Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

errore durante il caricamento di xp aiutooooo

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

errore durante il caricamento di xp aiutooooo

Messaggioda giaguaro74 » mer ott 27, 2010 1:35 pm

ciao a tutti quando avvio il pc alla fine del caricamento mi appare la scritta " errore durante il caricamento di c:\windows\system32\fastRX.dll impossibile trovare il modulo specificato " come mai ???? come posso risolvere questo problema ????
Ho un altro problema, sul mio pc ho istallato norton antivirus 2005 con abbonamento scaduto, siccome nn lo voglio rinnovare ma ho istallato avast vorrei sapere come posso disistallare norton visto che in istallazioni applicazioni nn me lo disistalla e nn c'è da nessuna parte il file unistal, come faccioooooo ??????????
grazie a tutti
Avatar utente
giaguaro74
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer mar 12, 2008 10:26 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda FDAC » mer ott 27, 2010 1:46 pm

Senza dubbio sei infetto.
- Scarica ed installa Hijackthis dal link sottostante:
http://www.hijackthis.de/downloads/HJTInstall.exe
- lancia Hijackthis
- clicca su Do a system scan and save a logfile
- al termine della scansione verrà rilasciato un file di testo: salvalo sul Desktop perché lo dovrai inviare qui
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda giaguaro74 » mer ott 27, 2010 1:48 pm

ok provo subito grazie 1000
Avatar utente
giaguaro74
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer mar 12, 2008 10:26 pm


Re: errore durante il caricamento di xp aiutooooo

Messaggioda crazy.cat » mer ott 27, 2010 1:51 pm

giaguaro74 ha scritto:vorrei sapere come posso disistallare norton

Usa il norton removal tools
http://us.norton.com/support/kb/web_vie ... 10130643EN
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: errore durante il caricamento di xp aiutooooo

Messaggioda FDAC » mer ott 27, 2010 1:52 pm

Si crazy, hai certamente Ragione.
Forse pero', prima, è meglio rimuovere l'infezione :)
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda giaguaro74 » mer ott 27, 2010 2:14 pm

ho gia tolto norton come consigliato da crazy ed è sparito finalmente poi ho fatto la scansione e questo è il risultato:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.20.49, on 27/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
C:\Apps\Powercinema\PCMService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SEC\MagicTune 2.5\GammaTray.exe
C:\Programmi\SEC\Natural Color\NaturalColorLoad.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Windows Privacy Tools\WinPT\WinPT.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Universal Shield 4.1\US30Service.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Chiavetta Internet\Chiavetta Internet.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Programmi\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\RunOnce: [HbTools] cmd /c "rmdir "C:\Programmi\HbTools" /s /q"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAntiVirusPro2006] C:\Programmi\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinPT.lnk = C:\Programmi\Windows Privacy Tools\WinPT\WinPT.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save with Download Manager... - C:\Programmi\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.linkautomatici.com
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: http://www.redfunny.com
O15 - Trusted Zone: http://www.superspots.biz
O15 - Trusted Zone: http://www.yeak.net
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 664_it.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.otherchance.com/dialers/155/AUTO_155N.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: US30Service - Unknown owner - C:\Programmi\Universal Shield 4.1\US30Service.exe

--
End of file - 9704 bytes
Avatar utente
giaguaro74
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer mar 12, 2008 10:26 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda FDAC » mer ott 27, 2010 2:23 pm

Segui queste indicazioni alla lettera:

Rilancia Hijackthis:
- Do a System Scan Only
- spunta la casellina fianco di ogni singola voce che ti indicherò sotto
- una volta spuntate le voci:
- chiudi tutte le applicazioni aperte
- chiudi tutte le pagine del browser aperte
- in Hijackthis fixa le voci cliccando su Fix checked

Queste le voci da fixare:
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Programmi\p2pnetworks\mpp2pl.exe" /H
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kpx] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\fastRX.dll DllInitApp
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\RunOnce: [HbTools] cmd /c "rmdir "C:\Programmi\HbTools" /s /q"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Programmi\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinAntiVirusPro2006] C:\Programmi\WinAntiVirus Pro 2006\winav.exe /min
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: WinPT.lnk = C:\Programmi\Windows Privacy Tools\WinPT\WinPT.exe
O4 - Global Startup: Color Calibration.lnk = ?
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O12 - Plugin for .pdf: C:\Programmi\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 664_it.exe
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://www.otherchance.com/dialers/155/AUTO_155N.exe

POI

Per ripristinare la Trusted Zone scarica DelDomains e salvalo sul Desktop.
http://www.mvps.org/winhelp2002/DelDomains.inf
- Click con tasto destro del mouse e scegli Installa

POI

Scarica questo file:
http://www.mvps.org/winhelp2002/hosts.zip
- Disconnetti il PC da Internet
- Estrai sul desktop dal file Zip solo il file Hosts
- Selezionalo, tasto destro del mouse, Copia, poi apri la cartella C:\Windows\System32\drivers\etc\ in un punto libero fai Incolla
- Accetta la sostituzione del file Hosts esistente, potrebbe darti errori, non preoccuparti
- Riavvia il PC

Scarica ed installa MalwareBytes:
http://www.aiutamici.com/software?id=80346
Prima di fare la scansione aggiornalo -clicca su Aggiornamento in alto-
Esegui una scansione completa del sistema.
Elimina tutto ciò che trova.
Invia il log.

Al termine, aspetto Due Logs:
- Malwarebytes
- Hijackthis

Ciao :)
Avatar utente
FDAC
Rompiballe
Rompiballe
 
Messaggi: 750
Iscritto il: dom set 05, 2010 1:00 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda giaguaro74 » mar nov 02, 2010 8:41 pm

ciao ragazzi scusate x il ritardo nella risposta, ho fatto tutto quello che mi avete consigliato ed ho risolto tutti i problemi che avevo descritto grazie 1000000000 adesso allego i 2 file log poi fatemi sapere se è tutto ok.
Avrei un'altra domanda da fare: in questo pc ho 3 account utente ma ormai nn mi servono più quindi vorrei sapere qual è il modo migliore per poter passare tutto ciò che c'è nei 2 account utente in quello principale cioè l'amministratore di sistema ???
Grazie 10000 allego i 2 log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Versione database: 4964

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/11/2010 20.18.52
mbam-log-2010-11-02 (20-18-52).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 351619
Tempo trascorso: 1 ore, 30 minuti, 4 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 2
Voci infette nei dati di registro: 2
Cartelle infette: 27
File infetti: 54

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.exe (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\pbitv2.pbitv2 (Adware.PowerSearch) -> No action taken.
HKEY_CLASSES_ROOT\fastrx.fastrx (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\FastRX.IconRX (Adware.EnrgyPlus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> No action taken.
HKEY_CLASSES_ROOT\fastrx.fastrx.1 (Adware.EnrgyPlus) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-eb65b685fa7d} (Adware.PowerSearch) -> No action taken.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\dynamic toolbar\PBITV2 (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\skins (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\Guest\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WebMediaPlayer\updates (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar (Adware.2020search) -> No action taken.
C:\Documents and Settings\Mamma\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\File comuni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\Cache (Adware.2020search) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Mamma\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WebMediaPlayer\resources (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\Guest\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Programmi\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Programmi\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\WebMediaPlayer (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.

File infetti:
C:\Programmi\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\Thumbs.db (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006\history.db (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\ErrorLog.txt (Adware.2020search) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\PBITV2TB0200.cfg (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\pbitv2tb0200.cfg (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006\update.log (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\style.css (Adware.2020search) -> No action taken.






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.23.45, on 02/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Universal Shield 4.1\US30Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save with Download Manager... - C:\Programmi\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: US30Service - Unknown owner - C:\Programmi\Universal Shield 4.1\US30Service.exe

--
End of file - 5465 bytes
Avatar utente
giaguaro74
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer mar 12, 2008 10:26 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda giaguaro74 » mar nov 02, 2010 11:35 pm

[quote="giaguaro74"]ciao ragazzi scusate x il ritardo nella risposta, ho fatto tutto quello che mi avete consigliato ed ho risolto tutti i problemi che avevo descritto grazie 1000000000 adesso allego i 2 file log poi fatemi sapere se è tutto ok.
Avrei un'altra domanda da fare: in questo pc ho 3 account utente ma ormai non mi servono più quindi vorrei sapere qual è il modo migliore per poter passare tutto ciò che c'è nei 2 account utente in quello principale cioè l'amministratore di sistema ???
Grazie 10000 allego i 2 log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.23.45, on 02/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast5\avastUI.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Universal Shield 4.1\US30Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [avast5] "C:\Programmi\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save with Download Manager... - C:\Programmi\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Programmi\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: US30Service - Unknown owner - C:\Programmi\Universal Shield 4.1\US30Service.exe

--
End of file - 5465 bytes

Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Versione database: 4964

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/11/2010 20.18.52
mbam-log-2010-11-02 (20-18-52).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 351619
Tempo trascorso: 1 ore, 30 minuti, 4 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 10
Valori di registro infetti: 2
Voci infette nei dati di registro: 2
Cartelle infette: 27
File infetti: 54

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\hbtinstie.hbinstobj.1 (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\WeatherOnTray.exe (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{0507fdde-f3b7-49f5-9e8f-c557e991f39b} (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{7e66936c-fea0-4984-ad26-7b6661ac5b2e} (Adware.Hotbar) -> No action taken.
HKEY_CLASSES_ROOT\pbitv2.pbitv2 (Adware.PowerSearch) -> No action taken.
HKEY_CLASSES_ROOT\fastrx.fastrx (Adware.EnrgyPlus) -> No action taken.
HKEY_CLASSES_ROOT\FastRX.IconRX (Adware.EnrgyPlus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\winantivirus pro 2006 (Rogue.WinAntiVirus) -> No action taken.
HKEY_CLASSES_ROOT\fastrx.fastrx.1 (Adware.EnrgyPlus) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager\bootstera (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-eb65b685fa7d} (Adware.PowerSearch) -> No action taken.

Voci infette nei dati di registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\Programmi\dynamic toolbar\PBITV2 (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\skins (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\Guest\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WebMediaPlayer\updates (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar (Adware.2020search) -> No action taken.
C:\Documents and Settings\Mamma\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\File comuni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\Cache (Adware.2020search) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Documents and Settings\Mamma\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\WebMediaPlayer\resources (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\Guest\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Programmi\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Programmi\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\bar\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\WinAntiVirus Pro 2006 (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt\2.bin (Adware.MyWebSearch) -> No action taken.
C:\Programmi\WebMediaPlayer (Adware.EGDAccess) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\MyWebSearch\SrchAstt (Adware.MyWebSearch) -> No action taken.

File infetti:
C:\Programmi\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\Thumbs.db (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006\history.db (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\ErrorLog.txt (Adware.2020search) -> No action taken.
C:\WINDOWS\system32\f3PSSavr.scr (Adware.MyWebSearch) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Documents and Settings\All Users\Dati applicazioni\WinAntiVirus Pro 2006\AVScheduler.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006\PGE.dat (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\PBITV2TB0200.cfg (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\pbitv2tb0200.cfg (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\resources\wmp_translation_file.xml (Adware.EGDAccess) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WinAntiVirus Pro 2006\update.log (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Programmi\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\system32\stera.job (Rogue.WinAntiVirus) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Programmi\dynamic toolbar\PBITV2\Cache\style.css (Adware.2020search) -> No action taken.
Avatar utente
giaguaro74
Aficionado
Aficionado
 
Messaggi: 61
Iscritto il: mer mar 12, 2008 10:26 pm

Re: errore durante il caricamento di xp aiutooooo

Messaggioda Uomo_Senza_Sonno » mar nov 02, 2010 11:46 pm

giaguaro74 ha scritto:C:\Documents and Settings\AMBS\Dati applicazioni\WinAntiVirus Pro 2006\Logs (Rogue.WinAntiVirus) -> No action taken.

La scansione ha evidenziato i files infetti, ma sembra che non li abbia rimossi. In questo caso, dovresti ripetere la scansione ed eliminare tutto quello che ti chiede di rimuovere. A lavoro finito, verrà creato un nuovo log, che dovrai postare. In più aggiorna HiJackThis, esegui una nuova scansione e posta il nuovo log.
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Bing [Bot] e 1 ospite

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising