HijackThis
Logfile of HijackThis v1.99.1
Scan saved at 08:45:05 AM, on 2/26/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\Linksts.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\D4\D4.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\internat.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Documents and Settings\Max1\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .aspx: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: awtqo - C:\WINNT\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 27 Feb 2007 11:52 Oggetto: |
|
|
ciao
per il Vundo prova anche con questo TOOL di Simantec
se non funziona il tool procedi con la rimozione manuale
Start /Esegui digita regedit/ OK
trova e cancella le seguenti sottochiavi:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\awtqo.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} |
|
| Top |
|
|
Paolo333
Mortale adepto
Registrato: 17/09/06 21:37
Messaggi: 31
|
| Inviato: 01 Mar 2007 11:56 Oggetto: |
|
|
| Orange ha scritto: | ciao
per il Vundo prova anche con questo TOOL di Simantec
se non funziona il tool procedi con la rimozione manuale
Start /Esegui digita regedit/ OK
trova e cancella le seguenti sottochiavi:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Notify\awtqo.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44240BB5-BD7D-4D49-A1AA-8AB0F3D3CB44} |
Grazie,
Ho utilizzato il toll di Simantec, ma non ho capito bene se lo ha solo neutralizzato o rimosso come dice
Per quanto riguarda le sottochiavi che mi hai detto di cancellare non ci sono, forse perchè sono state rimosse dal tool di Simantec?
 |
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 01 Mar 2007 12:53 Oggetto: |
|
|
ciao
conosci un'po l'inglese? guarda questo che consiglia sempre Simantec:
http://www.symantec.com/security_response/writeup.jsp?docid=2004-112111-3912-99&tabid=3
(ti serve il punto 5)
se hai le domande con la traduzione rivolgiti pure a me
per altri problemi con Vundo credo che dovrai aspettare l'illustre Smjert...  |
|
| Top |
|
|
Paolo333
Mortale adepto
Registrato: 17/09/06 21:37
Messaggi: 31
|
| Inviato: 03 Mar 2007 08:42 Oggetto: |
|
|
Scusate, ma è tutto a posto?
Grazie
| Citazione: | Logfile of HijackThis v1.99.1
Scan saved at 07:40:08 AM, on 3/3/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\Linksts.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\D4\D4.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\internat.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\system32\taskmgr.exe
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Max1\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .aspx: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: awtqo - C:\WINNT\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
|
|
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 03 Mar 2007 15:13 Oggetto: |
|
|
ciao!
| Citazione: | | Scusate, ma è tutto a posto? |
no, non ancora
Avvia il PC in modalità provvisoria, avvia HiJack, seleziona "Do a sistem scan only", metti la spunta a queste voci e premi "Fix checked"
O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O20 - Winlogon Notify: awtqo - C:\WINNT\
scarica THE AVENGER e decomprimilo sul desktop.
con un doppio click avvia il file avenger.exe
Seleziona "Input Script Manually"
Clicca sulla lente di ingrandimento
Nella finestra che si aprirà "View/edit script"
copia / incolla quanto segue:
| Codice: | Registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C2763D3-6EAC-4F41-81E7-BD51BC5F0620}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C}
files to delete:
C:\WINNT\system32\awtqo.dll |
al termine posta il log di Avenger e uno aggiornato di HiJack |
|
| Top |
|
|
Paolo333
Mortale adepto
Registrato: 17/09/06 21:37
Messaggi: 31
|
| Inviato: 03 Mar 2007 19:04 Oggetto: |
|
|
Ciao
Niente da fare....ma ci sono o non ci sono questi residui?
| Citazione: | Logfile of HijackThis v1.99.1
Scan saved at 06:02:05 PM, on 3/3/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\mgabg.exe
C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\soundman.exe
C:\WINNT\system32\Linksts.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Programmi\D4\D4.exe
C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\notepad.exe
C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\Alice\ALICEE~1\app\EnterNet.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Max1\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ISDN Monitor] Linksts.exe W 1024
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Update] C:\Programmi\AntiVir PersonalEdition Classic\preupd.exe /CALLSCHEDULER /DM="0" /CALLSCHEDULER
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Dimension4] C:\Programmi\D4\D4.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Programmi\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O12 - Plugin for .aspx: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} -
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} -
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://esignaltraining.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {E84D31FB-302A-4F6D-86F7-94A685E9672B} (CQGGUID.GUIDGenerator) - https://www.cqgtrader.com/Global/CQGGUID.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O20 - Winlogon Notify: awtqo - C:\WINNT\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Programmi\Norton Internet Security\comHost.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINNT\system32\mgabg.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\Alice\ALICEE~1\app\pppoeservice.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Programmi\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
|
| Citazione: | Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ffiajasj
*******************
Script file located at: \??\C:\Program Files\cotrfcqx.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINNT\system32\awtqo.dll not found!
Deletion of file C:\WINNT\system32\awtqo.dll failed!
Could not process line:
C:\WINNT\system32\awtqo.dll
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C2763D3-6EAC-4F41-81E7-BD51BC5F0620} failed!
Status: 0xc0000034
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B7672BAF-E9A3-49B6-86B2-C81719A18A4C} failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
|
|
|
| Top |
|
|
Orange
Dio maturo
Registrato: 18/02/07 13:20
Messaggi: 2224
Residenza: Roma
|
| Inviato: 07 Mar 2007 17:01 Oggetto: |
 |
|
ciao, scusa per il ritardo..
prova ad eliminare i file con KILLBOX
Inserisci il percorso completo in Full Path: C:\WINNT\system32\awtqo.dll
poi seleziona DELETE ON REBOOT
e clicca sulla X rotonda a destra |
|
| Top |
|
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
