errore iexplore.exe

di **mortisia** » 14/05/06 15:50

Ciao a tutti, ho bisogno di aiuto :aaah

, perchè da qualche giorno mentre sto navigando in internet (con adsl alice), mi si presenta l'errore iexplore.exe con dicitura "si è verificato un errore in iexplore.exe. L'applicazione verrà chiusa." Cliccando su "non inviare" non si chiude nessuna applicazione ma poco dopo si crea una connessione remota di nome "internet" che tenta di collegarsi e mi fa scollegare da alice.
Secondo voi è un virus?Grazie mille per ogni vostro aiuto!
Ciao

di **Luke57** » 14/05/06 18:40

Ciao, generalmente è un’applicazione maligna che causa ciò.
Aggiorna il tuo antivirus e fai una scansione completa del sistema, meglio in modalità provvisoria
http://service1.symantec.com/SUPPORT/IN ... 2090503924
(per XP)
Se non l’hai già, scaricati AdAware 1.06 e Spybot Search & destroy
http://www.pc-facile.com/download/?cat=17
aggiornali e fai una scansione con essi.
Se nemmeno con questi programma risolvi qualcosa, scarica Hijackthis 1.99.1 da qui:
http://www.pc-facile.com/HijackThis_s267/
scompatti il file .zip, estrai l’eseguibile (.exe) del programma in una cartella permanente appositamente creata, tipo C\HJT, in modo che il programma possa fare un backup delle voci eventualmente rimosse. Cicchi sull’eseguibile, premi “ do a system scan and save a log file”, attendi l’elaborazione di un file di testo, selezioni e copi tutto il contenuto di questo file, poi lo incolli in un post sul forum e attendi fiduciosa una risposta

di **mortisia** » 14/05/06 23:10

Ho provato a fare tutte le scansioni che mi hai consigliato, ma alla fine è ricomparsa la solita finestra di errore "iexplore.exe". Perciò invio il log fatto con hijack:

Logfile of HijackThis v1.99.1
Scan saved at 23.53.40, on 14/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\Directory temporanea 1 per hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/aliceadsl/indexbb.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infinito
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [svchosts] "C:\WINDOWS\svchosts.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
O4 - HKLM\..\Run: [uvll2.exe] C:\WINDOWS\Temp\uvll2.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.infinito.it/bnl
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7623335156
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: odf - Unknown owner - C:\:OET.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

:roll:

AIUTOOOOOOOOOOOOO!

di **Luke57** » 15/05/06 08:04

Ciao, hai delle infezioni. Metti l'eseguibile di hijackthis, come già suggerito, in una cartella permanente del disco fisso appositamente creata, tipo C\HJT, in modo che il programma possa fare una copia delle voci rimosse.
Poi prova a fare così:
1)Riavvia in modalità provvisoria
( Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
2)Rendi visibili file e cartelle nascosti (vai in start>impostazioni>pannello di controllo>opzioni cartella, e clicca su "visualizzazione". Seleziona "visualizza file e cartelle nascosti", e deseleziona "nascondi file protetti e di sistema". Clicca su OK.
3)Apri hijackthis, con tutte le applicazioni chiuse, premi “do a system scan only”, cerchi e metti il segno di spunta alle seguenti voci:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O4 - HKLM\..\Run: [svchosts] "C:\WINDOWS\svchosts.exe
O4 - HKLM\..\Run: [rock] rock.exe
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
O4 - HKLM\..\Run: [uvll2.exe] C:\WINDOWS\Temp\uvll2.exe
Premi fix checked
4)Da pannello di controllo, installazioni\applicazioni, cerchi ed elimini tutti i programmi che non hai installato tu, in particolare Link Optimizer
5)Cerca ed elimini i seguenti file:
C:\WINDOWS\Temp\uvll1.exe
C:\WINDOWS\Temp\uvll2.exe
C:\Programmi\LinkOptimizer\LinkOptimizer.dll------ > tutta la cartella Link Optimizer
C:\WINDOWS\svchosts.exe
6)Poi elimina tutti i file temporanei di windows (temp e tmp, (fai così start>cerca>tutti i file e cartelle, nello spazio bianco “nome del file o parte del nome” copi : *.temp; *.tmp ed elimini tutti quelli trovati)
7)cancella tutti i file temporanei di IE, cronologia, cookies,

Svuota il cestino
9)Fai una scansione on line qui:
http://www.bitdefender.com/scan8/ie.html
10Posta un nuovo log di hijackthis

di **mortisia** » 16/05/06 21:07

Ciao, ho fatto tutto quello che mi hai indicato e allego di nuovo il log:

Logfile of HijackThis v1.99.1
Scan saved at 21.57.06, on 16/05/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/aliceadsl/indexbb.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infinito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.infinito.it/bnl
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4C9733-09D3-4A3A-B3B0-81FE7C196515}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: odf - Unknown owner - C:\:OET.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

P.S. Il Bitdefender mi ha trovato varie infezioni e virus, ma alla fine mi ha scritto "Your computer is still infected!"... non penso sia un buon segno... :-?

Cosa ne dici? (comunque l'iexplore oggi non è tornato!)
Grazie per la pazienza....

di **Luke57** » 17/05/06 07:37

Ciao, scarica CCleaner da qi:
http://www.pc-facile.com/CCleaner_s255/
ti serve per la pulizia dei file temporanei , lo lasci settato com’è solo che in opzioni>avanzate togli il segno di spunta a "Cancella file di windows temp solo se più vecchi di 48 ore".
Da pannello di controllo>installazioni/applicazioni>disistalla Link Optimizer
Con hijackthis elimina:
O2 - BHO: Class - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - C:\Programmi\LinkOptimizer\LinkOptimizer.dll
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
Elimina poi
C:\Programmi\LinkOptimizer\LinkOptimizer.dll-------- >tutta la cartella

Poi, con ccleaner, elimina i file temporanei di windows, quelli di IE, svuota il cestino.

di **mortisia** » 20/05/06 09:16

Ciao, ho fatto di nuovo come mi hai consigliato (nel frattempo ho anche installato il Windows System Pack 2+Windows Defender).

Purtroppo, quando sono collegata con alice, vengo ancora scollegata da una connessione chiamata "internet" (che compare tra le mie connessioni di rete) che tenta di collegarsi per qualche minuto. Poi scompare completamente questa connessione "internet" e mi ricollego automaticamente all'alice.
Nel frattempo ho rifatto un log Hijack e ho notato che:
- compare ancora il uvll1.exe;
- sono riuscita a disinstallare il Linkoptimizer (è normale però che per disinstallarlo si colleghi ad una pagina di internet con scritto solo "Uninstall" e dopo cliccato dica solo "Thank You"? :eeh:

);
-mi pare che si sia aggiunta una riga simile a quella che c'era per il Linkoptimizer, solamente con scritto "(no file)";

Ecco il log di Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 9.53.53, on 20/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\Temp\uvll1.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/aliceadsl/indexbb.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infinito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: (no name) - {DA39029C-D291-A968-3FF4-D0990D5CB5FC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinito.it/bnl
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7925811015
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4C9733-09D3-4A3A-B3B0-81FE7C196515}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: odf - Unknown owner - C:\:OET.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

Grazie ancora per il tuo aiuto!!!!! :undecided:

di **Luke57** » 20/05/06 10:21

Ciao Mortisia, in effetti c'è sempre. Rifai la procedura con hijackthis come suggerito nel post precedente limitatamente alle voci con uvll1.exe. Poi cancella tutti i file temporanei con CCleaner (l'hai scaricato?) e svuota il cestino.
Per disistallare il programma, usa Myuninstaller da qui:
http://news.swzone.it/swznews-17533.php
te lo toglie in un attimo ed è di facile uso.
Per quella voce rimasta no file, la procedura corretta per toglerla è questa:
1)start>esegui>regedt32 (lo scrivi nello spazio)>0k
2)si apre l'editor del registro di sistema, segui questo percorso clicando sul + accanto a ogni singola voce
HKEY-LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVesrion\Explorer\Browser Helper Objects
3) Individui la voce alfanumerica, la evidenzi con un click, vai su Modifica>Autorizzazioni, si apre la finestra vai su Avanzate> sul menu Autorizzazioni guarda di avere la voce consenti sugli utenti, sul menu Proprietario seleziona il proprietario>OK.
4) Click con il tasto dx del mouse sulla voce e scegli Elimina.

di **mortisia** » 21/05/06 01:45

Fatto! Per ora non mi esce più quella fastidiosa connessione... però facendo una scansione con BitDefender Online mi dice che il PC è ancora infetto... Cosa posso fare?

Inserisco qui di seguito il report:

BitDefender Online Scanner

Scan report generated at: Sun, May 21, 2006 - 01:58:23
Scan path: A:\;C:\;D:\;

Statistics

Time
01:22:19

Files
377131

Folders
7214

Boot Sectors
2

Archives
3123

Packed Files
26851

Results

Identified Viruses
2

Infected Files
10

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
10

Engines Info

Virus Definitions
375938

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
40

Unpack plugins
4

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 2)
Infected with: JS.Winshow.U

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 2)
Disinfection failed

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 2)
Deleted

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA
Updated

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 16)
Infected with: JS.Winshow.U

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 16)
Disinfection failed

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 16)
Deleted

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA
Updated

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 30)
Infected with: JS.Winshow.U

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 30)
Disinfection failed

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 30)
Deleted

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA
Updated

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 46)
Infected with: JS.Winshow.U

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 46)
Disinfection failed

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 46)
Deleted

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA
Updated

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 191)
Infected with: Trojan.Downloader.Winshow.AK

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 191)
Disinfection failed

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA=>(JAVASCRIPT 191)
Deleted

C:\WINDOWS\IsUn040a.exe=>:vzrzm:$DATA
Updated

C:\WINDOWS\IsUn040a.exe
Update failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 2)
Infected with: JS.Winshow.U

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 2)
Disinfection failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 2)
Deleted

C:\WINDOWS\vb.ini=>:szwoo:$DATA
Updated

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 16)
Infected with: JS.Winshow.U

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 16)
Disinfection failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 16)
Deleted

C:\WINDOWS\vb.ini=>:szwoo:$DATA
Updated

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 30)
Infected with: JS.Winshow.U

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 30)
Disinfection failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 30)
Deleted

C:\WINDOWS\vb.ini=>:szwoo:$DATA
Updated

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 46)
Infected with: JS.Winshow.U

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 46)
Disinfection failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 46)
Deleted

C:\WINDOWS\vb.ini=>:szwoo:$DATA
Updated

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 191)
Infected with: Trojan.Downloader.Winshow.AK

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 191)
Disinfection failed

C:\WINDOWS\vb.ini=>:szwoo:$DATA=>(JAVASCRIPT 191)
Deleted

C:\WINDOWS\vb.ini=>:szwoo:$DATA
Updated

C:\WINDOWS\vb.ini
Update failed

C:\WINDOWS\YJKAxbpMfuj.exe
Suspected of: BehavesLike:Trojan.HangUp

C:\WINDOWS\YJKAxbpMfuj.exe
Disinfection failed

C:\WINDOWS\YJKAxbpMfuj.exe
Delete failed

Grazie.

di **Luke57** » 21/05/06 09:16

Ciao, prova a verificare se quel file, sospettato da bitdefender come infetto, ti riesce toglierlo manualmente:
C:\WINDOWS\YJKAxbpMfuj.exe
Posta anche un nuovo log di hijakthis.

di **mortisia** » 21/05/06 10:36

Ok sono riuscita a cancellare manualmente il file YJKAxbpMfuj.exe e ho rifatto il log. Gli altri virus tipo Trojan che mi segnalava sono ok? :undecided:

P.S. Entranta nella cartella "C:\WINDOWS\" ho notato che ho 186 cartelle con nome color blu tipo "$NtUninstallKB810217$" (in cui cambiano solo numeri). E' tutto normale? :eeh:

Ecco il log:
Logfile of HijackThis v1.99.1
Scan saved at 11.29.21, on 21/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/aliceadsl/indexbb.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infinito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinito.it/bnl
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7925811015
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4C9733-09D3-4A3A-B3B0-81FE7C196515}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: odf - Unknown owner - C:\:OET.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

