Precedente :: Successivo |
Autore |
Messaggio |
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 09:28 Oggetto: Errore visualizzazione pagine Internet Explorer 7 |
|
|
Ciao a tutti.
Da un paio di giorni IE 7 mi da qualche problema di visualizzazione delle pagine. Alcuni siti si vedono senza problemi, altri mi dice "impossibile visualizzare la pagina web". Ad esempio "www.duka.it"
Ora visto che ogni tanto si apre anche un popup del sito "www.em.pc-on-internet.com" non vorrei che fosse questo il problema.
Ho provato con spybot e ad-aware ma non trovano niente.
Potete aiutarmi?
Ho scaricato anche Hijack This, vi posto il log:
Logfile of HijackThis v1.99.0
Scan saved at 10.26.13, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\USBIcon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\HP_Proprietario\Desktop\mirc\mirc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Proprietario\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7173C34-B6EB-40E2-A4B5-E369BFCA7E99}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
Grazie a tutti
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Giu 2007 09:36 Oggetto: |
|
|
Scarica una versione aggiornata di Hijackthis.
Avvia il pc in modalità provvisoria.
Avvia HijackThis
clicca su do a system scan only
metti il segno di spunta a queste voci:
Citazione: | O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O4 - HKCU\..\Run: [winlogin32] C:\WINDOWS\system32\winlogin32.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) |
clicca su fix checked
Riavvia il pc, rifai il log di hijackthis e ripostalo.
Oltre all'antivirus, ti consiglio di installare un firewall |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 11:07 Oggetto: fatto! |
|
|
Ho fatto come dici tu, questo è il nuovo file log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.02.13, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\USBIcon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\HP_Proprietario\Desktop\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7173C34-B6EB-40E2-A4B5-E369BFCA7E99}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 2: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2
Ho provato IE e mi da sempre lo stesso problema.
Che firewall mi consigli? mi da problemi con emule o mirc?
grazie
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Giu 2007 11:55 Oggetto: |
|
|
Ci sono da sistemare ancora un paio di voci:
Citazione: | O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Component 2: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2 |
Scarica questo.
Avvialo, metti il segno di spunta su Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty Selected
In questa maniera, abbiamo ripulito i files temporanei di windows e di internet explorer.
Scarica anche questo e scompattalo in una sua cartella non temporanea.
Avvialo
clicca su > > >
Clicca su Autostart
metti il segno di spunta a Show All
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.
Sempre nel programma appena scaricato (gmer),
clicca su Rootkit
clicca su Scan
al termine della scansione, clicca su Copy
Apri il blocco note e premi CTRL+V (oppure clicca su Modifica e poi su Incolla).
Salva il file e caricalo su http://www.freefilehosting.net
Posta qui il link che ti viene assegnato.
edit: mi stavo dimenticando del firewall
Puoi utilizzare PCtools (richiede registrazione gratuita). problemi con quei programmi non ne dovresti avere. Semplicemente, quando li avvii, il firewall ti chiederà se autorizzarli a comunicare con internet o meno.
Questa richiesta ti verrà fatta per tutti i programmi che necessitano di andare in internet (browser, antivirus, mirc, voip, p2p, etc...) |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 12:51 Oggetto: non funziona |
|
|
dunque... ho fixato le voci che mi hai detto e ti riposto il log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13.40.24, on 17/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\USBIcon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\HP_Proprietario\Desktop\HiJackThis_v2.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7173C34-B6EB-40E2-A4B5-E369BFCA7E99}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg
Per quanto riguarda il resto, ho scaricato ATF-Cleaner e fatto come dici tu ma gli altri link (gmer e www.freefilehosting.net) non mi funzionano. Fammi sapere...
Fabio |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 12:54 Oggetto: |
|
|
...retifico... non funziona solo il link "gmer"... sto tentando di scaricarlo con emule...
ciao |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 13:38 Oggetto: fatto! |
|
|
Son riuscito a scaricare "gmer" e a fare quello che mi hai chiesto:
il primo link assegnato è:
Direct Link: http://www.freefilehosting.net/download/MjI0MTU2
HTML Code: <a href="http://www.freefilehosting.net/files/MjI0MTU2">gmer.txt</a>
Forum Link: [URL="http://www.freefilehosting.net/files/MjI0MTU2"]gmer.txt[/URL]
il secondo link assegnato è:
Direct Link: http://www.freefilehosting.net/download/MjI0MTc2
HTML Code: <a href="http://www.freefilehosting.net/files/MjI0MTc2">gmer2.txt</a>
Forum Link: [URL="http://www.freefilehosting.net/files/MjI0MTc2"]gmer2.txt[/URL]
...IE continua a non visualizzarmi le solite pagine...
fammi sapere..
ciao e grazie
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Giu 2007 14:00 Oggetto: |
|
|
Scarica questo e scompattalo in una sua cartella.
Avvialo
clicca su input script manually
clicca la lente d'ingrandimento
inserisci queste righe:
Citazione: |
Files to delete:
c:\windows\system32\zkgjby.exe
C:\WINDOWS\system32\zkgjby.dat
C:\WINDOWS\system32\zkgjby_nav.dat
C:\WINDOWS\system32\zkgjby_navps.dat
C:\WINDOWS\Prefetch\ZKGJBY.EXE-24C9CE36.pf
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | zkgjbyc
|
clicca done
clicca il semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Posta qui il risultato dell'operazione, un log aggiornato di hijackthis e un nuovo log di gmer/autostart |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 14:13 Oggetto: ...non si apre il link |
|
|
...non si apre il link del programma... (avenger???)
ora vedo se lo scarico da emule...
ti so dire
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 17 Giu 2007 14:20 Oggetto: |
|
|
Te l'ho caricato su freefilehosting.
Vedi se funziona. |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 17 Giu 2007 14:25 Oggetto: non funziona |
|
|
ho cliccato sul link freefilehosting ma niente... solita pagina d'errore.
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 18 Giu 2007 07:38 Oggetto: |
|
|
bdoriano ha scritto: | Scarica questo e scompattalo in una sua cartella.
Avvialo
clicca su input script manually
clicca la lente d'ingrandimento
inserisci queste righe:
Citazione: |
Files to delete:
c:\windows\system32\zkgjby.exe
C:\WINDOWS\system32\zkgjby.dat
C:\WINDOWS\system32\zkgjby_nav.dat
C:\WINDOWS\system32\zkgjby_navps.dat
C:\WINDOWS\Prefetch\ZKGJBY.EXE-24C9CE36.pf
Registry values to replace with dummy:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | zkgjbyc
|
clicca done
clicca il semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Posta qui il risultato dell'operazione, un log aggiornato di hijackthis e un nuovo log di gmer/autostart |
Son riuscito a scaricare avenger, questo è il risultato:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\udlvosmj
*******************
Script file located at: \??\C:\ewhuqept.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File c:\windows\system32\zkgjby.exe deleted successfully.
File C:\WINDOWS\system32\zkgjby.dat deleted successfully.
File C:\WINDOWS\system32\zkgjby_nav.dat deleted successfully.
File C:\WINDOWS\system32\zkgjby_navps.dat deleted successfully.
File C:\WINDOWS\Prefetch\ZKGJBY.EXE-24C9CE36.pf deleted successfully.
Could not get size of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zkgjbyc
Replacement with dummy of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zkgjbyc failed!
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
questo è un nuovo log di hjackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8.33.18, on 18/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\tmpB.tmp.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\USBIcon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\HP_Proprietario\Desktop\pulizia\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7ddd93c1-a22b-4fad-a3f8-40aa56377b76} - C:\WINDOWS\system32\ati2oui.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [zkgjby] c:\windows\system32\zkgjby.exe zkgjby
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7173C34-B6EB-40E2-A4B5-E369BFCA7E99}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ati2oui - C:\WINDOWS\SYSTEM32\ati2oui.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: DomainService - - C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\tmpB.tmp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg
--
End of file - 8560 bytes
e questo di gmer:
http://www.freefilehosting.net/download/MjI2MTk0
l'ultima cosa che mi hai detto di fare non l'ho ancora fatta perchè devo scappare al lavoro... fammi sapere se devo farla!
ciao e grazie ancora.
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 18 Giu 2007 10:54 Oggetto: |
|
|
Ok. Abbiamo fatto un passo avanti!
Adesso il tuo ospite è allo scoperto.
Scarica atf-cleaner e salvalo sul desktop.
Disattiva il ripristino di sistema, visualizza i files nascosti e di sistema, avvia in modalità provvisoria
Esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci
Citazione: | O4 - HKLM\..\Run: [zkgjby] c:\windows\system32\zkgjby.exe zkgjby
O23 - Service: DomainService - - C:\DOCUME~1\HP_PRO~1\IMPOST~1\Temp\tmpB.tmp.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg |
clicca su fix checked
Avvia atf-cleaner
metti il segno di spunta su Select All
(se vuoi conservare i files del cestino, tira via il segno di spunta a recycle bin)
clicca su empty selected
riavvia il pc, rifai solo il log di hijackthis e ripostalo.
PS: i logs di gmer sono solitamente molto lunghi. Se vuoi inviarli, devi prima salvarli su http://www.freefilehosting.net e poi postare qui il link che ti viene assegnato. |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 19 Giu 2007 10:30 Oggetto: fatto! |
|
|
Ho seguito la procedura, ecco il nuovo log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.27.11, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\USBIcon.exe
C:\HP\KBD\KBD.EXE
C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\VM_STI.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Documents and Settings\HP_Proprietario\Desktop\pulizia\HiJackThis_v2.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7ddd93c1-a22b-4fad-a3f8-40aa56377b76} - C:\WINDOWS\system32\ati2oui.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar4.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MCI USB Icon] C:\WINDOWS\system32\USBIcon.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R220 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAIE.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB002" /M "Stylus Photo R220"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [EEventManager] C:\Programmi\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC315NC Webcam
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Guida alla connessione - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7173C34-B6EB-40E2-A4B5-E369BFCA7E99}: NameServer = 195.130.224.18,195.130.225.129
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ati2oui - ati2oui.dll (file missing)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/HP_PRO~1/IMPOST~1/Temp/msohtml1/01/clip_image001.jpg
--
End of file - 8360 bytes
per quanto riguarda il ripristino di sistema lo lascio disattivato?
attendo notizie x il seguito... grazie
FAbio |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 19 Giu 2007 12:53 Oggetto: |
|
|
questo non so che caspita è:
C:\WINDOWS\system32\ati2oui.dll..
in questo log te lo dà come (file missing), mentre nell'altro era attivo...
vedi se riesci a trovarlo quel file e caricalo su VirusTotal
metti qui il risultato |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 19 Giu 2007 21:07 Oggetto: non c'è! |
|
|
Orange ha scritto: | questo non so che caspita è:
C:\WINDOWS\system32\ati2oui.dll..
in questo log te lo dà come (file missing), mentre nell'altro era attivo...
vedi se riesci a trovarlo quel file e caricalo su VirusTotal
metti qui il risultato |
Ho cercato il file ma non c'è, c'è solo ati2oui.dns, comunque penso che faccia parte della scheda video (ati radeon)
In secondo luogo non mi visualizza neanche il sito www.virustotal.com !
....cos'altro si può fare?
a presto...
FAbio |
|
Top |
|
|
Orange Dio maturo
Registrato: 18/02/07 12:20 Messaggi: 2224 Residenza: Roma
|
Inviato: 19 Giu 2007 21:40 Oggetto: Re: non c'è! |
|
|
fabioscarpa ha scritto: | Ho cercato il file ma non c'è, c'è solo ati2oui.dns, comunque penso che faccia parte della scheda video (ati radeon) | mmmm... dici??
anche ati2oui.dns mi sembra strano...
fai una bella scansione on-line con Kaspersky.
