pop up indesiderate

[GeF]

Mi sono appena registrata e ho urgentemente bisogno di AIUTO!!
Allora..ho un problema molto frequente ma ke nn sn ancora riuscita a risolvere..e cioè quello delle finestre ke "magicamente" si aprono da sole..
Premettendo ke nn conosco alcun termine di pc e quindi di teoria, e chiarendo ke nn posso formattare il tutto, vorrei sapere se qui c'è qualcuno in grado di aiutarmi xkè veramente non ne posso più!
Come programmi antyspy ho istallato "Spybot - Search & Destroy" e "TweakNow RegCleaner" ke sicuramente hanno dimezzato le finestre ma ke, ahimè, ci sono ancora! Ora, precisando di nuovo ke sn abbastanza ignorante in campo, vorrei ke le risposte (ipotizzando ke ci saranno.. ) fossero molto kiare e mooooolto semplici..Ringrazio tutti in anticipo e confido nella vostra disponibilità! Grazie

Ciao ciao

[LUPO21]

prima cosa:benvenuto. seconda cosa:dai titoli significativi ai post!
detto questo passiamo alla pratica:
prima fai una scansione antivirus in modalità provvisoria(ci si entra cliccando ripetutamente il tasto CANC all'avvio del pc e poi selezionando la "modalità provvisoria")
fatta la scansione leggi QUI e scarica il programma e poi postaci un log del programma che ti chiede di installare, programma che trovi anche nella sezione "download" di questo sito! CMQ Leggi bene la guida e fai tutto passo passo!
dopo facci sapere se ancora ti vengono quelle finestrelle!

[GeF]

Grazie per i tuoi consigli LUPO21..allora, ho fatto la scansione in modalità provvisoria, poi ho scaricato quel programma (hijackthis) anke lui ha fatto la scansione ma nn posso eliminare ciò ke ha trovato xkè dovrei registrarmi..così mi sono limitata alla scansione e a segnare tutti i processi attivi, solo ke nn so quali devo eliminare e quali tenere...
io li incollo qui nella speranza ke qualcuno mi possa aiutare... anke mentre scrivo appaiono ste c***o di finestre!!!

Questi sono i processi:

AGRSMMSG.exe
alg,exe
avgnt.exe
avguard.exe
backWeb-8876480.exe
Ciclo idle del sistema
command.exe
csrss.exe
ctfmon.exe
E_S10IC2.EXE
eEBSvc.exe
explorer.exe
FxSvr2.exe
htpatch.exe
iexplore.exe
LogiTray.exe
Isass.exe
LVCOMSX.EXE
mdm.exe
netmon.exe
nvsvc32.exe
rundll32.exe
rundll32.exe
rundll32.exe
SAgent2.exe
sched.exe
sdhelp.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
System
taskmgr.exe
wdfmgr.exe
winlogon.exe

Grazie ancora un saluto a tutti...!

[dado]

Cambiato il titolo al topic.
Sposto in una sezione più adatta.

[hydra]

Mi sembra strano che tu di deva registrare per fixare le voci. Comunque quello che devi incollare qui è il log che fai con hijackthis. E comunque non è che quello che ti mostra sia tutto da cancellare, lui ti mostra cosa c'è nel tuo computer, sta a te poi decidere cosa tenere e cosa no.

[GeF]

mmmm...nn so se è giusto..x caso è questo??

VX2.Look2Me (Adware/Look2Me [Panda]
Trojan-Downloader.Win32.Agent.jt [Kaspersky])

Type: Adware
Downloader
Spyware
Trojan

Threat Level: High

Author: NicTech Networks

Description: VX2.Look2Me is a spyware program that monitors visited Web sites and submits the logged information to a server.
--------------------------
eXact Advertising

Threat Level: Elevated

Author: BullsEye Network

Description: eXact Advertising installs various other spyware applications such as CashBack and NaviSearch. These pieces of software deliver information to you in the form of advertisements and other content based on the URL's and/or search terms you enter when navigating the Internet. These advertisements and other notifications may be displayed on your computer screen at any time while you are online.
-----------------------------
Backdoor.Rbot.Gen

Type: Trojan
Backdoor
Worm

Threat Level: High

Description: Backdoor.Rbot.Gen is an IRC controlled backdoor (or "bot") that can be used to gain unauthorized access to a victim's machine. It can also exhibit worm-like functionality by exploiting weak passwords on network shares.
-----------------------
Bargain Buddy

Threat Level: High

Author: BullsEye Network

Description: Bargain Buddy consists of an IE Browser Helper Object, and a process set to run at startup. The BHO monitors web pages requested and terms entered into forms. If there is a match with a preset list of sites and keywords, an advertisement may be shown. The process can contact its maker's server to download updates to the list of advertisements and to the software itself.

-------------------------
Dollarrevenue

Type: Trojan

Threat Level: High

Description: Dollarrevenue is a trojan that attempts to communicate with a remote server to download malicious code.
-------------------------
ErrorSafeFree

Threat Level: Medium

Author: WinSoftware

Description: ErrorSafeFree is a rogue anti-spyware program which pretends to scan your computer and show severe system threats installed on it. After that it prompts you to buy this software.

---------------------------------------HotBar

Threat Level: Low

Description: Hotbar is a program which adds emoticons and images to your emails. It also includes desktop wallpapers, animations, ecards, a bundled weather tool and Shopper Reports. After agreeing to Hotbars Active X Agreement, the install cannot be cancelled unless
the window is terminated through task manager.
As a default, hotbar installs a search assistant toolbar not just in Internet Explorer but in general explorer browsing. It also includes Shopper Reports, a price comparison tool which produces advertisements of best deals on the net in a window pane
on the left side of IE. As well as this tool, hotbar also produces pop-up advertisements while you browse.
Users can pay for an add-free version, or pop-up ads can be disabled in the free version by clicking the "Hotbar" tool button, then "Preferences" then clear the checkbox for "Show Hotbar popup offers." You can also clear the checkbox for "Enable Hotbar keyword search in Internet Explorer addressbar".
Hotbar will collect your IP Address, date and time for each page you view, browser type and version, operating system, platform and URL's of websites you visit, which can include search terms you have entered into search engines.
If you use the Hotbar Shopper Reports on Shopping or Travel, move Hotbar to the Spyware Doctor Ignore List.

--------------------------------
I-Search Desktop Search Toolbar

Type: Toolbar

Threat Level: Elevated

Author: iSearch.com

Description: The I-Search Desktop Search Toolbar will place a search box on the bottom right hand corner of the desktop. It is usually bundled with other malware and will serve various pop-up advertisements.

-------------------------------ISTbar

Type: Trojan
Toolbar

Threat Level: High

Author: Integrated Search Technologies (IST)

Description: ISTbar is a Trojan downloader which will download additional malware components including but not limited to Internet Optimizer and Bargain Buddy. Servers which ISTbar will contact to download malware include: ysbweb.com, sidefind.com, download.bargain-buddy.net, slotch.com and more. In addition to being a Trojan it is also an Internet Explorer BHO installed as a toolbar.

---------------------
Maxifiles (Yuupsearch)

Type: Hijacker
Adware
Toolbar

Threat Level: High

Author: Freeprod.com

Description: Maxifiles adds a toolbar onto your task manager and creates pop-up advertisements.

------------------------------Network Monitor (Command [Webroot])

Type: Adware

Threat Level: High

Description: Network Monitor monitors your Internet browsing habits and displays pop-up advertisements.

-----------------------
TargetSavers

Threat Level: High

Author: TargetSavers.com

Description: TargetSavers displays pop-up advertisements. It is downloaded and installed by other adware.

-----------------------
WinFixer

Type: Adware

Threat Level: Elevated

Author: WinSoftware

Description: Winfixer is a registry cleaner which when it isn't installed, continually asks the user to download their software on every reboot even if the user says no. It is also installed along with various malware without the users permission.

----------------------
Common Components Unrelated

Threat Level: Medium

Description: These common components have files and keys that are in different threats but the threats are not related to one another in that the author of the signature is not the same. It is recommended that all these entries be removed.

--------------------------
YourSiteBar

Threat Level: High

Author: Integrated Search Technologies (IST)

Description: YourSiteBar is an Internet Explorer BHO installed as a toolbar from Integrated Search Technologies (IST). It allows affiliates to create a custom marketing-based toolbar which generates revenue per install on a users computer. YourSiteBar has been reported to install without your knowledge or consent by using several security exploits.

-----------------
Known Bad Sites

Threat Level: High

Description: Indicates that a known bad site may have hijacked. Adware, Spyware and Phishing sites may use the Windows hosts file to redirect your browser to a malicious site when you try to access a valid site such as your Bank.

--------------------
Tracking Cookie(s)

Threat Level: Medium

Description: A tracking cookie is any cookie that is shared among two or more unrelated sites for the purpose of tracking a user's browsing and/or gathering and/or sharing information which many users regard as "private" Definitions of "private" may differ. Some consider any code "private" if it uniquely identifies a user, even if it is not their name or email address. A typical tracking cookie might look like this: "1www.somedomainname.com/ 0 2719785088 29508922 2980377808 29496852 * " The encoded info in this cookie includes a unique UserID assigned by a web server; the cookie can be used to track a user as they visit other sites that accept this cookie.

----------------------
Advertising

Threat Level: Low

Description: Advertising companies store cookies on a user's computer to serve targeted ads based on the web surfers interests when visiting a website serving their ads.

------------------
Common Components for Claria

Threat Level: Elevated

Description: Claria, also known as Gator, is one of the biggest web marketing research companies. In exchange for their free software they bundle a program called Gain AdServer which provides you with targeted pop-up advertisements based on keywords it collects from websites while you browse. Claria's eWallet and Offer companion are bundled with every installation of Claria's products.

--------------------------
Affiliated with Browser Hijackers

Threat Level: Elevated

Description: These sites are affiliated with browser hijackers.


------------------------------------
CWS

Type: Hijacker
Trojan

Threat Level: High

Description: CWS is a trojan that hijacks Internet Explorer start and search settings to one of several different web sites. Most of these web sites appear to have an affiliate relationship with coolwebsearch.com in which coolwebsearch pays them for every visitor they refer. There could be other domains involved in the future.

---------------------Starware

Type: Adware

Threat Level: Low

Author: http://www.starware.com

Description: Starware is a toolbar which as a default is checked to change your default homepage, error pages, expand your search engines by providing related search terms and results and includes a travel search function. These extra functions cause the program to add an advertisment bar at bottom of your browser window and produce pop-up advertisements.

--------------------------
7AdPower (Dialer-226 [McAfee]
Trojan-Clicker.Win32.Adpower.N [Kaspersky]
Clicker.7.AQ [AVG]
TR/Click.Adpower.d [HBEDV]
Dialer.ASL [Panda])

Type: dialer

Threat Level: High

Author: R.S. RomanService di Ionel Sabadac

Description: 7AdPower is a dialer program that is used to access premium-rate services. It can automatically log on to 'http://www.7adpower.com/autentica.asp?login=' when an internet connection is available.

----------------------------------
Zestyfind (ADW_ZESTYFIND.A
Adware.Zestyfind
Adware.Winfavorites
Trojan.Win32.StartPage.ar)

Threat Level: Elevated

Author: NicTech Networks

Description: This is a Browser Help Object (BHO) toolbar that hijacks both your homepage and search page. It also monitors web sessions and displays pop-up advertisements.

-----------------------
AproposMedia (Envolo
PeopleOnPage)

Threat Level: Medium

Author: PeopleOnPage Inc.

Description: AproposMedia is the advert-showing part of the 'PeopleOnPage' program, an Internet Explorer sidebar which claims to SHOW a list of other users of the current site.

-----------------------
Trojan.Crypt.E (Trojan.Win32.Crypt.e)

Type: Trojan

Threat Level: High

Description: Trojan.Crypt.E is a trojan which downloads additional malicious software and also communicates with other systems in a network or across the Internet and may transmit information to 3rd parties.

----------------------------
Common Components for Trojans

Threat Level: Medium

Description: Common Components that may be used by Trojans Small, DRSN Search, Binet, Euniverse, Adrotator and Dloader among others.

-------------------------
SP2Update (Adware.SP2Update [Symantec])

Threat Level: High

Description: SP2Update collects URL's and search terms entered into Internet Explorer in order to produce targeted pop-up advertisements.

----------------------
123Search

Type: Adware

Threat Level: Low

Description: 123Search is a Browser Helper Object which produces pop-up advertisements and downloads additional potentially unwanted software from a remote server.


nn so..questo è il risultato, ma poi nn so eventualmente cm eliminarli..
SCUSATEMI davvero ma cm ho già detto nn me ne intendo molto e x questo ke vi kiedo aiuto!

Grazie 1000! ciao ciao

[Luke57]

Ciao, scusa ma scrivi con caratteri leggibili, ci cascano le cornee altrimenti
scarica Ewido, di sotto link e guida per uso:
http://www.alground.com/sicurezza/articolo.php?page=43
Al termine della sacnsione, posta un log di hijackthis. Apri il programma, clicchi su "do a system scan and save a log file", attendi l'elaborazione di u n testo in file di blocco note, copi il contenuto del blocco note e lo incolli in un post.

[GeF]

ok..promesso..scriverò a caratteri leggibili!

ho fatto quello ke mi hai detto...questo è il risultato..ora però ke faccio? Grazie ancora a tutti!


Logfile of HijackThis v1.99.1
Scan saved at 13.32.34, on 31/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\utente\IMPOST~1\Temp\Rar$EX00.625\HijackThis.exe
C:\Programmi\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/oggi/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copia 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P29 "EPSON Stylus CX3200 (Copia 1)" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by14fd.bay14.hotmail.msn.com/act ... Atchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{71DE297E-4AC4-4C29-BA19-D06FE2154827}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\enr8l19u1.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW5vbnltb3V6\command.exe (file missing)
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Luke57]

Ciao, devi fare ancora questo. Per prima cosa, metti l'eseguibile di hijackthis (.exe) in una cartella del disco fisso ad esso dedicata, tipo C\HJT, altrimenti se è in un file temporaneo come nel tuo caso il programma non esegue il backup delle voci rimosse.
Poi segui queste istruzioni ( di Fabrizius) in questo link, riguardo all’uso di L2mfix:
http://www.pc-facile.com/forum/viewtopi ... sc&start=0
Dopo le procedure suddette, apri hijack this , clicchi “do a system scan only”, cerchi e metti il segno di spunta alle seguenti voci:
R3 - URLSearchHook: {1A03F196-9617-4CA0-842B-A83CEECB022B} - - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\enr8l19u1.dll ( se c’è , ma L2mfix dovrebbe averlo eliminato)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YW5vbnltb3V6\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
Premi "fix checked"
Ti porti in
Start>esegui>sc delete cmdService ( lo copi nello spazio bianco)>OK
Se la voce 020 fosse stata presente cerchi anche ed elimini il file:
C:\WINDOWS\system32\enr8l19u1.dll
(dalla modalità provvisoria).
Posta poi un nuvo log di hijackthis.

[GeF]

Grazie davvero!!!!!! SEMBREREBBE ke le finestre nn ci siano più..ho fatto tutto cm mi hai suggerito e il risultato c'è!! (almeno x ora..nn per essere pessimisti ma nn mi sembra vero! )

cmq questo è il nuovo log di hijackthis...

grazie ancora!!!



Logfile of HijackThis v1.99.1
Scan saved at 16.09.24, on 31/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BackWeb-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://home.microsoft.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.virgilio.it/oggi/index.html
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet

Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -

C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck]

C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3200]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

/P19 "EPSON Stylus CX3200" /O5 "LPT1:" /M "Stylus CX3200"
O4 - HKLM\..\Run: [EPSON Stylus CX3200 (Copia 1)]

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

/P29 "EPSON Stylus CX3200 (Copia 1)" /O6 "USB001" /M "Stylus

CX3200"
O4 - HKLM\..\Run: [DSLSTATEXE]

C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair]

C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray]

C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition

Classic\avgnt.exe" /min
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN

Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate]

C:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File

comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: &Cerca con Google -

res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano -

res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel -

res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso -

res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili -

res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina -

res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O9 - Extra button: Organizzatore ricerche -

{9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File

comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F}

(InstallerBehaviorFactory Class) -

https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo

Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}

(MsnMessengerSetupDownloadControl Class) -

http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail

Attachments Control) -

http://by14fd.bay14.hotmail.msn.com/act ... Atchmt.ocx
O17 -

HKLM\System\CCS\Services\Tcpip\..\{71DE297E-4AC4-4C29-BA19-D06FE

2154827}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -

"C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\l2p2lc7o1f.dll

(file missing)
O20 - Winlogon Notify: ThemeManager -

C:\WINDOWS\system32\wmcdlg.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler

(AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition

Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) -

AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: EpsonBidirectionalService - Unknown owner -

C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) -

SEIKO EPSON CORPORATION - C:\Programmi\File

comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks -

C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -

C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel

32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe

[Luke57]

Ciao, sono contento, complimenti . Completa l'opera fissando con hijackthis queste due voci:
O20 - Winlogon Notify: Applets - C:\WINDOWS\system32\l2p2lc7o1f.dll
(file missing)
O20 - Winlogon Notify: ThemeManager -
C:\WINDOWS\system32\wmcdlg.dll (file missing)
Per ulteriore scrupolo cerca anche i due file relativi:
C:\WINDOWS\system32\l2p2lc7o1f.dll
C:\WINDOWS\system32\wmcdlg.dll
non ci dovrebbero essere. Se ci fossero, eliminali

[GeF]

ok..ho fatto come hai detto! ti ringrazio, nn sai quanto mi sei stato d'aiuto! grazie davvero! ciao ciao!