non che ti voglia obbligare ma hai mai pensato di mettere firefox? :look:
Visualizzazione Stampabile
non che ti voglia obbligare ma hai mai pensato di mettere firefox? :look:
gia', pero' rimane il fatto, che cmq. non mi posso collegare al sito di spybot..Il prorgamma che consigli e' un firewall?
allora rimane il problema di spybot e del reindirizzamento ( poco male x come ero partito) pero' ho notato che ho due svchost.exe nei processi in esecuzione... e' normale?
è normale :sisi:
io al momento ne ho 7 :asd:
grazie, buon natale, e vediamo di risolvere quest'ultimo problemino
allora, SON TORNATO... :O)
Innanzitutto mi e' sempre rimasto il problema del reindirizzamento e del fatto che non posso ne aggiornare ne collegarmi al sito di spybot, poi da ieri, ogni volta che apro una cartella o uso un qualcosa del pc, antivir mi segnala che in c:\winnt c'e' il file nrexeg1.ddl che e' un trojan.... l'ho cancellato, messo in quarantina, ma e' sempre tornato... il bello e' che se lo ignoro e lo cerco direttamente in cartella... non c'e'....
Suggerimenti grazie.... :O))
immaginavo... :O)
Logfile of HijackThis v1.99.1
Scan saved at 11.42.33, on 26/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINNT\system32\atwtusb.exe
C:\WINNT\system32\RunDLL32.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot
ifier.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
= Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
- C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} -
C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Class - {6CB7807F-43B3-1C6B-FBC4-21D44073F3E6} -
C:\WINNT\nrxeg1.dll (file missing)
O2 - BHO: Google Toolbar Helper -
{AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher]
C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH
Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon]
"C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon]
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched]
"C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition
Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost
Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost
Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe
NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Creative Detector]
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg]
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNot
ifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft
ActiveSync\wcescomm.exe"
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6
Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File
comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk =
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk =
C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk =
C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk =
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk =
C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel
present
O8 - Extra context menu item: Download with GetRight -
C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser -
C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite -
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... -
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} -
C:\PROGRA~1\MICROS~4\INetRepl.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan
Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) -
http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} -
http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class)
-
http://update.microsoft.com/windowsu...n/x86/client/w
uweb_site.cab?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} -
http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class)
-
http://update.microsoft.com/microsof.../en/x86/client
/muweb_site.cab?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX
Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{9973FF83-261B-4F06-802D-20A3D90599FC
}: NameServer = 85.37.17.17 85.38.28.72
O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH -
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService)
- AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd -
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico
(dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO
EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner -
C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum -
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
et voila'...
il log è pressocché pulito: fixa C:\WINNT\nrxeg1.dll (file missing)
e sei a posto per modo di dire.
Prova a scaricare se non lo hai già fatto avg antispyware. Solita procedura. Modalità provvisoria e scansioni.
fixato, non in modalitaì provvisoria, sembra persistere...
sto scaricando avg antispyware e domani ( come ai vecchi tempi) vi faccio sapere... cmq mi da l'errore ogni volta apro una finestra sul windows (cartelle, browser...(
abbiamo tolto anche il sottotitolo così puoi formattare :bua:
non ho formattato l'altra volta che non funzionava piu' nulla.....
cmq ti aggiorno:
quando fixo con hjack il problema continua solo se apro una finestra di Internet, riavviato il pc ho rifatto la scansione e riavevo quello che avevo fixato, e in quella condizione ho l'allarme di antivir ogni volta che apro una finestra qualsiasi, cioe' se entro in una cartella o apro internet...
Ho scaricato avgantispyware e non ho problemi "importanti".... devo fare il controllo in modalita provvisoria poi vi faccio sapere...