così vediamo cos'altro c'è. |
|
Top |
|
|
fabioscarpa Mortale devoto
Registrato: 17/06/07 09:05 Messaggi: 17
|
Inviato: 20 Giu 2007 12:08 Oggetto: fatto! |
|
|
Ok, ho fatto la scansione con Kaspersky e questo è il risultato:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, June 20, 2007 1:00:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/06/2007
Kaspersky Anti-Virus database records: 349391
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
K:\
L:\
M:\
N:\
O:\
Scan Statistics:
Total number of scanned objects: 147640
Number of viruses found: 7
Number of infected objects: 10 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:41
Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/zkgjby.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.gen skipped
C:\avenger\backup.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Microsoft\Modelli\Normal.dot Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Dati applicazioni\Microsoft\Word\STARTUP\FineReader8.dot Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\ESAME PER GPG.doc Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\mirc\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.602 skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL0710.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL1817.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL1949.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL2065.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL2143.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Desktop\~WRL3392.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\ApplicationHistory\cli.exe.af01e8cc.ini.inuse Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Identities\{38F37FA6-EA37-4102-A2B9-9CF877729DC8}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Identities\{38F37FA6-EA37-4102-A2B9-9CF877729DC8}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Identities\{38F37FA6-EA37-4102-A2B9-9CF877729DC8}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Identities\{38F37FA6-EA37-4102-A2B9-9CF877729DC8}\Microsoft\Outlook Express\Posta in arrivo.dbx Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Perflib_Perfdata_4bc.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\Perflib_Perfdata_a6c.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF2C79.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF3162.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF328F.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF4917.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF5217.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF5228.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DF7415.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DFBAF2.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~DFCA0F.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temp\~WRS0001.tmp Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\HP_Proprietario\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\HP_Proprietario\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Impostazioni locali\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
C:\Programmi\ESET\cache\CACHE.NDB Object is locked skipped
C:\Programmi\ESET\logs\virlog.dat Object is locked skipped
C:\Programmi\ESET\logs\warnlog.dat Object is locked skipped
C:\Programmi\Philips\Philips SPC315NC Webcam\MioNet\install_MioNet_ver1_6_11.exe/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped
C:\Programmi\Philips\Philips SPC315NC Webcam\MioNet\install_MioNet_ver1_6_11.exe CreateInstall: infected - 1 skipped
C:\Programmi\Servizi in linea\Interfree\HP300sp5.exe/data0003 Infected: not-a-virus:Dialer.Win32.InterDialer.a skipped
C:\Programmi\Servizi in linea\Interfree\HP300sp5.exe Inno: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{55F9242E-C9DE-4C67-8D71-2B97D9741B1B}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\HotTVPlayer.dll Infected: not-a-virus:Porn-Downloader.Win32.HotTV.a skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogin32.exe Infected: Backdoor.Win32.Bifrose.adz skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
vorrei chiederti anche se:
1- prima ho disabilitato il ripristino di sistema, lo posso riattivare?
2- io uso l'antivirus NOD32, mi sembra che non funzioni a dovere, che antivirus mi consiglieresti?
3- il tuo collega bdoriano mi ha consigliato di installare PCtools Firewall Plus, l'ho fatto ma a volte mi chiede se acconsento ad un programma di accedere ad internet, come faccio sapere se autorizzare o no? non sempre mette il nome del programma.
aspetto cmq tue notizie...
grazie dell'aiuto
FAbio |
|
Top |
|
|
bdoriano Amministratore
Registrato: 02/04/07 11:05 Messaggi: 14300 Residenza: 3° pianeta del sistema solare...
|
Inviato: 20 Giu 2007 13:40 Oggetto: |
|
|
Avvia avenger
clicca su input script manually
clicca la lente d'ingrandimento
inserisci queste righe:
Citazione: |
Files to delete:
C:\WINDOWS\system32\HotTVPlayer.dll
C:\WINDOWS\system32\winlogin32.exe |
clicca done
clicca il semaforo. Posta qui il risultato dell'operazione.
1 - Riattiva il ripristino di sistema.
2 - NOD32 è un buon antivirus (lo uso anch'io) e, come tutti i software, va mantenuto aggiornato. Che versione usi?
Per verificarlo:
- avvia il control center
- Strumenti di sistema nod32
- Informazioni
- sulla destra, verifica Informazioni sui componenti installati - versione: 2.xx.xx?
3 - il firewall è un programma che necessita di sapere quali programmi possono comunicare con internet. Per questo ti fa tutte quelle domande.
In base al programma che stai usando in quel momento, sta a te decidere se deve poter comunicare con internet o meno.
Qualche esempio:
leggo la posta - la prima volta che avvio outlook, il firewall mi chiede l'autorizzazione. La concedo.
navigo in internet - idem come sopra.
chatto usando mirc o skype o messenger o altro - idem come sopra.
qualsiasi altro programma (che non dovrebbe collegarsi ad internet) - il firewall domanda l'autorizzazione a comunicare con l'esterno. Alzo le antenne e, il più delle volte, non concedo l'autorizzazione. |
|
Top |
|
|
|
|
Non puoi inserire nuovi argomenti Non puoi rispondere a nessun argomento Non puoi modificare i tuoi messaggi Non puoi cancellare i tuoi messaggi Non puoi votare nei sondaggi
|
|