aiuto!!!!!!! about:blank

Versione Completa   Stampa   Cerca   Utenti   Iscriviti     Condividi : FacebookTwitter
AESSENET.ORG - Forum » AESSENET.ORG - Forum » Internet e Software » Sicurezza & Reti
Pagine: [1], 2, 3, 4, 5, 6
Dr8
00martedì 14 giugno 2005 19:35
ciao a tutti non riesco a togliere questa pagina[SM=x53918]about:blank) mi potreste dare un aiuto? grazie
boyuniversity
00martedì 14 giugno 2005 19:38
Re:
Scritto da: Dr8 14/06/2005 19.35
ciao a tutti non riesco a togliere questa pagina[SM=x53918]about:blank) mi potreste dare un aiuto? grazie


prova ad usare cwshredder che è un ottimo programma poi se non cambia postaci il log di hijackthis[SM=x53911]
max3001
00martedì 14 giugno 2005 19:38
Re:
Scritto da: Dr8 14/06/2005 19.35
ciao a tutti non riesco a togliere questa pagina[SM=x53918]about:blank) mi potreste dare un aiuto? grazie


Prova con CWShredder.
Se non riesce lui prova con questo
http://www.wintricks.it/news2/article.php?ID=8886
Dr8
00martedì 14 giugno 2005 19:50
scusate mi date il sito dove scaricare cwshredder
boyuniversity
00martedì 14 giugno 2005 19:52
Re:
Scritto da: Dr8 14/06/2005 19.50
scusate mi date il sito dove scaricare cwshredder


si trova su internet

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml
--MRZ--
00martedì 14 giugno 2005 19:57
cmq quella pag lì vuol dire pagina vuota[SM=x53923]
max3001
00martedì 14 giugno 2005 19:59
Re: Re:
Scritto da: boyuniversity 14/06/2005 19.52


si trova su internet

http://www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/CWShredder.shtml


Boy hai dato un occhio al link che ho messo?
E' un programma abbastanza nuovo, specializzato in about blank
underface
00martedì 14 giugno 2005 20:11
CwShredder lo trovi qua: http://www.majorgeeks.com/download4086.html
boyuniversity
00martedì 14 giugno 2005 20:14
Re: Re: Re:
Scritto da: max3001 14/06/2005 19.59


Boy hai dato un occhio al link che ho messo?
E' un programma abbastanza nuovo, specializzato in about blank


ora me lo guardo[SM=x53911]
boyuniversity
00martedì 14 giugno 2005 20:16
max l'hai già provato?
max3001
00martedì 14 giugno 2005 20:40
Re:
Scritto da: boyuniversity 14/06/2005 20.16
max l'hai già provato?


No, non so come provarlo ( colleziono solo virus[SM=x53914] ).
Forse si poteva fargli provare prima con quel programma e poi con cwshredder.
boyuniversity
00martedì 14 giugno 2005 20:42
Re: Re:
Scritto da: max3001 14/06/2005 20.40


No, non so come provarlo ( colleziono solo virus[SM=x53914] ).
Forse si poteva fargli provare prima con quel programma e poi con cwshredder.


cwshredder ha fatto la nuova versione un po' + evoluta di solito con quello li abbiamo risolti però sono curioso se va male postagli il tuo poi vediamo un po'...ok?
max3001
00martedì 14 giugno 2005 20:48
Re: Re: Re:
Scritto da: boyuniversity 14/06/2005 20.42


cwshredder ha fatto la nuova versione un po' + evoluta di solito con quello li abbiamo risolti però sono curioso se va male postagli il tuo poi vediamo un po'...ok?


L'ultima versione è la 2.15 giusto?
Ero curioso anche io di sapere come andava quel software nuovo, anche perchè ho visto che la softwarehouse che ha creato cwshredder da non molto fa parte di trendmicro, non vorrei che tra un pò diventasse a pagamento[SM=x53918]
Sarebbe quindi meglio trovare un'alternativa.
Dr8
00martedì 14 giugno 2005 20:53
scusate sono tornato, ho usato questo:CWShredder V2.15 vi posto quello che ha rilevato,almeno credo non sono molto esperto

**** Run Keys ****

RUN: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
RUN: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
RUN: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
RUN: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
RUN: [winpq.exe] C:\WINDOWS\system32\winpq.exe
RUN: [atlia.exe] C:\WINDOWS\atlia.exe
RUN: [apivf.exe] C:\WINDOWS\system32\apivf.exe
RUN: [ntpm32.exe] C:\WINDOWS\ntpm32.exe
RUN: [crtp32.exe] C:\WINDOWS\crtp32.exe
RUN: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
RUN: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
RUN: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
RUN: [SpamTerminator] C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\terminetor\Terminator.exe


**** Browser Helper Objects ****



**** IE Toolbars ****

TOOLBAR: [&Radio] C:\WINDOWS\System32\msdxm.ocx


**** IE Extensions ****

IEExt: []
IEExt: [@shdoclc.dll,-866]
IEExt: [@btrez.dll,-4015]


**** Hosts File Entries ****



**** IE Settings ****

Default Page: about:blank
Default Search:
Local Page: C:\WINDOWS\System32\blank.htm
Search Bar:
Search Page:


**** IE Context Menu (Right click) ****

IEContext: [E&sporta in Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IEContext: [Send To &Bluetooth] C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm


**** Layered Service Providers ****

LSP: PAV_LAYERED over [MSAFD Tcpip [TCP/IP]]
LSP: PAV_LAYERED over [MSAFD Tcpip [UDP/IP]]
LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC89D2A3-EF26-4C91-8F0D-5BA54B31F37D}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{CC89D2A3-EF26-4C91-8F0D-5BA54B31F37D}] DATAGRAM 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD6F7E03-2FE6-412C-9D9A-882C702EFBB3}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BD6F7E03-2FE6-412C-9D9A-882C702EFBB3}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7FFCBC5-D346-4827-8A99-646BD398E693}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{E7FFCBC5-D346-4827-8A99-646BD398E693}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7FBACBD-3628-44BB-84FD-C208CE3FE765}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F7FBACBD-3628-44BB-84FD-C208CE3FE765}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{45E806F1-8221-46D8-8463-F30D9E369D3C}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{45E806F1-8221-46D8-8463-F30D9E369D3C}] DATAGRAM 2


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [http://www.apple.com/qtactivex/qtplugin.cab]
{1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} [http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/it/filesharingctrl.cab] C:\WINDOWS\Downloaded Program Files\fsmsngr-it.dll
{3253344D-9980-0010-8000-00AA00389B71} [http://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab]
{33564D57-9980-0010-8000-00AA00389B71} [http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab]
{B38870E4-7ECB-40DA-8C6A-595F0A5519FF} [http://messenger.msn.com/download/msnmessengersetupdownloader.cab]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[btwdins] C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
[cisvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\System32\msiexec.exe /V
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[PASSRV] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe"
[PAVFIRES] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe"
[PAVFNSVR] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe"
[Pavkre] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe"
[PavProt] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe"
[PavPrSrv] "C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe"
[PAVSRV] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe"
[PlugPlay] %SystemRoot%\system32\services.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[PREVSRV] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe"
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[PSIMSVC] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe"
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardDrv] %SystemRoot%\System32\SCardSvr.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{04724133-F6C3-4E28-ADB9-E3D893A24B1C}
[Symantec Core LC] C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost.exe -k netsvcs
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[UMWdf] C:\WINDOWS\System32\wdfmgr.exe
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmdmPmSp] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[wuauserv] %SystemRoot%\system32\svchost.exe -k netsvcs
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: [SearchAssistant]
SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\System32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.libero.it/
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page]
IEOPT: [Check_Associations] yes
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [Use FormSuggest] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [FormSuggest PW Ask] no
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar]
IEOPT: [Default_Page_URL] about:blank
IEOPT: [Default_Search_URL]
IEOPT: [Search Page]
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Use Search Asst] no
IEOPT: [Search Bar]

boyuniversity
00martedì 14 giugno 2005 20:53
Re: Re: Re: Re:
Scritto da: max3001 14/06/2005 20.48


L'ultima versione è la 2.15 giusto?
Ero curioso anche io di sapere come andava quel software nuovo, anche perchè ho visto che la softwarehouse che ha creato cwshredder da non molto fa parte di trendmicro, non vorrei che tra un pò diventasse a pagamento[SM=x53918]
Sarebbe quindi meglio trovare un'alternativa.



si quella è l'ultima io l'ho e sembra buona ma non posso testarla più di tanto perchè il mio pc è più pulito dell'omino bianco[SM=x53915] [SM=x53915]

ho scaricato anche il suo stasera lo provo ma il risultato lo conosco
Dr8
00martedì 14 giugno 2005 21:04
Re: Re: Re: Re: Re:
Scritto da: boyuniversity 14/06/2005 20.53



si quella è l'ultima io l'ho e sembra buona ma non posso testarla più di tanto perchè il mio pc è più pulito dell'omino bianco[SM=x53915] [SM=x53915]

ho scaricato anche il suo stasera lo provo ma il risultato lo conosco
oki dopo aver fatto questo come procedo?
boyuniversity
00martedì 14 giugno 2005 21:06
Re: Re: Re: Re: Re: Re:
Scritto da: Dr8 14/06/2005 21.04
oki dopo aver fatto questo come procedo?



o fai come detto da max e provi questo

http://www.wintricks.it/news2/article.php?ID=8886

ma io ti chiedo di postare il log di hijackthis
max3001
00martedì 14 giugno 2005 21:08
Re: Re: Re: Re: Re: Re:
Scritto da: Dr8 14/06/2005 21.04
oki dopo aver fatto questo come procedo?


Hai fatto doppio click sell'eseguibile, hai fatto scan e quello che ti seleziona fai fix.
Se vuoi prova anche l'altro software che ho linkato, è nuovo, ma è specifico.
Poi riavvii e vedi se sei a posto.

max3001
00martedì 14 giugno 2005 21:10
Re: Re: Re: Re: Re: Re: Re:
Scritto da: boyuniversity 14/06/2005 21.06



o fai come detto da max e provi questo

http://www.wintricks.it/news2/article.php?ID=8886

ma io ti chiedo di postare il log di hijackthis


Come dice boy se non risolvi con nessuno dei due programmi consigliati, posta il log di hijackthis.
Dr8
00martedì 14 giugno 2005 21:18
Re: Re: Re: Re: Re: Re: Re: Re:
Scritto da: max3001 14/06/2005 21.10


Come dice boy se non risolvi con nessuno dei due programmi consigliati, posta il log di hijackthis.
oki ecco il log di hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 21.10.12, on 14/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe
O4 - HKLM\..\Run: [atlia.exe] C:\WINDOWS\atlia.exe
O4 - HKLM\..\Run: [apivf.exe] C:\WINDOWS\system32\apivf.exe
O4 - HKLM\..\Run: [ntpm32.exe] C:\WINDOWS\ntpm32.exe
O4 - HKLM\..\Run: [crtp32.exe] C:\WINDOWS\crtp32.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpamTerminator] C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\terminetor\Terminator.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/it/filesharingctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FFCBC5-D346-4827-8A99-646BD398E693}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe


boyuniversity
00martedì 14 giugno 2005 21:23
togli

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe

O4 - HKLM\..\Run: [atlia.exe] C:\WINDOWS\atlia.exe

O4 - HKLM\..\Run: [apivf.exe] C:\WINDOWS\system32\apivf.exe

O4 - HKLM\..\Run: [ntpm32.exe] C:\WINDOWS\ntpm32.exe

O4 - HKLM\..\Run: [crtp32.exe] C:\WINDOWS\crtp32.exe


fai una cartella nuova dove metti hijackthis
Dr8
00martedì 14 giugno 2005 22:17
Re:
Scritto da: boyuniversity 14/06/2005 21.23
togli

R3 - Default URLSearchHook is missing

O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe

O4 - HKLM\..\Run: [atlia.exe] C:\WINDOWS\atlia.exe

O4 - HKLM\..\Run: [apivf.exe] C:\WINDOWS\system32\apivf.exe

O4 - HKLM\..\Run: [ntpm32.exe] C:\WINDOWS\ntpm32.exe

O4 - HKLM\..\Run: [crtp32.exe] C:\WINDOWS\crtp32.exe


fai una cartella nuova dove metti hijackthis
la nuova cartella non me la fa fere se lo elimino mi dice che posso danneggiare altri programmi, gli ho eliminati ecco ultimo log

Logfile of HijackThis v1.99.1
Scan saved at 22.12.36, on 14/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\apimx32.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Class - {F9CE4E9E-3BBE-0D76-2070-5593678A3953} - C:\WINDOWS\system32\crha.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [d3mv32.exe] C:\WINDOWS\d3mv32.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpamTerminator] C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\terminetor\Terminator.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/it/filesharingctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FFCBC5-D346-4827-8A99-646BD398E693}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe



Modificato da Dr8 14/06/2005 22.23
Arkantos01
00martedì 14 giugno 2005 22:30
Aggiorna IE, poi fixa questi:
C:\WINDOWS\system32\apimx32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
O4 - HKLM\..\Run: [d3mv32.exe] C:\WINDOWS\d3mv32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FFCBC5-D346-4827-8A99-646BD398E693}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe
O2 - BHO: Class - {F9CE4E9E-3BBE-0D76-2070-5593678A3953} - C:\WINDOWS\system32\crha.dll
boyuniversity
00martedì 14 giugno 2005 22:34
togli

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

O2 - BHO: Class - {F9CE4E9E-3BBE-0D76-2070-5593678A3953} - C:\WINDOWS\system32\crha.dll

O4 - HKLM\..\Run: [d3mv32.exe] C:\WINDOWS\d3mv32.exe

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe


tutti gli R1 e R0 ti creano problemi alla pagina iniziale!

guarda in installazione/applicazione se hai search bar o toolbar con scritto qualcosa vicino

fai una scansione in modalità provvisoria con antivirus e antispyware
Arkantos01
00martedì 14 giugno 2005 22:36
Re:
Scritto da: boyuniversity 14/06/2005 22.34
togli

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

O2 - BHO: Class - {F9CE4E9E-3BBE-0D76-2070-5593678A3953} - C:\WINDOWS\system32\crha.dll

O4 - HKLM\..\Run: [d3mv32.exe] C:\WINDOWS\d3mv32.exe

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe


tutti gli R1 e R0 ti creano problemi alla pagina iniziale!

guarda in installazione/applicazione se hai search bar o toolbar con scritto qualcosa vicino

fai una scansione in modalità provvisoria con antivirus e antispyware


ho fatto prima io [SM=x53920][SM=x53921]
boyuniversity
00martedì 14 giugno 2005 22:37
Re: Re:
Scritto da: Arkantos01 14/06/2005 22.36


ho fatto prima io [SM=x53920][SM=x53921]


e hai fatto un errore il 17 è il nimero di provider[SM=x53914]

vedrai che al prossimo log si presenta l'ho imparato a forza di leggere quel numero[SM=x53911]



veni,vidi,vici(Giulio Cesare)


Modificato da boyuniversity 14/06/2005 22.38
Dr8
00martedì 14 giugno 2005 22:43
Re:
Scritto da: Arkantos01 14/06/2005 22.30
Aggiorna IE, poi fixa questi:
C:\WINDOWS\system32\apimx32.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
O4 - HKLM\..\Run: [d3mv32.exe] C:\WINDOWS\d3mv32.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7FFCBC5-D346-4827-8A99-646BD398E693}: NameServer = 193.70.192.25,193.70.152.25
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe
O2 - BHO: Class - {F9CE4E9E-3BBE-0D76-2070-5593678A3953} - C:\WINDOWS\system32\crha.dll
oki eliminati ecco ultimo log

Logfile of HijackThis v1.99.1
Scan saved at 22.39.16, on 14/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\apimx32.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\winpq.exe
C:\Programmi\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\Programmi\Ahead\nero\nero.exe
C:\WINDOWS\System32\imapi.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpamTerminator] C:\Documents and Settings\tony.POVERO-GSFQJZAN\Desktop\terminetor\Terminator.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Image Transfer.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/it/filesharingctrl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda Pavkre (Pavkre) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\Pavkre.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - C:\Programmi\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe


boyuniversity
00martedì 14 giugno 2005 22:48
togli

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll

O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe


LEEGI QUA

1)fai scansioni in modalità provvisoria con antivirus
2)in modalità provvisoria usi anche gli anti spy

3)pulisci bene il disco e il registro

4)togli anche il ripristino di sistema prima di fare le scansioni

5)riaccendi il pc e vedi come va

6)guarda in installazione/applicazione se hai search bar o toolbar+ qualche parola vicina (es:toolbar fry) e le cancelli

7)se ti trova dei virus l'antivirus segnati il percorso(ciò dove sono)

8)scrivimi che programmi hai come antivirus e antispyware
underface
00martedì 14 giugno 2005 22:54
Re:
Scritto da: boyuniversity 14/06/2005 22.48
togli

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\eikuk.dll/sp.html#12047

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll

O4 - HKLM\..\Run: [winpq.exe] C:\WINDOWS\system32\winpq.exe

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ'I) - Unknown owner - C:\WINDOWS\system32\apimx32.exe


LEEGI QUA

1)fai scansioni in modalità provvisoria con antivirus
2)in modalità provvisoria usi anche gli anti spy

3)pulisci bene il disco e il registro

4)togli anche il ripristino di sistema prima di fare le scansioni

5)riaccendi il pc e vedi come va

6)guarda in installazione/applicazione se hai search bar o toolbar+ qualche parola vicina (es:toolbar fry) e le cancelli

7)se ti trova dei virus l'antivirus segnati il percorso(ciò dove sono)

8)scrivimi che programmi hai come antivirus e antispyware

Boy secondo me è meglio se quella sequenza di azioni la aggiorni da caso a caso anche perchè l'antivirus che ha lo sai già.[SM=x53920]

Comunque a parte gli scherzi, Dr8 segui la procedura che ti ha indicato e fai una scansione con: spybot, adaware e l'antispyware della microsoft.[SM=x53912]
I love the USA!!!!

Don't kill your BRAIN, NO DRUG

Modificato da underface 14/06/2005 22.55
boyuniversity
00martedì 14 giugno 2005 23:00
Re: Re:
Scritto da: underface 14/06/2005 22.54

Boy secondo me è meglio se quella sequenza di azioni la aggiorni da caso a caso anche perchè l'antivirus che ha lo sai già.[SM=x53920]

Comunque a parte gli scherzi, Dr8 segui la procedura che ti ha indicato e fai una scansione con: spybot, adaware e l'antispyware della microsoft.[SM=x53912]
<!--FFZFIRMASTART--I love the USA!!!!

Don't kill your BRAIN, NO DRUG
--FFZFIRMAEND-->
Modificato da underface 14/06/2005 22.55



dramma ho 1 memoria uguale allo zero colpa di sti fottuti esami chiedo sempre ma non mi ricordo nulla vabbè ormai invecchio[SM=x53933]

azz è il panda[SM=x53915] [SM=x53915]



veni,vidi,vici(Giulio Cesare)


Modificato da boyuniversity 14/06/2005 23.01
Questa è la versione 'lo-fi' del Forum Per visualizzare la versione completa clicca qui
Tutti gli orari sono GMT+01:00. Adesso sono le 10:50.
Copyright © 2000-2024 FFZ srl - www.freeforumzone.com