P.s. Tanto non formatto :O))
la scansione da qui l'hai già fatta? :look:
-> http://it.trendmicro-europe.com/cons...all_launch.php
la tua perseveranza è ammirevole ma non è da escludersi che qualche file sia rimasto danneggiato. :sisi:
http://www.tweakness.net/showfiles.php?fid=1754 prova anche il software a quell'indirizzo.
bhe', ma dopo 2 mesi un trojan cosi, non credo sia dovuto a file danneggiati...
fino ad oggi non avevo avuto nessun problema
allora, oggi ho l'avviso di antivir ( il pc non crasha ancora) solo quando apro finestre di explorer... ti mando lo scan di hjack in provvisoria
Logfile of HijackThis v1.99.1
Scan saved at 13.02.47, on 27/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
e subito dopo con il pc normale :O)
Logfile of HijackThis v1.99.1
Scan saved at 13.09.37, on 27/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
C:\WINNT\system32\CTsvcCDA.EXE
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\runservice.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\Logitech\iTouch\iTouch.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\RunDll32.exe
C:\WINNT\system32\carpserv.exe
C:\Programmi\Classic PhoneTools\CapFax.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Logitech\MouseWare\system\em_exec.exe
C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\PHOTOS~1\HPSHAR~1\hpgs2wnf.ex e
C:\WINNT\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe
C:\WINNT\system32\atwtusb.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINNT\system32\RunDLL32.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
C:\Programmi\Microsoft ActiveSync\wcescomm.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Programmi\GetRight\getright.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\C6 Messenger\c6Messenger.exe
C:\Downloads\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.catlist.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tgmonline.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Programmi\GetRight\xx2gr.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [CapFax] C:\Programmi\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CXMon] "C:\Programmi\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINNT\p_981116.exe /Q:A
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [atwtusb] atwtusb.exe beta
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OutpostFeedBack] C:\Programmi\Agnitum\Outpost Firewall 1.0\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [Outpost Firewall] C:\Programmi\Agnitum\Outpost Firewall 1.0\outpost.exe /waitservice
O4 - HKLM\..\Run: [CTRegRun] C:\WINNT\CTRegRun.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Programmi\Creative\MediaSource\Detector\CTDetec t.exe /R
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908. 8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02. EXE
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Programmi\GetRight\getright.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferito portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1128513464265
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/it/bi.../GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1165670099968
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {C1B7E532-3ECB-4E9E-BB3A-2951FFE67C61} (DownloaderActiveX Control) - http://c6.community.alice.it/downloa...derActiveX.cab
O20 - Winlogon Notify: ActiveSync - C:\WINNT\SYSTEM32\WcesWlgn.dll
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINNT\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\system32\CTsvcCDA.EXE
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINNT\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
come ti spiegavo quel file "infetto" non c'e'.. anche se ignoro l'avviso di antivir e poi vado nella cartella winnt quel file non c'e'... se lo sposto in quarantina il file non c'e'...
cmq uno dei due siti che mi hai dato non va... provero' l'altro anche se prima voglio fare una scansione da panda.. (l'altra volta mi ha salvato)
Bene. Il log e' pulito.
Ora, se l' Explorer crasha le possibilita' che sia a colpa di qualche malware sono decisamente scarse. Soprattutto dopo decine di scansioni ed un' infinita' di logs di Hijackthis. E, se permetti, fin' ora siamo stati decisamente pazienti e disponibili.
Pero, capisci bene, che non puoi propinarci un log di Hijackthis ogni 8 ore, manco fosse Tachipirina.
Detto questo, cominciamo a passare ad altro.
Infila un cd di Windows 2000 dentro al lettore, riavvia il pc con quello e premi il tasto quando richiesto.
Comincera' il setup per l' installazione di Windows 2000. Ad un certo punto, ti proporra' la scelta di aprire una Console di Ripristino.
Premi il tasto corrispondente ( R su Xp, su 2000 credo sia lo stesso ), metti la password di Administrator ( se esiste ) e, quando finalmente sei al Prompt dei Comandi, digita:
sfc /scannow
Fagli fare la scansione e che Zeus ci aiuti.
pare che ho risolto con panda, avevo un nuovo virus, e' rimasto solo il problema che non mi collego a spybot, grazie e scusate per il disturbo...