Problema con internet explorer

**Squall_Leonhart** · 11-09-2006, 17:44

Salve a tutti

non so se posto nella sezione giusta visto che non conosco proprio la natura del problema.

in casa ho due pc e su uno (windows2000) non mi fa più accedere ad internet, cioè quando apro una pagina web mi dice 'impossibile visualizzare'. All'avvio del comp mi da due avvisi che tuttavia non riesco a capire:
-cannot find the file '0f0i4f2.exe' (or one of its components). Make sure the path and filename are correct and that all required libraries are available
-could not load or run '0f0i4f2.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry
tutto ciò è successo dopo aver usato il CCcleaner ma non so se dipende davvero da questo o da altri fattori.
Grazie a tutti in anticipo ^^

**Squall_Leonhart** · 12-09-2006, 16:43

possibile che nessuno sappia aiutarmi?

**LUCASS** · 12-09-2006, 17:35

Ciao,non risulta essere un file di sistema
Apri C:\ clicca con il destro del mouse seleziona nuovo>cartella(Chiamala Hijackthis)
Adesso decomprimi questo file in C:\Hijackthis
http://download.hijackthis.eu/hijackthis_199.zip
Apri la cartella,esegui l'eseguibile,clicca sul primo pulsante,attendi pochi secondi,si apre il block notes,chiudilo,nella cartella trovi il file Hijackthis.log,aprilo,copia e incolla il contenuto nella tua risposta

Ciao

**Squall_Leonhart** · 28-09-2006, 22:58

questo è quello ke mi trova:

Logfile of HijackThis v1.99.1
Scan saved at 8:04:08 PM, on 9/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.exe
C:\WINNT\WINLOGON.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\msncomm.exe
C:\WINNT\msncomm.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mikhail\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe 1
F3 - REG:win.ini: load=C:\WINNT\system32\0f0i4f2.exe
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\WINNT\ system32\internst.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINNT\0f0o4f20.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ImMsn] C:\WINNT\msncomm.exe /i
O4 - HKLM\..\Run: [VolControl] C:\WINNT\volumec.exe -i
O4 - HKLM\..\Run: [intranet] C:\WINNT\system32\intranet.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Torjan Program] C:\WINNT\WINLOGON.EXE
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINNT\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\wsd_sock32.dll' missing
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://squally1.spaces.msn.com//Phot...d/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/instal...sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

**LUCASS** · 29-09-2006, 19:17

Ciao,qui bisogna procedere per gradi.

Avvia Hijakcthis
Clicca sul pulsante Do a system scan only
Metti i flags affianco alle caselle che corrispondono alle stringhe che ti metto sotto:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minisearch.startnow.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minisearch.startnow.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minisearch.startnow.com

R3 - Default URLSearchHook is missing

F2 - REG:system.ini: Shell=Explorer.exe 1

F3 - REG:win.ini: load=C:\WINNT\system32\0f0i4f2.exe

F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,,C:\WINNT\ system32\internst.exe

O2 - BHO: (no name) - {35E78239-811E-4c3f-B37D-F339AC16C2C0} - (no file)

O2 - BHO: BHelper Class - {F2E37336-BFDB-409B-8D0E-6F013C438B20} - C:\WINNT\0f0o4f20.dll (file missing)

O4 - HKLM\..\Run: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\Run: [ImMsn] C:\WINNT\msncomm.exe /i

O4 - HKLM\..\Run: [VolControl] C:\WINNT\volumec.exe -i

O4 - HKLM\..\Run: [intranet] C:\WINNT\system32\intranet.exe

O4 - HKLM\..\Run: [Torjan Program] C:\WINNT\WINLOGON.EXE

O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O4 - HKLM\..\RunServices: [Torjan Program] C:\WINNT\WINLOGON.EXE

O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe

O10 - Broken Internet access because of LSP provider 'c:\winnt\system32\wsd_sock32.dll' missing

O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensavers.com/dm/insta.../sinstaller.cab

Clicca sul pulsante Fix checked per eliminarle

scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio

Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla le scritte in rosso

Files to delete:
C:\WINNT\system32\internst.exe
C:\WINNT\msncomm.exe
C:\WINNT\WINLOGON.EXE
C:\WINNT\volumec.exe
C:\WINNT\system32\hotkeysvc.exe
C:\WINNT\system32\0f0i4f2.exe

Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

Una volta riavviato il pc,collegati e posta il contenuto del file C:\Avenger.txt

Scarica questo file sul desktop
http://www.cexx.org/LSPFix.exe
Avvia il file LSPFix.exe
Metti la spunta nella casella "I know what I'm doing"
Nella colonna di sinistra(KEEP) seleziona il valore wsd_sock32.dll e clicca sul pulsante >>
Adesso vedrai il valore wsd_sock32.dll nella colonna REMOVE
Clicca sul pulsante "Finish"

Riavvia il pc e posta i seguenti logs
C:\Avenger.txt
Log aggiornato di Hijackthis

Ciao

**Squall_Leonhart** · 30-09-2006, 23:06

Perfetto adesso rifunziona di nuovo tutto!non ho capito cosa mi hai fatto fare ma sicuramente ha funzionato, quindi grazie molte ^^
cmq questi sono i logs che mi hai chiesto:

AVENGER

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\cpqtkdsu

*******************

Script file located at: \??\C:\WINNT\mmvbjsbq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINNT\system32\internst.exe not found!
Deletion of file C:\WINNT\system32\internst.exe failed!

Could not process line:
C:\WINNT\system32\internst.exe
Status: 0xc0000034

File C:\WINNT\msncomm.exe deleted successfully.
File C:\WINNT\WINLOGON.EXE deleted successfully.

File C:\WINNT\volumec.exe not found!
Deletion of file C:\WINNT\volumec.exe failed!

Could not process line:
C:\WINNT\volumec.exe
Status: 0xc0000034

File C:\WINNT\system32\hotkeysvc.exe not found!
Deletion of file C:\WINNT\system32\hotkeysvc.exe failed!

Could not process line:
C:\WINNT\system32\hotkeysvc.exe
Status: 0xc0000034

File C:\WINNT\system32\0f0i4f2.exe not found!
Deletion of file C:\WINNT\system32\0f0i4f2.exe failed!

Could not process line:
C:\WINNT\system32\0f0i4f2.exe
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 10:55:44 PM, on 9/30/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\WINLOGON.EXE
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\mikhail\Desktop\New Folder\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 127.0.0.1:8080
F2 - REG:system.ini: Shell=Explorer.exe 1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Torjan Program] C:\WINNT\WINLOGON.EXE
O4 - HKLM\..\RunServices: [Torjan Program] C:\WINNT\WINLOGON.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\common\yhexbmesit.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/game.../y/fltt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.scd.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/game.../y/mjst4_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab30149.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {1EDF25DE-DFB2-40CA-AA83-30AE7DA8C203} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.co...haringctrl.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://squally1.spaces.msn.com//Phot...d/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab30149.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/z...ylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: MpService - Canon Inc - C:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

**LUCASS** · 01-10-2006, 02:26

Ciao,non so neanche io cosa ti ho fatto fare,di solito alle 19 di sera sono sempre ubriaco(anche verso le 2)

C'è ancora qualcosa da eliminare :rollo: :rollo:

Clicca su start>nella casellina digita regedit e clicca su Ok
Ti si apre il registro di sistema,aiutandoti con i + portati fino alla chiave segnata i blu
HKEY_LOCAL_MACHINE\ clicca sul +
Software\ clicca sul +
Microsoft\ clicca sul +
Windows NT\ clicca sul +
CurrentVersion\ clicca sul +
Winlogon\ clicca sul +
Userinit
Clicca sulla cartellina segnata in blu(Userinit)
Nel pannello di destra vedrai il valore Shell
Selezionalo,clicca su modifica nella casellina Dati Valori cancella il valore 1
Clicca su OK

Avvia Hijackthis ed elimina questi valori
F2 - REG:system.ini: Shell=Explorer.exe 1

O4 - HKLM\..\Run: [Torjan Program] C:\WINNT\WINLOGON.EXE

O4 - HKLM\..\RunServices: [Torjan Program] C:\WINNT\WINLOGON.EXE

Elimina il files segnato in rosso
C:\WINNT\WINLOGON.EXE <----Non confonderlo con quello in System32
----------------------------------------------------------------------
Creati una nuova cartella in C:\ e chiamala Sysclean
Adesso inserisci nella cartella C:\Sysclean questo file
http://www.trendmicro.com/ftp/products/tsc/sysclean.com
Decomprimi l'archivio lpt803.zip
http://it.trendmicro-europe.com/glob...opr/lpt803.zip
Nella cartella C:\Sysclean

Avvia il pc in modalità provvisoria
Start>riavvia
Alle prime scritte del riavvio premi in continuazione il tasto F8
Attendi pochi instanti ed uscirà un menù
Dal menù seleziona l'opzione "Avvia in modalità provvisoria"

Una volta dentro apri la cartella C:\Sysclean
Avvia l'eseguibile Sysclean.com
Metti la spunta nella casella "Automatically clean or delete detected files"
e nella casella "Scan all local fixed drives"
Clicca su "Scan"
Una finestra dos si aprirà(poi si chiude tranquillo)

Attendi la fine della scansione,finita la scansione riavvia il pc normalmente
Per piacere posta un nuovo log di Hijackthis e il log di Sysclean che trovi nella sua cartella con nome SYSCLEAN.LOG

Aggiorna il sistema tramite Windows Update

**Squall_Leonhart** · 01-10-2006, 20:04

è saltato tutto di nuovo

non mi accede più ad internet e non mi fa aprire nessuna applicazione. All'accensione mi da l'avviso che manca il file "1".
Se può servire questo è il log di sysclean (Hijackthis non me lo fa aprire, cm detto prima):

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-10-01, 17:49:22, Auto-clean mode specified.
2006-10-01, 17:49:22, Running scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\TSC.BIN"...
2006-10-01, 17:49:34, Scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\TSC.BIN" has finished running.
2006-10-01, 17:49:34, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 4)

Start time : Sun Oct 01 2006 17:49:23

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\tsc.ptn" (version 792) [success]

Complete time : Sun Oct 01 2006 17:49:34
Execute pattern count(2954), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-10-01, 17:50:58, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-10-01, 18:58:12, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 17:51:14
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

C:\Program Files\Common Files\iexplore.pif [TSPY_LEGMIR.XH]
C:\Program Files\Internet Explorer\iexplore.com [TSPY_LEGMIR.XH]
C:\WINNT\1.com [TSPY_LEGMIR.XH]
C:\WINNT\Debug\DebugProgram.exe [TSPY_LEGMIR.XH]
C:\WINNT\ExERoute.exe [TSPY_LEGMIR.XH]
C:\WINNT\explorer.com [TSPY_LEGMIR.XH]
C:\WINNT\finder.com [TSPY_LEGMIR.XH]
C:\WINNT\system32\command.pif [TSPY_LEGMIR.XH]
C:\WINNT\system32\dxdiag.com [TSPY_LEGMIR.XH]
C:\WINNT\system32\finder.com [TSPY_LEGMIR.XH]
C:\WINNT\system32\mnt32.exe [TSPY_LEGMIR.XH]
C:\WINNT\system32\MSCONFIG.COM [TSPY_LEGMIR.XH]
C:\WINNT\system32\regedit.com [TSPY_LEGMIR.XH]
C:\WINNT\system32\rundll32.com [TSPY_LEGMIR.XH]
C:\WINNT\WINLOGON.EXE [TSPY_LEGMIR.XH]
52107 files have been read.
52107 files have been checked.
45737 files have been scanned.
136791 files have been scanned. (including files in archived)
17 files containing viruses.
Found 19 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/1/2006 18:58:11
---------*---------*---------*---------*---------*---------*---------*---------*
2006-10-01, 18:58:12, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 17:51:14
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\avenger\backup.zip,(avenger\WINLOGON.EXE)
Success Clean [ JAVA_BYTEVER.BK]( 1) from C:\Documents and Settings\mikhail\.jpi_cache\jar\1.0\ms0311.jar-24ad07f3-3b66e299.zip,(Installer.class)
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\Program Files\Common Files\iexplore.pif
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\Program Files\Internet Explorer\iexplore.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\1.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\Debug\DebugProgram.exe
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\ExERoute.exe
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\explorer.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\finder.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\command.pif
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\dxdiag.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\finder.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\mnt32.exe
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\MSCONFIG.COM
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\regedit.com
Success Clean [ TSPY_LEGMIR.XH]( 1) from C:\WINNT\system32\rundll32.com
52107 files have been read.
52107 files have been checked.
45737 files have been scanned.
136791 files have been scanned. (including files in archived)
17 files containing viruses.
Found 19 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/1/2006 18:58:11 1 hour 6 minutes 47 seconds (4007.49 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-10-01, 18:58:12, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 17:51:14
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

52107 files have been read.
52107 files have been checked.
45737 files have been scanned.
136791 files have been scanned. (including files in archived)
17 files containing viruses.
Found 19 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/1/2006 18:58:11 1 hour 6 minutes 47 seconds (4007.49 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-10-01, 18:58:12, Scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN" has finished running.

/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/

2006-10-01, 19:45:07, Auto-clean mode specified.
2006-10-01, 19:45:07, Running scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\TSC.BIN"...
2006-10-01, 19:45:19, Scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\TSC.BIN" has finished running.
2006-10-01, 19:45:19, TSC Log:

Damage Cleanup Engine (DCE) 3.98(Build 1012)
Windows 2000(Build 2195: Service Pack 4)

Start time : Sun Oct 01 2006 19:45:07

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\tsc.ptn" (version 792) [success]

Complete time : Sun Oct 01 2006 19:45:19
Execute pattern count(2954), Virus found count(0), Virus clean count(0), Clean failed count(0)

2006-10-01, 19:46:33, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-10-01, 19:49:58, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 19:46:44
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

2006-10-01, 19:49:58, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 19:46:44
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

2006-10-01, 19:49:58, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/1/2006 19:46:44
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 803 (134240 Patterns) (2006/09/30) (380300)
Command Line: C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean

2006-10-01, 19:49:58, Scanner "C:\Documents and Settings\mikhail\Desktop\New Folder\Sysclean\VSCANTM.BIN" has finished running.
2006-10-01, 19:49:58, The user stopped the operation.

Che fare???

**LUCASS** · 01-10-2006, 21:06

Ciao,scarica gmer da qui http://www.gmer.net/gmer.zip
Estrai il contenuto dell'archivio sul desktop
Avvia il file gmer.exe
Portati sul tag "Autostart" spunta la casella "Show All" e clicca su Scan

Attendi la fine della scansione e clicca sul pulsante Copy
Apri il block notes di windows,clicca su modifica>incolla
Clicca su file>salva con nome
Salva il file sul desktop,copia e incolla il contenuto del file salvato nella prossima risposta

Grazie,ciao

**Squall_Leonhart** · 01-10-2006, 21:29

non me lo fa aprire, mi da sempre lo stesso messaggio di quando cerco diaprire qualsiasi applicazione. mi dice che non può trovare il file, se vuoi ti posto tutta la scritta dell'alert che mi compare

Discussione: Problema con internet explorer

Strumenti discussione

Ricerca discussione

Visualizza

Problema con internet explorer

Permessi di invio