quando mi collego a tgm online
mi appare un msg con su scritto di scaricare java virtual machine ( che gia' ho), e' un probabile virus?
tra l'altro ho di nuovo il mio vecchio amico qwery1.exe, che non trovo di nuovo....ne con l'antivir ne con niente....
conoscete qualche programma freeware per sistemare il registro di windows?
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
mi appare un msg con su scritto di scaricare java virtual machine ( che gia' ho), e' un probabile virus?
tra l'altro ho di nuovo il mio vecchio amico qwery1.exe, che non trovo di nuovo....ne con l'antivir ne con niente....
conoscete qualche programma freeware per sistemare il registro di windows?
Come fai a sapere che ce l' hai ancora?
Sistemare il registro di Windows non significa granche'...
Re: quando mi collego a tgm online
e' un dialer, lo ritrovo con taskmanager, e' la terza volta che lo becco e ho sempre faticato a trovare dove si installa....
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
mi appare un msg con su scritto di scaricare java virtual machine ( che gia' ho), e' un probabile virus?
tra l'altro ho di nuovo il mio vecchio amico qwery1.exe, che non trovo di nuovo....ne con l'antivir ne con niente....
conoscete qualche programma freeware per sistemare il registro di windows?
ovviamente solita procedura ad aware spybot e ewido tutti rigorosamente da modalitą provvisoria.
posta il log di hijackthis.
Per sistemare il registro di win puoi usare regcleaner ammesso che tu intenda la stessa cosa che intendo io ossia cercare di alleggerirlo. :sisi:
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
e' un dialer, lo ritrovo con taskmanager, e' la terza volta che lo becco e ho sempre faticato a trovare dove si installa....
se č un dialer ed hai l'adsl non dovresti avere grossi problemi oltre ad eventuali disconnessioni. comunque basterebbe lanciare la ricerca con il cerca di windows abilitandola a trovare tutti i files nascosti e di sistema.
Re: quando mi collego a tgm online
infatti non mi crea problemi, pero' vorrei toglierlo....
Ho provato con una scansione online da Panda antivir e SORPESA il mio ANTIVIR mentre scaricavo gli activex mi ha segnalato un virus!!!! Quindi semmai fate attenzione....
Ma regcleaner non e' freeware...
Ah, sapete indicarmi un link per le istruzioni in italiano di agnitum outpost...???
Re: quando mi collego a tgm online
Re: quando mi collego a tgm online
posta anche un log di hijackthis.
Re: quando mi collego a tgm online
domani posto, ho fatto oggi una scansione con ewido e ho tolto molti trojan e un altro dialer ( che pero' non mi dava problemi....), ma non il fatidico qwery1 :O)
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
infatti non mi crea problemi, pero' vorrei toglierlo....
Ho provato con una scansione online da Panda antivir e SORPESA il mio ANTIVIR mentre scaricavo gli activex mi ha segnalato un virus!!!! Quindi semmai fate attenzione....
Ma regcleaner non e' freeware...
Ah, sapete indicarmi un link per le istruzioni in italiano di agnitum outpost...???
sicuro che non si trattasse di un falso positivo?
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
domani posto, ho fatto oggi una scansione con ewido e ho tolto molti trojan e un altro dialer ( che pero' non mi dava problemi....), ma non il fatidico qwery1 :O)
ok aspettiamo il tuo post allora.
Re: quando mi collego a tgm online
ecco lo scan di hjack:
Logfile of HijackThis v1.99.1
Scan saved at 13.51.48, on 26/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\atwtusb.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\Temp\qwrx1.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgmonline.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [qwrx1.exe] C:\WINNT\Temp\qwrx1.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O20 - Winlogon Notify: ATWinLog - C:\WINNT\SYSTEM32\ATWinLog.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
fammi sapere
Re: quando mi collego a tgm online
io fixerei:
-> C:\WINNT\Temp\qwrx1.exe
-> R3 - Default URLSearchHook is missing
-> O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
-> O4 - HKLM\..\Run: [qwrx1.exe] C:\WINNT\Temp\qwrx1.exe
-> O4 - Startup: PowerReg Scheduler.exe
-> O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
su questi ho un dubbio :???: :
-> O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
-> O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
-> O20 - Winlogon Notify: ATWinLog - C:\WINNT\SYSTEM32\ATWinLog.dll
Re: quando mi collego a tgm online
quelli su cui blue_tech ha dei dubbi li lascerei stare a eccezione di quella numero 20 :sisi:
Re: quando mi collego a tgm online
-> O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
Questo si puo' levare, sia perche' e' "missing", sia perche' non e' necessario al funzionamento di Outpost o IE, anzi, in caso di problemi porta IE a crashare sistematicamente.
