Go Back   Forum > Tecno-Cool > Hardware & Software

LOGIN

Register FAQ Live Now! Rules Live TV Arcade Search Today's Posts Mark Forums Read






× Notice: This forum is read-only.The content of the community may not be verified or updated. More info
Reply
 
Thread Tools Search this Thread Display Modes Translate
  #11  
Old 10-17-2007, 02:23 PM
nacus nacus is offline
Senior Member
 
nacus's Avatar
 

Join Date: Jun 2006
Location: Italia
Posts: 3,620
nacus is on a distinguished road
Send a message via MSN to nacus Send a message via Yahoo to nacus
Default

panda: No rootkits have been found.

ps.lasciami scritto le tue impressioni le leggo + tardi..


Reply With Quote
  #12  
Old 10-17-2007, 02:44 PM
petrescu petrescu is offline
Moderatore
 

Join Date: Mar 2006
Location: Salentu:lu sule,lu mare,lu jentu
Posts: 3,526
petrescu is on a distinguished road
Default

hai provato a caricare un punto di ripristino?
__________________
VISITA LA MIA PAGINA FACEBOOK


Reply With Quote
  #13  
Old 10-17-2007, 04:40 PM
nacus nacus is offline
Senior Member
 
nacus's Avatar
 

Join Date: Jun 2006
Location: Italia
Posts: 3,620
nacus is on a distinguished road
Send a message via MSN to nacus Send a message via Yahoo to nacus
Default

Quote:
Originally Posted by petrescu
hai provato a caricare un punto di ripristino?


è un'idea....credo che riportare indiero di due-tre giorni il pc potrebbe risolvere il problema...ma aspetto sempre il responso di sefiroth..


Reply With Quote
  #14  
Old 10-17-2007, 09:32 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

penso di aver individuato il problema...
ma andiamoci piano!
anzi tutto rimuovi la barra di bear share da installazione applicazioni */CONSIGLIO PER TUTTI: barre di ricerca veramente affidabili io ne conosco poche... anzi forse una... quella di google... tutte le altre lasciano qualche schifezza... fate un pò voi/*

fatto questo rifai una scansione hijackthis...
se nella scANSIONE è PRESENTE

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\nicola\Dati applicazioni\Mozilla\Firefox\Profiles\zwsmvpl8.def ault\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\nicola\Dati applicazioni\Mozilla\Firefox\Profiles/zwsmvpl8.default\extensions\{B13721C7-F507 -4982-B2E5-502A71474FED}"

fixalo e riavvia il pc... e rifai di nuovo hijackthis postando il log!
tanto il bello... DEVE ANCORA VENIRE!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #15  
Old 10-18-2007, 06:25 PM
nacus nacus is offline
Senior Member
 
nacus's Avatar
 

Join Date: Jun 2006
Location: Italia
Posts: 3,620
nacus is on a distinguished road
Send a message via MSN to nacus Send a message via Yahoo to nacus
Default

Quote:
Originally Posted by sefirothmorpheus
penso di aver individuato il problema...
ma andiamoci piano!
anzi tutto rimuovi la barra di bear share da installazione applicazioni */CONSIGLIO PER TUTTI: barre di ricerca veramente affidabili io ne conosco poche... anzi forse una... quella di google... tutte le altre lasciano qualche schifezza... fate un pò voi/*

fatto questo rifai una scansione hijackthis...
se nella scANSIONE è PRESENTE

O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\nicola\Dati applicazioni\Mozilla\Firefox\Profiles\zwsmvpl8.def ault\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\nicola\Dati applicazioni\Mozilla\Firefox\Profiles/zwsmvpl8.default\extensions\{B13721C7-F507 -4982-B2E5-502A71474FED}"

fixalo e riavvia il pc... e rifai di nuovo hijackthis postando il log!
tanto il bello... DEVE ANCORA VENIRE!


grazie sefir...faccio come hai detto e poi ti dico..


Reply With Quote
  #16  
Old 10-21-2007, 12:03 AM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

ma ci vuole cos' tanto?
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #17  
Old 10-21-2007, 08:55 AM
nacus nacus is offline
Senior Member
 
nacus's Avatar
 

Join Date: Jun 2006
Location: Italia
Posts: 3,620
nacus is on a distinguished road
Send a message via MSN to nacus Send a message via Yahoo to nacus
Default

Quote:
Originally Posted by sefirothmorpheus
ma ci vuole cos' tanto?


scusa...
ho fixato quei risultati ma il problema persiste...ti posto un altro log di hjt, se non trovi niente carico un punto di ripristino di una settimana fa più o meno, quando non avevo questo problema...
Code:
Logfile of HijackThis v1.99.1 Scan saved at 8.51.34, on 21/10/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Intel\Wireless\Bin\EvtEng.exe C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe C:\WINDOWS\system32\DVDRAMSV.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\perfs.exe C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe C:\PROGRA~1\SPYWAR~1\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Apoint2K\Apoint.exe C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe C:\Programmi\TOSHIBA\TouchPad\TPTray.exe C:\WINDOWS\system32\ZoomingHook.exe C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\WINDOWS\system32\TCtrlIOHook.exe C:\Programmi\TOSHIBA\Tvs\TvsTray.exe C:\Programmi\Apoint2K\Apntex.exe C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\TPSBattM.exe C:\WINDOWS\AGRSMMSG.exe C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DE.EXE C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\system32\RAMASST.exe C:\Programmi\Toshiba\TOSHIBA Controls\TFncKy.exe C:\Programmi\uTorrent\utorrent.exe C:\DOCUME~1\nicola\IMPOST~1\Temp\Rar$EX00.453\Hija ckThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 193.203.227.71 www.betandwin.com O1 - Hosts: 195.72.134.100 www.bwin.com O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [PadTouch] C:\Programmi\TOSHIBA\Touch and Launch\PadExe.exe O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe O4 - HKLM\..\Run: [HWSetup] C:\Programmi\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP O4 - HKLM\..\Run: [SVPWUTIL] C:\Programmi\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe O4 - HKLM\..\Run: [TPSMain] TPSMain.exe O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe O4 - HKLM\..\Run: [SmoothView] C:\Programmi\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe O4 - HKLM\..\Run: [Tvs] C:\Programmi\TOSHIBA\Tvs\TvsTray.exe O4 - HKLM\..\Run: [DDWMon] C:\Programmi\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [EPSON Stylus DX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIA DE.EXE /P26 "EPSON Stylus DX4800 Series" /O6 "USB001" /M "Stylus DX4800" O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [TOSCDSPD] C:\Programmi\TOSHIBA\TOSCDSPD\toscdspd.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun 8.55 Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O15 - Trusted Zone: *.rossoalice.it O15 - Trusted Zone: *.rossoalice.virgilio.it O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://www.coolstreaming.us/consolle/plug-in/tvants.cab O16 - DPF: {5CD4310E-88FB-43C1-BE24-5F3FA9C5C9D1} (KooPlayer Control) - http://www.coolstreaming.us/consolle/webplus/KooPlayer.ocx O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{41EA71DF-FB24-4232-BAB7-2214D7520B4C}: NameServer = 208.67.222.222,208.67.220.220 O17 - HKLM\System\CCS\Services\Tcpip\..\{7A4FB8CC-4742-43D0-A7B1-6F36E9810765}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programmi\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NMIndexingService - Unknown owner - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe


Reply With Quote
  #18  
Old 10-23-2007, 03:04 PM
nacus nacus is offline
Senior Member
 
nacus's Avatar
 

Join Date: Jun 2006
Location: Italia
Posts: 3,620
nacus is on a distinguished road
Send a message via MSN to nacus Send a message via Yahoo to nacus
Default

vabbe' allora carico il punto di ripristino??


Reply With Quote
  #19  
Old 10-23-2007, 05:02 PM
sefirothmorpheus sefirothmorpheus is offline
Moderatore brazingles :)
 

Join Date: Mar 2006
Location: Cidade Maravilhosa
Posts: 7,475
sefirothmorpheus is on a distinguished road
Default

guarda qua:

http://www.prevx.com/filenames/1587.../PERFS.EXE.html

te lo avevo detto che il bello deve ancora venire!

capisci l'inglese vero???

Code:
You may want to print this or save it to notepad as we will go to safe mode. Fix these with HiJackThis – mark them, close IE, click fix checked O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe ================ Click Start > Run > and type in: services.msc Click OK. In the services window find this exact name perfmons Service Rightclick and choose "Properties". Beside "Startup Type" in the dropdown menu select "Disabled". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Click Apply then OK. File-Exit the Services utility. =============== DownLoad http://www.downloads.subratam.org/KillBox.zip or http://www.thespykiller.co.uk/files/killbox.exe Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode: Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following line(s) one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box. Be sure to note the EXACT spelling of the file C:\WINDOWS\system32\perfs.exe Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any. START – RUN – type in %temp% - OK - Edit – Select all – File – Delete Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp Not all temp files will delete and that is normal Empty the recycle bin Boot Download Superantispyware (SAS) free home version http://www.superantispyware.com/superantispywarefreevspro.html Install it and double-click the icon on your desktop to run it. · It will ask if you want to update the program definitions, click Yes. · Under Configuration and Preferences, click the Preferences button. · Click the Scanning Control tab. · Under Scanner Options make sure the following are checked: o Close browsers before scanning o Scan for tracking cookies o Terminate memory threats before quarantining. o Please leave the others as they were. o Click the Close button to leave the control center screen. · On the main screen, under Scan for Harmful Software click Scan your computer. · On the left check C:\Fixed Drive. · On the right, under Complete Scan, choose Perform Complete Scan. · Click Next to start the scan. Please be patient while it scans your computer. · After the scan is complete a summary box will appear. Click OK. · Make sure everything in the white box has a check next to it, then click Next. · It will quarantine what it found and if it asks if you want to reboot, click Yes. · To retrieve the removal information for me please do the following: o After reboot, double-click the SUPERAntispyware icon on your desktop. o Click Preferences. Click the Statistics/Logs tab. o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. o It will open in your default text editor (such as Notepad/Wordpad). o Please highlight everything in the notepad, then right-click and choose copy. · Click close and close again to exit the program. Please paste that information here for me regardless of what it finds with a new HijackThis log. This will take some time!!!!!!!!
__________________
CoolStreaming: a cool way to smash (the) sky!
Per i nuovi arrivati: leggete il REGOLAMENTO e la sezione NUOVI ARRIVATI
Problemi con i vari softwares? Consultate la sezione GUIDE
Ricordate che in questo mondo non è gradito lo ZAPPING e se i MOD/ADM agiscono, un MOTIVO ci sarà!

Iscrivetevi: Formula COOL-ONE 2008 e CoolMoto 2008!
!omrehcs otseuq orteid otaloppartni onoS !otuiA

I can only show you the door. You're the one that has to walk through it...
Sefiroth-Morpheus


Reply With Quote
  #20  
Old 10-23-2007, 05:55 PM
ELJ ELJ is offline
Senior Member
 

Join Date: Apr 2006
Location: VALLI OLIMPICHE...TURIN
Posts: 2,032
ELJ is on a distinguished road
Cool

per sefiro...


.....ti posto il log di "hjackthis"......mi puoi dare cortesemente un tuo giudizio....Logfile of HijackThis v1.99.1
Scan saved at 17.48.40, on 23/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\services.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\system32\cmd.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\elj\IMPOST~1\Temp\Rar$EX00.140\HijackT his.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Programmi\WinBudget\bin\matrix.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCoo1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DVD43] C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe /hidden
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [IncrediMail] -C:\Programmi\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] -"C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ernxwq.exe
O4 - Startup: kat.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Programmi\VIA\RAID\raid_tool.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.doginhispen.com
O15 - Trusted Zone: *.whataboutadog.com
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{10AA21E6-907A-4180-B888-2D3FCEA6FFF2}: NameServer = 85.37.17.8 85.38.28.73
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wmi2xml32 - C:\WINDOWS\SYSTEM32\wmi2xml32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe


Reply With Quote
Reply







Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 02:29 PM.


Powered by: vBulletin Copyright ©2000 - 2023, Jelsoft Enterprises Ltd.
Search Engine Friendly URLs by vBSEO 3.1.0 ©2007, Crawlability, Inc.