Ciao e buona domenica

di **Luke57** » 21/05/06 10:51

Ciao, il log mi sembra pulito. Quei file blu che hai trovato sono quelli di installazione degli aggiornamenti di windows, tutto ok.
Buona sdomenica anche a te.

di **mortisia** » 25/05/06 17:51

Ciao
ho lasciato passare un po' di tempo per vedere se era tutto a posto (in effetti non mi compare più quella fastidiosa connessione "internet").
Oggi però, facendo uno scan con Hijack ho ritrovato i fatidici UVLL che tanto avevo cancellato...

Ecco lo scan:

Logfile of HijackThis v1.99.1
Scan saved at 18.40.41, on 25/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programmi\ahead\InCD\InCD.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Windows Defender\MSASCui.exe
C:\WINDOWS\Temp\uvll2.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/aliceadsl/indexbb.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Infinito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 8\LaunchList.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nod32kui] C:\Programmi\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [uvll1.exe] C:\WINDOWS\Temp\uvll1.exe
O4 - HKLM\..\Run: [uvll2.exe] C:\WINDOWS\Temp\uvll2.exe
O4 - HKLM\..\Run: [uvll3.exe] C:\WINDOWS\Temp\uvll3.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.infinito.it/bnl
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7925811015
O17 - HKLM\System\CCS\Services\Tcpip\..\{DF4C9733-09D3-4A3A-B3B0-81FE7C196515}: NameServer = 85.37.17.14 85.38.28.78
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Programmi\Eset\nod32krn.exe
O23 - Service: odf - Unknown owner - C:\:OET.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe

...non so come eliminarli in modo definitivo,sigh.
:neutral:

di **mortisia** » 30/05/06 18:57

Continuano a crearsi gli uvll1, 2, 3, ... nella cartella "C:\WINDOWS\Temp", io posso fixarli anche ogni giorno e quindi eliminarli dalla cartella ma poi... zac, si ripresentano sempre.

vorrei eliminarli in modo definitivo, c'è qualcuno che può aiutarmi?

Grazie della vostra presenza/pazienza!

di **Luke57** » 31/05/06 08:53

Ciao, non saprei....
prova a utilizzare Ewido
http://www.alground.com/sicurezza/articolo.php?page=43
guida d’uso e link, fai poi una scansione on line con Panda qui
Posta il log generato da Panda e da Ewido

di **amvinfe** » 31/05/06 10:28

Ciao,
puoi inviarmi per favore il file C:\WINDOWS\Temp\uvll2.exe (uvll*.exe) all'indirizzo presente nella mia firma?
Grazie

di **mortisia** » 04/06/06 17:49

Ecco il log di Ewido:

+ Creato il: 18.31.42, 04/06/2006
+ Report-Checksum: 171D934F

+ Risultati scansione:

HKLM\SOFTWARE\Classes\CLSID\{0155D68B-7071-FAF3-02DB-27C5446BD84B} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{05C2CD81-24FE-5D99-8F9B-7B4071451E4E} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{06511831-9B79-0A9B-0C92-991F58C5B4A7} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{21F77E38-B830-964B-FDEC-4EE88C6A492E} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{27F0F0E5-3C39-AB9F-5881-B63EA0E44B26} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{2B073C66-A72B-1166-86D6-0AD290B7868D} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{3144B1A0-A00B-3EC8-7B52-01231520AC12} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{3B9CEB6D-F50A-65F0-1387-22AC6E08AA5F} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{3EC51367-FA39-1261-3090-522B4BFA5214} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{4032D7AC-0350-8D00-A208-4D849D71EBAB} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{4FC6535C-9AC3-EDE2-C75D-FEB53871F199} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{5389907B-5AA0-FD40-FFCD-B654F6817EFA} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{58BA44D2-4E05-CF21-D46C-343B479557D8} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{754ECC22-4B1C-5AAF-18F5-1244D0E238F6} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{7624347E-865E-1A7A-DB1B-BD99FE90372B} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{78991257-E463-8759-D99F-343F395ADFB0} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{79286ACC-C8D1-45A0-C440-E4868F6D86B1} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{88C96295-FCAE-0B3D-8F00-3F0E0A009428} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{89AA2EEE-C716-74EB-CE35-58C8B0717721} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{8A680A8F-C9AB-CE2A-A1BA-7072064D7B92} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{8C45588B-902A-6FE2-0DC0-939927EADB2A} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{8C4559E1-6236-3121-41BD-A78A12FD4A9B} -> Adware.CoolWebSearch : Pulito con Backup
HKLM\SOFTWARE\Classes\CLSID\{D3D735D9-5DFD-4315-0E41-46E2F675CE32} -> Adware.CoolWebSearch : Pulito con Backup
C:\Documents and Settings\Proprietario\Documenti\File programmi anti-tutto 31-03-06\killsgrunt.exe -> Heuristic.Win32.Dialer : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\res0346ECF9.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\res0A228C29.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\res6FC58141.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\res7FFF22C1.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\res8A9B81E4.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resA52FF329.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resA9D7A1D9.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resAAB87ED1.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resAD7AC859.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resBD55A240.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resDD776D44.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resE3C29C10.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resE645F329.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resE95A0924.dat -> Downloader.WinShow.ak : Pulito con Backup
C:\Programmi\ewido anti-malware\Quarantine\resEC5A4000.dat -> Downloader.WinShow.ak : Pulito con Backup

::Fine Rapporto

...ed ecco il log di Panda:

Incident Status Location

Adware:adware/searchaid Not disinfected c:\windows\n_uydcpf.dat

...ecco fatto

di **klah** » 08/11/06 21:54

Salve,ho su per giù gli stessi problemi di mortisia,ho usato hijackthis ed è uscito tutto qst:
Logfile of HijackThis v1.99.1
Scan saved at 21.18.44, on 08/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\HP\HP Software Update\HPWuSchd.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\user\IMPOST~1\Temp\Rar$EX00.233\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://in.webcounter.cc/--/?bzbjr (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://awebfind.biz/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://awebfind.biz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://1-se.com/home.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://1-se.com/srchasst.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = res://mshp.dll/index.html#18878
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://riviera.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://riviera.cc (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F1 - win.ini: run=fntldr.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.dll,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updmgr] C:\Programmi\Common files\updmgr\updmgr.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [OESpamTest] C:\PROGRA~1\KASPER~1\KASPER~1\KASPER~3\OESpamTest.ExE
O4 - HKLM\..\Run: [KASP] "C:\Programmi\Kaspersky Lab\Kaspersky Security Suite\Kaspersky Anti-Spam Personal\OESpamTest.exe"
O4 - HKCU\..\Run: [WINT] C:\WINDOWS\System32\wcpsvit.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Web Search - C:\WINDOWS\ex.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {850028DD-5F90-4537-B0B4-6C86FE4DD891} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: http://www.master69.biz
O15 - Trusted Zone: http://www.sgrunt.biz
O15 - Trusted Zone: http://www.yeak.net
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {F8919F8B-D22E-4A68-892F-8D5FAA7F1A92} (Pro_Web010.ProWeb006) - http://216.147.198.39/ProWeb010.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{49CD52D8-AF2A-432A-8A8F-8AB8F8F105E8}: NameServer = 85.37.17.50 85.38.28.76
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF5BD5B-067A-45E9-BACD-08633BD1BF8C}: NameServer = 192.168.0.21
O19 - User stylesheet: C:\WINDOWS\color.css
O19 - User stylesheet: C:\WINDOWS\hh.htt (file missing) (HKLM)
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\netvo32.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programmi\ewido anti-spyware 4.0\guard.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Security Procedure Messaging (WksPatch) - Unknown owner - C:\WINDOWS\System32\drivers\svchost.exe (file missing)

L'ho mandato ad un amico ch edopo aver dato un occhiata ed essersi messo le mani ai capelli mi ha consigliato di postarlo quì,qualcuno può aiutarmi per favore???Grazie.

errore iexplore.exe

errore iexplore.exe

problemi come mortisia

Topic correlati a "errore iexplore.exe":

Chi c’è in linea