Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

aiuto..mi si impalla explorer e mi si attivano finetre a cas

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

aiuto..mi si impalla explorer e mi si attivano finetre a cas

Postdi Baxalak » 11/05/07 14:05

salve a tutti il mio problema come avete letto nel titolo riguarda explore...mi si aprono finestre a caso e ogni tanto mi si impalla explorer,costringendomi a chiuderlo e a riavviarlo dal comando "esegui"...ho provato a eliminare dei missing file trovati da hihackThis ma nulla...aiutatemi voi...posto qui lo scan

Logfile of HijackThis v1.99.1
Scan saved at 15.03.04, on 11/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\BearShare Test\BearShare.exe
C:\Programmi\Real\RealPlayer\realplay.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare Test\BearShare.exe" /pause
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Programmi\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [WindowsUpdate] rundll32.exe "C:\WINDOWS\system32\uvwmpwcs.dll",realset
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baxalak.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5182246437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9653422B-B563-4C6A-A8B0-080EACD83EF0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B34C0B6-4A95-4015-957B-1CB92482CA63}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Sponsor
 

Postdi edo_aol » 11/05/07 14:17

http://www.ewido.net/en/onlinescan/ prova qui e poi da qui
http://translate.google.com/translate?h ... %26hl%3Dit un semplice tool di blocco spyware;)
Avatar utente
edo_aol
Utente Senior
 
Post: 415
Iscritto il: 13/04/07 14:26

Postdi Luke57 » 11/05/07 14:28

Ciao, scarica AVENGER e decomprimilo sul desktop (estrai i file nel desktop)
http://swandog46.geekstogo.com/avenger.zip

- con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue:

registry values to delete:
HKLM\SYSTEM\Software\Microsoft\Windows\CurrenteVesion\Run | WindowsUpdate

folders to delete:
C:\windows\temp


files to delete:
C:\WINDOWS\system32\uvwmpwcs.dll


Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes due volte
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 11/05/07 17:14

ho fatto!
allora riguardo alle pagine di scansione online la prima sono riuscito a farla...la seconda pure senza riouscire a cancellarli,mi mandava alla pagina dove comprare il software e non voglio spendere soldi.

per il secondo metodo ho usato avenger ho fatto come scritto ma al riavvio mi è uscito l' errore dicendomi che non ha trovato i file e nel file che ti crea in seguito,non c'era nulla...ah le pagine continuano a scire help
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Luke57 » 12/05/07 12:28

Ciao, riprova klo script e poi esegui questo tool:
scarica Vundofix sul desktop
http://www.atribune.org/ccount/click.php?id=4
fai doppio click su vundofix.exe e clicca su scan for vundo
quando ha finito lo scan clicca su remove vundo
quando ti chiede di rimuovere i file digli di sì
dopo che hai cliccato sì il desktop diventerà bianco e inizierà a rimuovere i file infetti
appena finito ti dirà che riavvierà il pc clicca OK
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 12/05/07 14:35

ho rifatto lo script con avenger la finestra col problema è ancora uscita ma sta volta mi ha dato questo resoconto:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qlnqrlxc

*******************

Script file located at: \??\C:\Program Files\kgnitvcn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not delete registry value HKLM\SYSTEM\Software\Microsoft\Windows\CurrenteVesion\Run|WindowsUpdate
Deletion of registry value HKLM\SYSTEM\Software\Microsoft\Windows\CurrenteVesion\Run|WindowsUpdate failed!

Could not process line:
HKLM\SYSTEM\Software\Microsoft\Windows\CurrenteVesion\Run|WindowsUpdate
Status: 0xc0000034

Folder C:\windows\temp deleted successfully.
File C:\WINDOWS\system32\uvwmpwcs.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


poi ho fatto lo scan con vundofix mi ha trovato qualcosa ma i problemi rimangono
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Luke57 » 12/05/07 15:28

Ciao, vai qui:
http://www.suspectfile.com/forum/viewtopic.php?t=466
scarica suspectscan (anche se hai lo già, recentemente è stato aggiornato e progredito). Dopo averlo scaricato , utilizzalo come spiegato (spunta utte le opzioni e premi scan).Al termine sarà rilasciato il file report.txt nella artella C:\suspectfile.

vai su :
http://www.easy-share.com/
caricail report sul sito e fornisci, in un successivo post, il link per poterlo vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10


Postdi Luke57 » 13/05/07 10:05

Ciao, comunque vundofix non lo devi aver usato.

con un doppio click avvia il file avenger.exe
- Seleziona "Input Script Manually"
- Clicca sulla lente di ingrandimento

- Nella finestra che si aprirà "View/edit script"
- copia / incolla (Ctrl+V) quanto segue:


Registry keys to delete:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\iifeccc
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\pmnlk
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\qomnooo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09FA5E49-C8CD-420A-9FBB-54785EA7EF63}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E28F91B-0E78-4774-9638-ED7D6A353418}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EBE6D20-55AE-4DE5-B9A6-C4530A3F4073}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB1443B-0F9F-4991-8230-C5DE8EFC02A1 }
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A}

Registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | WindowsUpdate

Files to delete:
C:\WINDOWS\system32\qomnooo.dll
C:\WINDOWS\system32\tuvuspp.dll
C:\WINDOWS\system32\btrxngcq.dll
C:\WINDOWS\system32\qcgnxrtb.ini
C:\WINDOWS\system32\armvavbq.dll
C:\WINDOWS\system32\qbvavmra.ini
C:\WINDOWS\system32\ftxrsdrl.ini
C:\WINDOWS\system32\teqqlvbm.dll
C:\WINDOWS\system32\mbvlqqet.ini
C:\WINDOWS\system32\emsoenxx.dll
C:\WINDOWS\system32\xxneosme.ini
C:\WINDOWS\system32\qudyvudw.dll
C:\WINDOWS\system32\wduvyduq.ini
C:\WINDOWS\system32\fgwmtsmd.dll
C:\WINDOWS\system32\dmstmwgf.ini
C:\WINDOWS\system32\ujfvvjft.dll
C:\WINDOWS\system32\tfjvvfju.ini
C:\WINDOWS\system32\mbuudtxk.dll
C:\WINDOWS\system32\kxtduubm.ini
C:\WINDOWS\system32\wxtillbf.dll
C:\WINDOWS\system32\fbllitxw.ini
C:\WINDOWS\system32\gihrbemj.dll
C:\WINDOWS\system32\jmebrhig.ini
C:\WINDOWS\system32\utsojsvp.dll
C:\WINDOWS\system32\pvsjostu.ini
C:\WINDOWS\system32\moydpccs.dll
C:\WINDOWS\system32\sccpdyom.ini
C:\WINDOWS\system32\vlnfvxri.dll
C:\WINDOWS\system32\irxvfnlv.ini
C:\WINDOWS\system32\lmjmysnq.dll
C:\WINDOWS\system32\qnsymjml.ini
C:\WINDOWS\system32\tdcanwlq.dll
C:\WINDOWS\system32\qlwnacdt.ini
C:\WINDOWS\system32\rjwrwpdb.dll
C:\WINDOWS\system32\bdpwrwjr.ini
C:\WINDOWS\system32\kbbxnxet.dll
C:\WINDOWS\system32\texnxbbk.ini
C:\WINDOWS\system32\nfdgeaac.dll
C:\WINDOWS\system32\caaegdfn.ini
C:\WINDOWS\system32\tngxoatb.dll
C:\WINDOWS\system32\btaoxgnt.ini
C:\WINDOWS\system32\pilfvdyr.dll
C:\WINDOWS\system32\rydvflip.ini
C:\WINDOWS\system32\ndmbuuia.dll
C:\WINDOWS\system32\aiuubmdn.ini
C:\WINDOWS\system32\dhdyfamb.dll
C:\WINDOWS\system32\bmafydhd.ini
C:\WINDOWS\system32\lqavyyso.dll
C:\WINDOWS\system32\osyyvaql.ini
C:\WINDOWS\system32\cawjqggs.dll
C:\WINDOWS\system32\sggqjwac.ini
C:\WINDOWS\system32\moyphlfo.dll
C:\WINDOWS\system32\oflhpyom.ini
C:\WINDOWS\system32\aguxspnf.dll
C:\WINDOWS\system32\fnpsxuga.ini
C:\WINDOWS\system32\jyhsknll.ini
C:\WINDOWS\system32\llnkshyj.dll
C:\WINDOWS\system32\clmdihpm.dll
C:\WINDOWS\system32\mphidmlc.ini
C:\WINDOWS\system32\xgcnamui.dll
C:\WINDOWS\system32\scwpmwvu.ini
C:\WINDOWS\system32\lemaglgd.dll
C:\WINDOWS\system32\uevmvqgn.dll
C:\WINDOWS\system32\ngqvmveu.ini
C:\WINDOWS\system32\pmnlk.dll
C:\WINDOWS\system32\klnmp.bak1
C:\WINDOWS\system32\ceehxavx.dll
C:\WINDOWS\system32\xvaxheec.ini
C:\WINDOWS\system32\cphatxsp.dll
C:\WINDOWS\system32\psxtahpc.ini
C:\WINDOWS\system32\wwpjmrvj.dll
C:\WINDOWS\system32\jvrmjpww.ini
C:\WINDOWS\system32\ssqrp.dll


Clicca sul tasto Done
- Poi sull'icona del semaforo
- Rispondi Yes due volte
Il pc dovrebbe riavviarsi ( se così non fosse, fallo tu)
Posta il log che verrà creato in C:\Avenger


Inoltre:
start>esegui>regedit (lo digiti nello spazio)>OK
Aperto l’editor del registro, cliccando sul segno + accanto alle singole voci, segui questo percorso:


HKEY_CLASSES_ROOT
CLSID
{B07CB267-5E6F-441F-9B3C-324EFE70F897}
InprocServer32
Click sulla cartella, sulla parte destra cerchi:
C:\WINDOWS\System32\wvuvvwx.dll
Click tasto dx e scegli elimina.


HKEY_CLASSES_ROOT
CLSID
{6C622D52-0612-414B-A063-105A614D396F}
InprocServer32
Click sulla cartella, sulla parte destra cerchi
C:\WINDOWS\system32\iifeccc.dll"
Click tasto dx e scegli elimina.


HKEY_CLASSES_ROOT
CLSID
{8EBE6D20-55AE-4DE5-B9A6-C4530A3F4073}
InprocServer32
Click sulla cartella, sulla parte destra cerchi
C:\WINDOWS\system32\qomnooo.dll"
Click tasto dx e scegli elimina.

Poi fai una scansione completa dalla mod.provvisoria con Avg 7 antispyware.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 13/05/07 13:41

ok ho fatto tutt e per ora non stà succedendo nulla di strano1 :) :D
vi posto la scansione con avenger
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bdasmyai

*******************

Script file located at: \??\C:\rbdfswiw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\qomnooo.dll deleted successfully.
File C:\WINDOWS\system32\tuvuspp.dll deleted successfully.
File C:\WINDOWS\system32\btrxngcq.dll deleted successfully.
File C:\WINDOWS\system32\qcgnxrtb.ini deleted successfully.
File C:\WINDOWS\system32\armvavbq.dll deleted successfully.
File C:\WINDOWS\system32\qbvavmra.ini deleted successfully.
File C:\WINDOWS\system32\ftxrsdrl.ini deleted successfully.
File C:\WINDOWS\system32\teqqlvbm.dll deleted successfully.
File C:\WINDOWS\system32\mbvlqqet.ini deleted successfully.
File C:\WINDOWS\system32\emsoenxx.dll deleted successfully.
File C:\WINDOWS\system32\xxneosme.ini deleted successfully.
File C:\WINDOWS\system32\qudyvudw.dll deleted successfully.
File C:\WINDOWS\system32\wduvyduq.ini deleted successfully.
File C:\WINDOWS\system32\fgwmtsmd.dll deleted successfully.
File C:\WINDOWS\system32\dmstmwgf.ini deleted successfully.
File C:\WINDOWS\system32\ujfvvjft.dll deleted successfully.
File C:\WINDOWS\system32\tfjvvfju.ini deleted successfully.
File C:\WINDOWS\system32\mbuudtxk.dll deleted successfully.
File C:\WINDOWS\system32\kxtduubm.ini deleted successfully.
File C:\WINDOWS\system32\wxtillbf.dll deleted successfully.
File C:\WINDOWS\system32\fbllitxw.ini deleted successfully.
File C:\WINDOWS\system32\gihrbemj.dll deleted successfully.
File C:\WINDOWS\system32\jmebrhig.ini deleted successfully.
File C:\WINDOWS\system32\utsojsvp.dll deleted successfully.
File C:\WINDOWS\system32\pvsjostu.ini deleted successfully.
File C:\WINDOWS\system32\moydpccs.dll deleted successfully.
File C:\WINDOWS\system32\sccpdyom.ini deleted successfully.
File C:\WINDOWS\system32\vlnfvxri.dll deleted successfully.
File C:\WINDOWS\system32\irxvfnlv.ini deleted successfully.
File C:\WINDOWS\system32\lmjmysnq.dll deleted successfully.
File C:\WINDOWS\system32\qnsymjml.ini deleted successfully.
File C:\WINDOWS\system32\tdcanwlq.dll deleted successfully.
File C:\WINDOWS\system32\qlwnacdt.ini deleted successfully.
File C:\WINDOWS\system32\rjwrwpdb.dll deleted successfully.
File C:\WINDOWS\system32\bdpwrwjr.ini deleted successfully.
File C:\WINDOWS\system32\kbbxnxet.dll deleted successfully.
File C:\WINDOWS\system32\texnxbbk.ini deleted successfully.
File C:\WINDOWS\system32\nfdgeaac.dll deleted successfully.
File C:\WINDOWS\system32\caaegdfn.ini deleted successfully.
File C:\WINDOWS\system32\tngxoatb.dll deleted successfully.
File C:\WINDOWS\system32\btaoxgnt.ini deleted successfully.
File C:\WINDOWS\system32\pilfvdyr.dll deleted successfully.
File C:\WINDOWS\system32\rydvflip.ini deleted successfully.
File C:\WINDOWS\system32\ndmbuuia.dll deleted successfully.
File C:\WINDOWS\system32\aiuubmdn.ini deleted successfully.
File C:\WINDOWS\system32\dhdyfamb.dll deleted successfully.
File C:\WINDOWS\system32\bmafydhd.ini deleted successfully.
File C:\WINDOWS\system32\lqavyyso.dll deleted successfully.
File C:\WINDOWS\system32\osyyvaql.ini deleted successfully.
File C:\WINDOWS\system32\cawjqggs.dll deleted successfully.
File C:\WINDOWS\system32\sggqjwac.ini deleted successfully.
File C:\WINDOWS\system32\moyphlfo.dll deleted successfully.
File C:\WINDOWS\system32\oflhpyom.ini deleted successfully.
File C:\WINDOWS\system32\aguxspnf.dll deleted successfully.
File C:\WINDOWS\system32\fnpsxuga.ini deleted successfully.
File C:\WINDOWS\system32\jyhsknll.ini deleted successfully.
File C:\WINDOWS\system32\llnkshyj.dll deleted successfully.
File C:\WINDOWS\system32\clmdihpm.dll deleted successfully.
File C:\WINDOWS\system32\mphidmlc.ini deleted successfully.
File C:\WINDOWS\system32\xgcnamui.dll deleted successfully.
File C:\WINDOWS\system32\scwpmwvu.ini deleted successfully.
File C:\WINDOWS\system32\lemaglgd.dll deleted successfully.
File C:\WINDOWS\system32\uevmvqgn.dll deleted successfully.
File C:\WINDOWS\system32\ngqvmveu.ini deleted successfully.
File C:\WINDOWS\system32\pmnlk.dll deleted successfully.
File C:\WINDOWS\system32\klnmp.bak1 deleted successfully.
File C:\WINDOWS\system32\ceehxavx.dll deleted successfully.
File C:\WINDOWS\system32\xvaxheec.ini deleted successfully.
File C:\WINDOWS\system32\cphatxsp.dll deleted successfully.
File C:\WINDOWS\system32\psxtahpc.ini deleted successfully.
File C:\WINDOWS\system32\wwpjmrvj.dll deleted successfully.
File C:\WINDOWS\system32\jvrmjpww.ini deleted successfully.


