Condividi:        

All'apertura di Internet explorer si aprono altre pagine ...

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

All'apertura di Internet explorer si aprono altre pagine ...

Postdi aleegiusi » 02/05/05 09:29

Ciao a tutti,
non so se sto postando nella sezione giusta ... spero di si :)
Qualche giorno fa ho scaricato un file da internet, credendo che era un programma per il mio cell, e dopo averlo aperto da quel giorno ogni volta che apro Internet Eplorer mi si aprono pagine porno e su ogni pagina internet aperta (libero, ecc) in molte parole si forma un link e se passo sopra questo link vedo scritto sponsored link.
Come posso fare ad eliminare questo problema? Devo andare sul regedit?
Sul Desktop mi si erano formati anche delle icone con link a siti web, ma li ho eliminati e riavviando il pc a volte (non sembre) si riformano.

Grazie dell'aiuto
Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Sponsor
 

Postdi Mikizo » 02/05/05 09:33

Leggi le solite due guide e metti in atto tutto quanto consigliato:
http://www.pc-facile.com/combattere_spyware_t111274/
http://www.pc-facile.com/guida_hijackthis_t148946/

Se non riesci a risolvere posta il log di Hijack This
Avatar utente
Mikizo
Download Admin
 
Post: 8517
Iscritto il: 05/01/02 01:00
Località: Outside

Postdi aleegiusi » 02/05/05 13:51

Ho provato tutto quello consigliato ... ma niente!!! :evil: :evil:

Prova a postare il log di Hijackthis, vediamo se riesco ad uscirne ...

Logfile of HijackThis v1.99.1
Scan saved at 14.51.59, on 02/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Geab\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fastweb.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://www.bancaroma.it/tlqj/common/TlqJ2kQrc.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://hb.bam.it/CertEnroll/CertContro ... enroll.dll
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://www.bancaroma.it/tlqj/common/TlqJ2kQF.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://www.bancaroma.it/tlqj/common/TlqJ2kOth.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://www.bancaroma.it/tlqj/common/TlqJ2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kLibero.cab
O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab
O16 - DPF: {71F37997-A1C0-4961-A6C4-5190354108F9} (/Quercia TLQJ 2000-BSwift) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kBSwift.cab
O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5V ... lo2_l2.cab
O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H ... lo2_l1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://www.bancaroma.it/tlqj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://www.bancaroma.it/tlqj/common/TlqJ2kQDt.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe




Grazie mille!!!!
Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Tomas Milian » 02/05/05 16:43

O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll

O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab

O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5V ... lo2_l2.cab

O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H ... lo2_l1.cab

Penso che intanto dovresti eliminare questi... però non so se basterà...
"Chi caca sotto la neve, pure se fa la buca e poi la copre, quando la neve se scioglie la m**da viè sempre fuori!"
Avatar utente
Tomas Milian
Utente Senior
 
Post: 211
Iscritto il: 18/02/05 20:25
Località: Roma

Postdi Dylan666 » 02/05/05 17:06

Veramente http://www.nokiagame.com mi sembra un sito serio e autorizzato dalla Nokia.
Incollando invece il log nell'apposito sito...
http://hijackthis.de/index.php?langselect=italian
...si vede che una voce sicura da togliere è questa:

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/bestfriends/retro64_loader.dll

E siccome lo stesso sito è citato anche in un'altra chiave leverei pure quella:
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab

Poi c'è questo che non conosco, magari è innocuo:
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://hb.bam.it/CertEnroll/CertContro ... enroll.dll

Idem questo, non so che sito sia, magari il cab serve e non fa nulla di male:
O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 03/05/05 08:29

Niente da fare ... ho tolto i due siti di miniclip, mentre gli altri 2 li ho lasciati perché sono siti che uso per lavoro e non mi hanno dato mai problemi.
Ho sempre lo stesso problema nelle pagine web mi si formano link "strani" e aperture di pagine porno e varie ... :evil: :evil:


Avete altri consigli da darmi?

Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 03/05/05 12:05

Se adesso rifai un log le due voci di miniclip.com ci sono ancora o no?
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 03/05/05 12:50

Non ci sono più ... provo a rimettere il file:

Logfile of HijackThis v1.99.1
Scan saved at 13.51.12, on 03/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Internet Explorer\svchost.exe
c:\winnt\system32\jgowjy.exe
c:\winnt\system32\calc.exe
C:\Programmi\Microsoft Office\Office10\WINWORD.EXE
C:\Programmi\Microsoft Office\Office10\EXCEL.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Geab\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fastweb.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINNT\system32\rsyncmon.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://www.bancaroma.it/tlqj/common/TlqJ2kQrc.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://hb.bam.it/CertEnroll/CertContro ... enroll.dll
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://www.bancaroma.it/tlqj/common/TlqJ2kQF.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://www.bancaroma.it/tlqj/common/TlqJ2kOth.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://www.bancaroma.it/tlqj/common/TlqJ2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kLibero.cab
O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab
O16 - DPF: {71F37997-A1C0-4961-A6C4-5190354108F9} (/Quercia TLQJ 2000-BSwift) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kBSwift.cab
O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5V ... lo2_l2.cab
O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H ... lo2_l1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://www.bancaroma.it/tlqj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://www.bancaroma.it/tlqj/common/TlqJ2kQDt.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe


Non so dove sbattere la testa ...
Grazie dell'aiuto

Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 03/05/05 12:56

Vedo che salta fuori altra robaccia:
C:\Programmi\Internet Explorer\svchost.exe
I file omonimo di sistema dovrebbe stare in System32 non in Programmi.
Quindi quello eliminalo.

O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINNT\system32\rsyncmon.dll
Pure questo va tolto:
http://www.greatis.com/appdata/d/r/rsyn ... emoval.htm


PS: io non faccio altro che incollare il tuo log qui e documentarmi con Google sulle voci in giallo...
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 03/05/05 13:44

Grazie mille del sito ... come faccio ad eliminare le righe dei programmi come quello da te segnalato "C:\Programmi\Internet Explorer\svchost.exe " il programma mi fa bloccare solo da r0, r1, O02, O03, O04 ... ma non trovo c:\programmi\internet ...

Grazie dell'aiuto, sono sicuro che grazie a te risolverò il mio problema.

Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 03/05/05 13:58

Tu comuncia col levare la DLL. Poi magari se non risulta in uso (latrimenti lo termini dalla finestra di Ctrl+Alt+Canc) prova arinominare svchost.exe in svchost.exe.bak
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 03/05/05 16:31

Ho provato ad eliminare i 2 file, ma non ho risolto nulla ... sigh!!!
Tutto come prima!
In che senso la DLL?


Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 03/05/05 16:33

Intendi di fare il fix di questo

Dylan666 ha scritto:O2 - BHO: RsyncHlpr Class - {16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - C:\WINNT\system32\rsyncmon.dll
Pure questo va tolto:
http://www.greatis.com/appdata/d/r/rsyn ... emoval.htm



Posso vedere un'altro log? Ho come la sensazione che quello che buttiamo dalla finestra rientri dalla porta...
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 04/05/05 08:29

Ti posto un altro file log, la riga che mi dici tu con la dll non me la vede più:
Logfile of HijackThis v1.99.1
Scan saved at 9.29.49, on 04/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Geab\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.fastweb.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://www.bancaroma.it/tlqj/common/TlqJ2kQrc.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://hb.bam.it/CertEnroll/CertContro ... enroll.dll
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://www.bancaroma.it/tlqj/common/TlqJ2kQF.cab
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://www.bancaroma.it/tlqj/common/TlqJ2kOth.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://www.bancaroma.it/tlqj/common/TlqJ2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kLibero.cab
O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab
O16 - DPF: {71F37997-A1C0-4961-A6C4-5190354108F9} (/Quercia TLQJ 2000-BSwift) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kBSwift.cab
O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5V ... lo2_l2.cab
O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H ... lo2_l1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://www.bancaroma.it/tlqj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://www.bancaroma.it/tlqj/common/TlqJ2kQDt.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe


Grazie ancora della tua disponibilità

Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 04/05/05 11:37

Il log pare pulito, restano rmmx.themarketserver.com e hb.bam.it ma se ho capito bene sono siti fidati che conosci. Hi ancora i sintomi?
Se così fosse prova a passare questo:
http://www.pc-facile.com/download/anti- ... ware_beta/
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 04/05/05 13:34

Grandeeeeeeeeeeeeeeeeeeeeeee!!!!
Con l'ultimo programma mi hai risolto il problema, non so veramante come ringraziarti!!! :D


Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 04/05/05 13:44

Figurati, è stato un picere. Se hai tempo, puoi postare un nuovo log così magari vediamo cos'era che ci sfuggiva?
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 04/05/05 14:45

Ecco qua:

Logfile of HijackThis v1.99.1
Scan saved at 15.47.02, on 04/05/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
C:\Programmi\Microsoft IntelliType Pro\type32.exe
C:\Programmi\Microsoft IntelliPoint\point32.exe
C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Microsoft AntiSpyware\gcasDtServ.exe
C:\Programmi\Microsoft AntiSpyware\gcasServ.exe
C:\WINNT\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Geab\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da FastWeb
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CloneCDElbyCDFL] "C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
O4 - HKLM\..\Run: [Disk Monitor] C:\Programmi\BQF\USB Multi-Card Reader Driver v1.8d\Disk_Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WLAN_Cfg.exe] C:\Programmi\3Com\3Com 11Mbps Wireless LAN PCI Adapter\WLAN_Cfg.exe
O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Programmi\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINNT\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [gcasServ] "C:\Programmi\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [MicrosoftAntiSpywareCleaner] C:\Programmi\Microsoft AntiSpyware\gcASCleaner.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Collegamenti a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/ ... 1/chat.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/c ... dot2_x.cab
O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/c ... /ht0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt3_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/c ... pote_x.cab
O16 - DPF: {04365000-DFC6-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Quercia) - https://www.bancaroma.it/tlqj/common/TlqJ2kQrc.cab
O16 - DPF: {127698E4-E730-4E5C-A2B1-21490A70C8A1} (CEnroll Class) - https://hb.bam.it/CertEnroll/CertContro ... enroll.dll
O16 - DPF: {13083D70-37BD-11D4-B315-00508B6D3B87} (/Quercia TLQJ 2000-QF24) - https://www.bancaroma.it/tlqj/common/TlqJ2kQF.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {2A5C1DD0-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Other) - https://www.bancaroma.it/tlqj/common/TlqJ2kOth.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/ ... acscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/Shared ... vSniff.cab
O16 - DPF: {5140EE10-DFC4-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-Image) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kImg.cab
O16 - DPF: {572A663E-9756-4DAA-8F65-D97CEF308D64} (/Quercia TLQJ 2000-BDR) - https://www.bancaroma.it/tlqj/common/TlqJ2kBDR.cab
O16 - DPF: {59E6401A-A851-4E94-8DBA-40BD28BF4AA0} (/TlqJ 2000 LiberoBDR) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kLibero.cab
O16 - DPF: {67BEB103-900C-11D2-950F-00A0C968A099} (otfCompCtl Class) - http://rmmx.themarketserver.com/applets ... tfComp.cab
O16 - DPF: {71F37997-A1C0-4961-A6C4-5190354108F9} (/Quercia TLQJ 2000-BSwift) - https://www.bancaroma.it/tlqj/Ita/TlqJ2kBSwift.cab
O16 - DPF: {83B67220-025C-416C-8049-398E12764B36} (Flo2_L2 Control) - http://www.nokiagame.com/games/2K1E4R5V ... lo2_l2.cab
O16 - DPF: {8BC4B4C3-2CA2-44B0-9A36-495EF3946E22} (Flo2_L1 Control) - http://www.nokiagame.com/games/1fpO934H ... lo2_l1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B1738950-DFC5-11D3-B2BB-00105AE309D0} (/Quercia TLQJ 2000-QCbi) - https://www.bancaroma.it/tlqj/common/TlqJ2kQCb.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/Shared ... /cabsa.cab
O16 - DPF: {CB572CC0-E5F9-11D3-B2C1-00105AE309D0} (/Quercia TLQJ 2000-QData) - https://www.bancaroma.it/tlqj/common/TlqJ2kQDt.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZONELABS\vsmon.exe


Grazie mille ancora ... :)
Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Postdi Dylan666 » 06/05/05 00:04

Boh, ho provato a comparare i due log con ATCOMP ma quello delle 9.29 non ha nulla in più dell'ultimo che hai postato, chissà cosa ha tolto l'antispyware Microsoft e da dove :roll:
Avatar utente
Dylan666
Moderatore
 
Post: 40118
Iscritto il: 18/11/03 16:46

Postdi aleegiusi » 06/05/05 08:21

Non lo so, comunque mi aveva trovato e rimosso una decina di spyware.
Grazie del grosso aiuto.

Ciao
Ale
aleegiusi
Utente Senior
 
Post: 114
Iscritto il: 29/10/02 15:11

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "All'apertura di Internet explorer si aprono altre pagine ...":

consumo pagine web
Autore: nikita75
Forum: Software Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 17 ospiti