Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internet explorer

internet explorer Opzioni
Topic Precedente · Topic Sucessivo
adobiadi
Inviato: Tuesday, August 07, 2007 3:42:50 PM
Rank: Member

Iscritto dal : 6/26/2007
Posts: 0
Prima di tutto grazie per la vostra cortese attenzione;mi sono attenuto scrupolosamente a quanto mi avete suggerito prima di eseguire il pgm per il logfile.
Il mio problema tanto per ricordarlo,è che spesso internet si chiude bruscamente senza alcuna segnalazione all'interno di pagine web comprese le vostre.
Questo è l log che mi avete chiesto.
Approfitto della vostra cortesia per chiedervi se c'è un articolo o documento che parla delle prestazioni dei pc,gestione e manutenzione.Io ho un toshiba A60 pentium 4 con xp professional.
Grazie ancora


Logfile of HijackThis v1.99.1
Scan saved at 15.28.13, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Programmi\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ADO\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyeur.rete.poste:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.1.1;10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,pcssfrrx.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search and Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Programmi\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: andWindows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183030748875
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\Software\..\Telephony: DomainName = rete.poste
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FCAAF9-B1C9-4231-A59A-0A9711A6B276}: NameServer = 213.156.54.80,1.253.128.31
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rete.poste
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA BrightStor SRM Scheduler (BrightStor SRM Scheduler) - Computer Associates International, Inc. - c:\progra~2\ca\bright~1\bin\bright~2.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
Torna in alto
 
Sponsor
Inviato: Tuesday, August 07, 2007 3:42:50 PM

 
Torna in alto
 
ragioniere
Inviato: Tuesday, August 07, 2007 7:17:59 PM
Rank: AiutAmico

Iscritto dal : 11/5/2006
Posts: 114
Bhè aspetta i super esperti perchè hai molti elementi da fixare tipo voci come
'rete.poste',loro ti diranno tutta la procedura come fare e quali programmi usare in modalità provvisoria.
Torna in alto
 
pidue
Inviato: Tuesday, August 07, 2007 7:46:24 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
Ciao, però non dovresti aprire nuovi thread, ma continuare il primo che hai aperto.

Procedi così:

chiudi HijackThis in una cartella a lui dedicata (possibilmente non sul desktop), altrimenti perdi i backup;

<b>Disattiva il Ripristino configurazione di Sistema</b>: ------ > <b>procedura:</b>

<b>avvia in modalità provvisoria</b> ----- > <b>procedura:</b>

<b>rendi visibili le cartelle nascoste</b> ------ > <b>procedura</b>:
da Risorse del computer:
Strumenti >> Opzioni cartella >> visualizzazione;
metti la spunta su:
<i>Visualizza file e cartelle nascoste</i>;
togli la spunta da:
<i>Nascondi file protetti del sistema(consigliato)</i>


Avvia hijackthis, con tutte le applicazioni chiuse, premi su <b>Do a system scan only</b> , spunta ed elimina <b>(fix checked)</b> le seguente righe:

<font color=red>F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,,pcssfrrx.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\Software\..\Telephony: DomainName = rete.poste
O17 - HKLM\System\CCS\Services\Tcpip\..\{11FCAAF9-B1C9-4231-A59A-0A9711A6B276}: NameServer = 213.156.54.80,1.253.128.31
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rete.poste
O23 - Service: CA BrightStor SRM Scheduler (BrightStor SRM Scheduler) - Computer Associates International, Inc. - c:\progra~2\ca\bright~1\bin\bright~2.exe
</font id=red>


elimina i file in rosso (se lo trovi):
___________________________________________
C:\WINDOWS\system32\<font color=red>pcssfrrx.exe</font id=red>
___________________________________________

Da Start >> Esegui, incolla la stringa <b>%temp%</b> ed elimina tutti file della cartella temp;

Vai su Strumenti >> Opzioni Internet. Nella Parte generale clicca su "Elimina" e poi su "Elimina file...", "Elimina cookie...", Elimina cronologia...", "Elimina moduli...";

svuota il cestino;

riavvia il computer normalmente.

fai qui un controllo antivirus
http://www.bitdefender.com/it/

<b>Alla fine:</b>

rinascondi le cartelle di sistema;
riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.





Edited by - pidue on 08/07/2007 19:48:21
Torna in alto
 
a.roselli
Inviato: Thursday, August 09, 2007 1:07:52 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,045
Inserisci il log aggiornato dopo aver eseguito le indicazioni consigliate.

Non aprire nuovi messaggi altrimenti si perde il filo del discorso

clicca qui in basso su <font color=blue>Rispondi all'argomento</font id=blue> per inserire la risposta successiva.
alfonso_aiutamici@hotmail.it
Torna in alto
 
adobiadi
Inviato: Thursday, August 09, 2007 2:19:21 PM
Rank: Member

Iscritto dal : 6/26/2007
Posts: 0
Grazie per la cortese attenzione.... rimango in attesa di ulteriori comunicazioni

Logfile of HijackThis v1.99.1
Scan saved at 14.17.03, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Programmi\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Personal Communications\pcsws.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Personal Communications\PCSCM.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ADO\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyeur.rete.poste:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.1.1;10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search and Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Programmi\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: andWindows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183030748875
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\Software\..\Telephony: DomainName = rete.poste
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rete.poste
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA BrightStor SRM Scheduler (BrightStor SRM Scheduler) - Computer Associates International, Inc. - c:\progra~2\ca\bright~1\bin\bright~2.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
Torna in alto
 
adobiadi
Inviato: Thursday, August 09, 2007 2:19:54 PM
Rank: Member

Iscritto dal : 6/26/2007
Posts: 0
Grazie per la cortese attenzione.... rimango in attesa di ulteriori comunicazioni

Logfile of HijackThis v1.99.1
Scan saved at 14.17.03, on 09/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\Programmi\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\RAMpage\RAMpage.exe
C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\WebProxy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Personal Communications\pcsws.exe
C:\Programmi\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Personal Communications\PCSCM.EXE
C:\WINDOWS\System32\WISPTIS.EXE
C:\Programmi\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\ADO\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxyeur.rete.poste:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;192.168.1.1;10.*
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search and Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Programmi\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RAMpage] "C:\Programmi\RAMpage\RAMpage.exe" M=28 T=4 P="C:\Programmi\RAMpage\RAMpageConfig.exe"
O4 - HKLM\..\Run: [SiteAdvisor] C:\Programmi\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Programmi\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: andWindows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Eandsporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir:\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - :windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.ca.com/us/securityadvisor/pestscan/pestscan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1183030748875
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\Software\..\Telephony: DomainName = rete.poste
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = rete.poste
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = rete.poste
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Programmi\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CA BrightStor SRM Scheduler (BrightStor SRM Scheduler) - Computer Associates International, Inc. - c:\progra~2\ca\bright~1\bin\bright~2.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programmi\File comuni\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programmi\panda software\panda antivirus + firewall 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Programmi\SiteAdvisor\6066\SAService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
O23 - Service: TrcBoot - Unknown owner - C:\WINDOWS\System32\drivers\trcboot.exe
Torna in alto
 
a.roselli
Inviato: Thursday, August 09, 2007 7:21:25 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,045
Ciao,
esegui queste operazioni

ATTENZIONE prima di procedere con le riparazioni, fate la copia di riserva dei vostri dati,
leggete questo articolo http://www.aiutamici.com/hardware/view.asp?codcat=8
a volte eliminando un virus il sistema potrebbe non riavviarsi.
____________________________

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/hardware/view.asp?codcat=28

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/hardware/view.asp?codcat=29

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
O23 - Service: CA BrightStor SRM Scheduler (BrightStor SRM Scheduler) - Computer Associates International, Inc. - c:\progra~2\ca\bright~1\bin\bright~2.exe
==================================


Elimina i file inutili del sistema utilizzando questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1223

Utilizza questi due programmi per eliminare eventuali spyware
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=878
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=831

sempre in modalità provvisoria fai una scansione Antivirus,
se non hai un antivirus, utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1485

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N
in caso di problemi lascialo disattivato fino alla soluzione dei problemi

Fai un controllo con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1486

Fai una scansione antivirus on line da questo indirizzo
http://www.pandasoftware.com/activescan/it/activescan_principal.htm
se la scansione on line rileva dei virus significa che il tuo antivirus è stato infettato o non è in grado di risolvere il problema, ti consiglio di formattare il disco fisso e reinstallare tutto, altrimenti prosegui

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Se utilizzi XP ti consiglio di installare questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1472
alfonso_aiutamici@hotmail.it
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internet explorer


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.