Re: quando mi collego a tgm online
ok, quindi esattamente che devo fare?
scusate ma non sono pratico di hjack...
(infatti explore ultimamente a volte crasha....)
Re: quando mi collego a tgm online
Citazione:
Originariamente Scritto da
teoleo
ok, quindi esattamente che devo fare?
scusate ma non sono pratico di hjack...
(infatti explore ultimamente a volte crasha....)
Metti il segno di spunta vicino alle voci che ti abbiamo suggerito nei post precedenti e poi fai Fix Checked.
Le riporto qui sotto per comodita':
-> C:\WINNT\Temp\qwrx1.exe
-> R3 - Default URLSearchHook is missing
-> O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
-> O4 - HKLM\..\Run: [qwrx1.exe] C:\WINNT\Temp\qwrx1.exe
-> O4 - Startup: PowerReg Scheduler.exe
-> O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
-> O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Programmi\Agnitum\Outpost Firewall 1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
Re: quando mi collego a tgm online
ho fatto tutto ma non ho potuto fixare il primo della lista, xche per collegarmi ho dovuto uccire il qwerx1 da task manager e quando ho fatto lo scan con hjack non c'era, domani rifaccio e se c'e' lo fixo ( si scrive cosi?) :O)
Vi faccio sapere, grazie, anzi domani vi rimando il log....
Ma sto qwerx1 lo prendo solo io???
Re: quando mi collego a tgm online
allora questo e' lo scan di oggi ( faccio presente che quando mi collego mi chiede sempre di scaricare java virtual machine) :
Logfile of HijackThis v1.99.1
Scan saved at 13.27.21, on 27/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\atwtusb.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgmonline.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Cerca con Google - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O20 - Winlogon Notify: ATWinLog - C:\WINNT\SYSTEM32\ATWinLog.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
Re: quando mi collego a tgm online
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} - C:\WINNT\nrxeg1.dll (file missing)
questi li fixerei al 100%
Re: quando mi collego a tgm online
fatto, per ora mi rimane il "problema" che mi chiede di scaricare il java virtual machine
Re: quando mi collego a tgm online
prova a installare la vm da qui
Re: quando mi collego a tgm online
questo e' lo scan finale, ma ho dovuto eliminare due volte gli ultimi problemi che mi hai detto, quindi domani ricontrollo x sicurezza:
Logfile of HijackThis v1.99.1
Scan saved at 17.32.39, on 28/10/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\system32\atwtusb.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\svchost.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.catlist.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tgmonline.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -
C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\downloaded program
files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\winnt\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher]
C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\System32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon]
"C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched]
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost
Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost
Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared
Files\CamTray.exe
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6
Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File
comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: &Cerca con Google -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Download with GetRight -
C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Link a ritroso -
res://c:\winnt\downloaded program
files\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Open with GetRight Browser -
C:\Programmi\GetRight\GRbrowse.htm
O8 - Extra context menu item: Pagine simili - res://c:\winnt\downloaded
program files\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina -
res://c:\winnt\downloaded program files\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links -
{c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsu...n/x86/client/w
uweb_site.cab?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX
Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O20 - Winlogon Notify: ATWinLog - C:\WINNT\SYSTEM32\ATWinLog.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH -
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService)
- AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico
(dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
Re: quando mi collego a tgm online
Re: quando mi collego a tgm online
sembra pulito. Prova a postare lo screenshot di msconfig avvio: magari ti si richiede il download di java per un semplice errore nello scheduling :sisi: