il file vxdsrv.exe mi blocca il pc [era: help me vi prego:-(]

**bini** · 12-10-2004, 10:16

ragazzi ho un grosso problema....mi parte di default un applicazione
vxdsrv.exe...neanche disattivando da msconfig....al riavvio mi trovo la mia voce vxdsrv.exe disattivata ma se ne creata un altra attiva:-(
hoprovato avg adware e cleaner e searche destroy..adware mi trova qualcosa che tolgo ma dopo un riavvio risalta fuori tutto come prima...norton non mi si installa e stessa cosa per zone allarm...e qualche worm o virus del cavolo vero?aiutatemi non riesco a usare il pc.....quando l'applicazione vxdsrv e attiva...lo vedo dal task manager non si aprono neacnhe le finestre e non parte nessuna apllicazione se la termino qualcosa comincia a funzionare...ma non tutto ...che faccio...consigli prima del format=?

grazie mille

**amvinfe** · 12-10-2004, 10:46

scarica HijackThis è in Rilievo -links utili- , trovi anche un tutorial.
Posta un log di HijackThis

la prossima volta usa titoli memo generici

**bini** · 12-10-2004, 11:17

perdonami per il titolo vago:ecco il log:
Logfile of HijackThis v1.98.2
Scan saved at 11.16.17, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
E:\programmi\WinOverBoost\wob2.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\marco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=Explorer.exe,vxdsrv.exe -shell
O1 - Hosts: 127.229.96.210 www.mcafee.com
O1 - Hosts: 127.103.74.248 mcafee.com
O1 - Hosts: 127.54.181.198 us.mcafee.com
O1 - Hosts: 127.206.97.118 www.sophos.com
O1 - Hosts: 127.192.163.105 sophos.com
O1 - Hosts: 127.207.202.58 www.viruslist.com
O1 - Hosts: 127.85.236.151 viruslist.com
O1 - Hosts: 127.95.108.144 f-secure.com
O1 - Hosts: 127.250.111.98 www.f-secure.com
O1 - Hosts: 127.84.42.115 kaspersky.com
O1 - Hosts: 127.135.119.216 www.avp.com
O1 - Hosts: 127.135.86.62 www.kaspersky.com
O1 - Hosts: 127.168.55.251 avp.com
O1 - Hosts: 127.136.244.24 www.networkassociates.com
O1 - Hosts: 127.78.209.70 networkassociates.com
O1 - Hosts: 127.157.146.41 www.ca.com
O1 - Hosts: 127.187.123.26 ca.com
O1 - Hosts: 127.57.158.254 my-etrust.com
O1 - Hosts: 127.156.164.226 www.my-etrust.com
O1 - Hosts: 127.62.124.172 secure.nai.com
O1 - Hosts: 127.248.31.216 nai.com
O1 - Hosts: 127.147.212.144 www.nai.com
O1 - Hosts: 127.222.197.161 trendmicro.com
O1 - Hosts: 127.7.197.180 www.trendmicro.com
O1 - Hosts: 127.23.11.76 housecall.trendmicro.com
O1 - Hosts: 127.116.7.78 www.pandasoftware.com
O1 - Hosts: 127.70.117.82 www.bitdefender.com
O1 - Hosts: 127.147.31.211 www.ravantivirus.com
O1 - Hosts: 127.57.3.156 www3.ca.com
O1 - Hosts: 127.15.53.136 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.93.214.207 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.179.42.165 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.143.199.65 windowsupdate.microsoft.com
O1 - Hosts: 127.196.250.92 www.windowsupdate.com
O1 - Hosts: 127.199.171.103 windowsupdate.com
O1 - Hosts: 127.78.188.109 www.mcafee.com
O1 - Hosts: 127.224.191.71 mcafee.com
O1 - Hosts: 127.60.29.213 us.mcafee.com
O1 - Hosts: 127.81.1.167 www.sophos.com
O1 - Hosts: 127.245.34.186 sophos.com
O1 - Hosts: 127.85.17.138 www.viruslist.com
O1 - Hosts: 127.34.24.240 viruslist.com
O1 - Hosts: 127.136.117.48 f-secure.com
O1 - Hosts: 127.170.193.24 www.f-secure.com
O1 - Hosts: 127.167.238.117 kaspersky.com
O1 - Hosts: 127.50.161.255 www.avp.com
O1 - Hosts: 127.68.15.202 www.kaspersky.com
O1 - Hosts: 127.203.73.8 avp.com
O1 - Hosts: 127.180.113.163 www.networkassociates.com
O1 - Hosts: 127.205.229.213 networkassociates.com
O1 - Hosts: 127.34.42.124 www.ca.com
O1 - Hosts: 127.4.167.159 ca.com
O1 - Hosts: 127.200.145.190 my-etrust.com
O1 - Hosts: 127.184.245.255 www.my-etrust.com
O1 - Hosts: 127.182.122.47 secure.nai.com
O1 - Hosts: 127.64.93.24 nai.com
O1 - Hosts: 127.187.107.181 www.nai.com
O1 - Hosts: 127.30.188.104 trendmicro.com
O1 - Hosts: 127.65.121.139 www.trendmicro.com
O1 - Hosts: 127.210.30.157 housecall.trendmicro.com
O1 - Hosts: 127.71.208.62 www.pandasoftware.com
O1 - Hosts: 127.229.61.73 www.bitdefender.com
O1 - Hosts: 127.178.19.17 www.ravantivirus.com
O1 - Hosts: 127.228.173.81 www3.ca.com
O1 - Hosts: 127.174.17.142 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.54.17.86 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.224.143.121 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.30.246.160 windowsupdate.microsoft.com
O1 - Hosts: 127.140.10.87 www.windowsupdate.com
O1 - Hosts: 127.71.32.39 windowsupdate.com
O1 - Hosts: 127.8.40.141 www.mcafee.com
O1 - Hosts: 127.172.37.5 mcafee.com
O1 - Hosts: 127.31.226.209 us.mcafee.com
O1 - Hosts: 127.212.160.71 www.sophos.com
O1 - Hosts: 127.147.52.110 sophos.com
O1 - Hosts: 127.131.186.17 www.viruslist.com
O1 - Hosts: 127.77.71.73 viruslist.com
O1 - Hosts: 127.141.236.107 f-secure.com
O1 - Hosts: 127.110.225.48 www.f-secure.com
O1 - Hosts: 127.105.145.154 kaspersky.com
O1 - Hosts: 127.104.52.18 www.avp.com
O1 - Hosts: 127.236.47.45 www.kaspersky.com
O1 - Hosts: 127.49.76.91 avp.com
O1 - Hosts: 127.116.222.9 www.networkassociates.com
O1 - Hosts: 127.158.194.224 networkassociates.com
O1 - Hosts: 127.176.229.179 www.ca.com
O1 - Hosts: 127.137.138.32 ca.com
O1 - Hosts: 127.68.165.130 my-etrust.com
O1 - Hosts: 127.82.243.193 www.my-etrust.com
O1 - Hosts: 127.249.104.133 secure.nai.com
O1 - Hosts: 127.203.38.141 nai.com
O1 - Hosts: 127.64.170.63 www.nai.com
O1 - Hosts: 127.199.214.106 trendmicro.com
O1 - Hosts: 127.40.253.135 www.trendmicro.com
O1 - Hosts: 127.182.218.244 housecall.trendmicro.com
O1 - Hosts: 127.24.152.45 www.pandasoftware.com
O1 - Hosts: 127.16.225.198 www.bitdefender.com
O1 - Hosts: 127.245.34.52 www.ravantivirus.com
O1 - Hosts: 127.135.140.152 www3.ca.com
O1 - Hosts: 127.118.111.196 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.54.138.187 v5.windowsupdate.microsoft.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinOverBoost] E:\programmi\WinOverBoost\wob2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SystemMonitor16] vxdsrv.exe -services
O4 - HKLM\..\RunServices: [SystemMonitor16] vxdsrv.exe -services
O4 - HKCU\..\Run: [SystemMonitor16] vxdsrv.exe -drivers
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096451348187
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{845C5297-9A8B-41BE-8B94-855FEB4B48EE}: NameServer = 130.244.127.161 130.244.127.169
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll

**bini** · 12-10-2004, 11:31

non riesco ad aprire le pagine degli antivirus on line

la navigazione risulta lenta....a volte mi chiude internet explorer da solo....mi puzza propio di virus:-)

**amvinfe** · 12-10-2004, 11:42

eh, non sei messo granchè bene

riavvia in modalità provvisoria (!) fai lo scan con HJT e metti la spunta al fianco dei valori, clicca su Fix checked

F2 - REG:system.ini: Shell=Explorer.exe,vxdsrv.exe -shell
O1 - Hosts: 127.229.96.210 www.mcafee.com
O1 - Hosts: 127.103.74.248 mcafee.com
O1 - Hosts: 127.54.181.198 us.mcafee.com
O1 - Hosts: 127.206.97.118 www.sophos.com
O1 - Hosts: 127.192.163.105 sophos.com
O1 - Hosts: 127.207.202.58 www.viruslist.com
O1 - Hosts: 127.85.236.151 viruslist.com
O1 - Hosts: 127.95.108.144 f-secure.com
O1 - Hosts: 127.250.111.98 www.f-secure.com
O1 - Hosts: 127.84.42.115 kaspersky.com
O1 - Hosts: 127.135.119.216 www.avp.com
O1 - Hosts: 127.135.86.62 www.kaspersky.com
O1 - Hosts: 127.168.55.251 avp.com
O1 - Hosts: 127.136.244.24 www.networkassociates.com
O1 - Hosts: 127.78.209.70 networkassociates.com
O1 - Hosts: 127.157.146.41 www.ca.com
O1 - Hosts: 127.187.123.26 ca.com
O1 - Hosts: 127.57.158.254 my-etrust.com
O1 - Hosts: 127.156.164.226 www.my-etrust.com
O1 - Hosts: 127.62.124.172 secure.nai.com
O1 - Hosts: 127.248.31.216 nai.com
O1 - Hosts: 127.147.212.144 www.nai.com
O1 - Hosts: 127.222.197.161 trendmicro.com
O1 - Hosts: 127.7.197.180 www.trendmicro.com
O1 - Hosts: 127.23.11.76 housecall.trendmicro.com
O1 - Hosts: 127.116.7.78 www.pandasoftware.com
O1 - Hosts: 127.70.117.82 www.bitdefender.com
O1 - Hosts: 127.147.31.211 www.ravantivirus.com
O1 - Hosts: 127.57.3.156 www3.ca.com
O1 - Hosts: 127.15.53.136 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.93.214.207 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.179.42.165 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.143.199.65 windowsupdate.microsoft.com
O1 - Hosts: 127.196.250.92 www.windowsupdate.com
O1 - Hosts: 127.199.171.103 windowsupdate.com
O1 - Hosts: 127.78.188.109 www.mcafee.com
O1 - Hosts: 127.224.191.71 mcafee.com
O1 - Hosts: 127.60.29.213 us.mcafee.com
O1 - Hosts: 127.81.1.167 www.sophos.com
O1 - Hosts: 127.245.34.186 sophos.com
O1 - Hosts: 127.85.17.138 www.viruslist.com
O1 - Hosts: 127.34.24.240 viruslist.com
O1 - Hosts: 127.136.117.48 f-secure.com
O1 - Hosts: 127.170.193.24 www.f-secure.com
O1 - Hosts: 127.167.238.117 kaspersky.com
O1 - Hosts: 127.50.161.255 www.avp.com
O1 - Hosts: 127.68.15.202 www.kaspersky.com
O1 - Hosts: 127.203.73.8 avp.com
O1 - Hosts: 127.180.113.163 www.networkassociates.com
O1 - Hosts: 127.205.229.213 networkassociates.com
O1 - Hosts: 127.34.42.124 www.ca.com
O1 - Hosts: 127.4.167.159 ca.com
O1 - Hosts: 127.200.145.190 my-etrust.com
O1 - Hosts: 127.184.245.255 www.my-etrust.com
O1 - Hosts: 127.182.122.47 secure.nai.com
O1 - Hosts: 127.64.93.24 nai.com
O1 - Hosts: 127.187.107.181 www.nai.com
O1 - Hosts: 127.30.188.104 trendmicro.com
O1 - Hosts: 127.65.121.139 www.trendmicro.com
O1 - Hosts: 127.210.30.157 housecall.trendmicro.com
O1 - Hosts: 127.71.208.62 www.pandasoftware.com
O1 - Hosts: 127.229.61.73 www.bitdefender.com
O1 - Hosts: 127.178.19.17 www.ravantivirus.com
O1 - Hosts: 127.228.173.81 www3.ca.com
O1 - Hosts: 127.174.17.142 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.54.17.86 v5.windowsupdate.microsoft.com
O1 - Hosts: 127.224.143.121 v5windowsupdate.microsoft.nsatc.net
O1 - Hosts: 127.30.246.160 windowsupdate.microsoft.com
O1 - Hosts: 127.140.10.87 www.windowsupdate.com
O1 - Hosts: 127.71.32.39 windowsupdate.com
O1 - Hosts: 127.8.40.141 www.mcafee.com
O1 - Hosts: 127.172.37.5 mcafee.com
O1 - Hosts: 127.31.226.209 us.mcafee.com
O1 - Hosts: 127.212.160.71 www.sophos.com
O1 - Hosts: 127.147.52.110 sophos.com
O1 - Hosts: 127.131.186.17 www.viruslist.com
O1 - Hosts: 127.77.71.73 viruslist.com
O1 - Hosts: 127.141.236.107 f-secure.com
O1 - Hosts: 127.110.225.48 www.f-secure.com
O1 - Hosts: 127.105.145.154 kaspersky.com
O1 - Hosts: 127.104.52.18 www.avp.com
O1 - Hosts: 127.236.47.45 www.kaspersky.com
O1 - Hosts: 127.49.76.91 avp.com
O1 - Hosts: 127.116.222.9 www.networkassociates.com
O1 - Hosts: 127.158.194.224 networkassociates.com
O1 - Hosts: 127.176.229.179 www.ca.com
O1 - Hosts: 127.137.138.32 ca.com
O1 - Hosts: 127.68.165.130 my-etrust.com
O1 - Hosts: 127.82.243.193 www.my-etrust.com
O1 - Hosts: 127.249.104.133 secure.nai.com
O1 - Hosts: 127.203.38.141 nai.com
O1 - Hosts: 127.64.170.63 www.nai.com
O1 - Hosts: 127.199.214.106 trendmicro.com
O1 - Hosts: 127.40.253.135 www.trendmicro.com
O1 - Hosts: 127.182.218.244 housecall.trendmicro.com
O1 - Hosts: 127.24.152.45 www.pandasoftware.com
O1 - Hosts: 127.16.225.198 www.bitdefender.com
O1 - Hosts: 127.245.34.52 www.ravantivirus.com
O1 - Hosts: 127.135.140.152 www3.ca.com
O1 - Hosts: 127.118.111.196 v4.windowsupdate.microsoft.com
O1 - Hosts: 127.54.138.187 v5.windowsupdate.microsoft.com
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O4 - HKLM\..\Run: [SystemMonitor16] vxdsrv.exe -services
O4 - HKLM\..\RunServices: [SystemMonitor16] vxdsrv.exe -services
O4 - HKCU\..\Run: [SystemMonitor16] vxdsrv.exe -drivers
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

sempre dalla provvisoria elimina

vxdsrv.exe

Riavvia, collegati a questo sito e fai una scansione online

http://housecall.trendmicro.com/hous...start_corp.asp

finita la scansione riavvia e posta un nuovo log di HJT

**amvinfe** · 12-10-2004, 12:01

IMPORATANTE

Dimenticavo, ricordati che quando usi HijackThis, l'unico programma aperto dev'essere proprio HijackThis, quindi un consiglio, stampati o segnati i valori da rimuovere. Se il programma viene usato con altri programmi aperti o con finestre di IE aperte i valori potrebbero non essere rimossi correttamente.

Altra cosa importante.
Prima di tutte le operazioni, metti HijackThis all'interno di una nuova cartella, solo così verranno creati files di backup che potrebbero tornarti utili se qualcosa non va come dovrebbe

**bini** · 12-10-2004, 12:33

grazie mille..il pc sembra andare un po meglio..ma il firewall di windows non si attiva..e il norton non si installa..ora il link che mi hai dato funge..scansione in corso....
per quanto riguarda il log ora e questo:
Logfile of HijackThis v1.98.2
Scan saved at 12.31.14, on 12/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
E:\programmi\WinOverBoost\wob2.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\Internet Explorer\iexplore.exe
E:\programmi\D-Tools\daemon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\marco\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinOverBoost] E:\programmi\WinOverBoost\wob2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [zSPGuard] c:\programmi\pjw\spguard\spguard.exe /s
O4 - HKLM\..\Run: [SystemMonitor16] vxdsrv.exe -services
O4 - HKCU\..\Run: [SystemMonitor16] vxdsrv.exe -drivers
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://E:\PROGRA~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\Microsoft Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1096451348187
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{845C5297-9A8B-41BE-8B94-855FEB4B48EE}: NameServer = 130.244.127.161 130.244.127.169
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll

**bini** · 12-10-2004, 12:49

la scansione e andata a buon fine...tutto ok..risolto anche il problema del norton ...resta il problema del firewall che non si attiva....o meglio dice di essere attivo mA poi sulla connessione in realta non funge:-(anzi mi da problemi sulla navigazione...
non si installa neanche zone allarm 5 dice "sul sistema sono attive restrizioni contattare l'amministratore"??????
intanto scansione con norton 2005 completamente aggiornato
beccato!!!!!!!!!!!!!
bloodhound.exploit.6
messo in quarantena con norton ora lo elimino del tutto

**amvinfe** · 12-10-2004, 21:36

dalla provvisoria elimina

O4 - HKLM\..\Run: [SystemMonitor16] vxdsrv.exe -services
O4 - HKCU\..\Run: [SystemMonitor16] vxdsrv.exe -drivers

controlla in files e cartelle che non ci sia ancora il file vxdsrv.exe nel caso lo elimini.
fai la scansione del file
C:\WINDOWS\system32\oodag.exe
a questo URL
http://www.kaspersky.com/scanforvirus
nel caso di responso positivo lo elimini dalla provvisoria.

Discussione: il file vxdsrv.exe mi blocca il pc [era: help me vi prego:-(]

Strumenti discussione

Ricerca discussione

Visualizza

help me vi prego:-(

scusa per il titolo

altri indizzi

grazie per il tuo aiuto

scansione ok

Permessi di invio