ant0nella

Utenti
  • Numero contenuti

    4
  • Iscritto

  • Ultima visita

Su ant0nella

  • Livello
    Iniziato
  1. Ciao. Explorer non mi da la possibilita' di riattivare i componenti aggiuntivi. Inoltre,ogni volta che lo apro mi tira fuori una quantita' di banner pubblicitari. Premetto che ho una versione originale, quindi convalidata. Ho riformattato qualche giorno fa, prima non mi dava nessun problema. Posto il logfile di hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15.51.49, on 27/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\MSN Messenger\usnsvc.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Documents and Settings\antonella\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188165496968 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe -- End of file - 3927 bytes Spero che qualcuno possa aiutarmi, non vorrei essere costretta a formattare di nuovo.... Grazie! antonella P.S.: provo a buttarci dentro anche il rapporto di ClamAV... non si sa mai Scan Started Mon Aug 27 12:00:50 2007 WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ant0nella@yahoo.it\SharingMetadata\Working\database_30B4_EB1_B40E_799C\dfsr.db, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ant0nella@yahoo.it\SharingMetadata\Working\database_30B4_EB1_B40E_799C\tmp.edb, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF327F.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF4687.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF8B24.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF8B35.tmp, Permission denied WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 148735 Engine version: 0.91.2 Scanned directories: 3429 Scanned files: 27341 Skipped non-executable files: 125 Infected files: 0 Data scanned: 6047.63 MB
  2. Grazie mille! Ci provo subito..
  3. Ciao. Explorer non mi da la possibilita' di riattivare i componenti aggiuntivi. Inoltre,ogni volta che lo apro mi tira fuori una quantita' di banner pubblicitari. Premetto che ho una versione originale, quindi convalidata. Ho riformattato qualche giorno fa, prima non mi dava nessun problema. Posto il logfile di hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10.33.23, on 27/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\WinZip\WZQKPICK.EXE C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\iTunes\iTunes.exe C:\Programmi\Internet Explorer\iexplore.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\antonella\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [memo site kind that] C:\Documents and Settings\All Users\Dati applicazioni\Grid Blue Memo Site\BOOK GPL.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [VGATIME] C:\DOCUME~1\ANTONE~1\DATIAP~1\ISOTIC~1\mapibags.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1188165496968 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe -- End of file - 4929 bytes Spero che qualcuno possa aiutarmi, non vorrei essere costretta a formattare di nuovo.... Grazie! antonella P.S.: provo a buttarci dentro anche il rapporto di ClamAV... non si sa mai Scan Started Mon Aug 27 12:00:50 2007 WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ant0nella@yahoo.it\SharingMetadata\Working\database_30B4_EB1_B40E_799C\dfsr.db, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\ant0nella@yahoo.it\SharingMetadata\Working\database_30B4_EB1_B40E_799C\tmp.edb, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF327F.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF4687.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF8B24.tmp, Permission denied WARNING: Can't open file \\?\C:\Documents and Settings\antonella\Impostazioni locali\Temp\~DF8B35.tmp, Permission denied WARNING: Can't open file \\?\C:\pagefile.sys, Permission denied WARNING: Can't open file \\?\C:\WINDOWS\system32\CatRoot2\tmp.edb, Permission denied ----------- SCAN SUMMARY ----------- Known viruses: 148735 Engine version: 0.91.2 Scanned directories: 3429 Scanned files: 27341 Skipped non-executable files: 125 Infected files: 0 Data scanned: 6047.63 MB Time: 8990.422 sec (149 m 50 s) -------------------------------------- Completed