File C:\WINDOWS\system32\ssqrp.dll not found!
Deletion of file C:\WINDOWS\system32\ssqrp.dll failed!

Could not process line:
C:\WINDOWS\system32\ssqrp.dll
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\iifeccc not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\iifeccc failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\pmnlk not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\pmnlk failed!
Status: 0xc0000034



Registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\qomnooo not found!
Deletion of registry key HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\qomnooo failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09FA5E49-C8CD-420A-9FBB-54785EA7EF63} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E28F91B-0E78-4774-9638-ED7D6A353418} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8EBE6D20-55AE-4DE5-B9A6-C4530A3F4073} deleted successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB1443B-0F9F-4991-8230-C5DE8EFC02A1 } not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB1443B-0F9F-4991-8230-C5DE8EFC02A1 } failed!
Status: 0xc0000034

Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2EE5C44-C66D-499d-BEAE-A2A79189A63A} deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WindowsUpdate
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WindowsUpdate failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Baxalak » 13/05/07 13:45

mmm mi è uscita una finetra...ma magari era solo una pubblicità di qualche pagina web...se ne escono altre o succedono anomalie vi avviso

GRAZIE MILLE A TUTTI PER L' AIUTO!!!
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Baxalak » 14/05/07 22:50

ok confermo che le finestre e il blocco di explorer non mi è + capitato...GRAZZIE MILLE!!!SIETE DEI GRANDI!!!!

ps:ne approfitto per chiedervi quali programi anti virus e antispywere dovrei installare per non far + capitare casini del genere grazie!
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Baxalak » 18/05/07 19:10

aiuto!!! hanno ricominciato a comparire le finestre e non ho fatto nulla di strano...cosi' da un momente all' altro hanno ripreso a comparirere come prima e explorer si è già bloccato una volta HELP!!!
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Baxalak » 19/05/07 19:17

dovrei ripostare qualche scansione???? HELP :cry:
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Luke57 » 19/05/07 19:18

Ciao, inserisci il solito report di system scan.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 20/05/07 12:27

ok eccolo


Logfile of HijackThis v1.99.1
Scan saved at 13.26.40, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools\daemon.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Programmi\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apvxdwin] C:\WINDOWS\System32\APVXDWIN.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare Test\BearShare.exe" /pause
O4 - HKLM\..\Run: [ElbyCheckAnyDVD] "C:\Programmi\SlySoft\AnyDVD\ElbyCheck.exe" /L AnyDVD
O4 - HKLM\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril.com/assets/activeX/ ... nnerV2.ocx
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://baxalak.spaces.live.com//PhotoUp ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5182246437
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9653422B-B563-4C6A-A8B0-080EACD83EF0}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B34C0B6-4A95-4015-957B-1CB92482CA63}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Luke57 » 20/05/07 15:09

Ciao, qui non si nota niente, infatti avevo suggerito systemscan ;)
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 21/05/07 18:31

Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Postdi Luke57 » 21/05/07 19:03

Ciao, purtroppo è un file di testo illeggibile, nel senso che è posto tutto alla rinfusa e non ne cavo le gambe pur con tutta la mia buona volontà ;) , puoi controllare anche tu. Guarda se nella cartella C:\suspectfile c'è un altro file report anche zippato, è capitato anche a un altro utente, altrimenti devi rifare la scansione.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi Baxalak » 22/05/07 14:15

ok ho rifatto la scansione ti posto il link http://w13.easy-share.com/1113944.html
Baxalak
Utente Junior
 
Post: 71
Iscritto il: 15/04/07 14:35

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "aiuto..mi si impalla explorer e mi si attivano finetre a cas":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti