Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » logfile di pc incasinato :-)

logfile di pc incasinato :-) Opzioni
Topic Precedente · Topic Sucessivo
wally_621
Inviato: Sunday, March 06, 2005 10:18:41 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0

Scan saved at 22.16.47, on 06/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\DW15.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE
C:\TOTALCOMMANDER\TOTALCMD.EXE
C:\PROGRAMMI\HIJACK\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=:s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {92CC1082-A802-9762-B0F9-7096627CFEEA} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O2 - BHO: (no name) - {5238C9A9-8E63-11D9-85AD-4445B4894F79} - C:\WINDOWS\SYSTEM\JCJ.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: www.master70.biz
O15 - Trusted Zone: www.master71.biz
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} - http://real.gamehouse.com/real/games/SproutLauncher.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://content.handyspider.com/sc.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605690.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Filter: text/html - {5238C9A8-8E63-11D9-85AD-4445DBC5EAE2} - C:\WINDOWS\SYSTEM\JCJ.DLL
O18 - Filter: text/plain - {5238C9A8-8E63-11D9-85AD-4445DBC5EAE2} - C:\WINDOWS\SYSTEM\JCJ.DLL
Torna in alto
 
Sponsor
Inviato: Sunday, March 06, 2005 10:18:41 PM

 
Torna in alto
 
alfonso
Inviato: Sunday, March 06, 2005 11:28:24 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = http://fastsearchweb.com/srh.php?q=:s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
-
R3 - Default URLSearchHook is missing
-
O2 - BHO: (no name) - {92CC1082-A802-9762-B0F9-7096627CFEEA} - (no file)
-
O2 - BHO: (no name) - {CE188402-6EE7-4022-8868-AB25173A3E14} - (no file)
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O2 - BHO: (no name) - {5238C9A9-8E63-11D9-85AD-4445B4894F79} - C:\WINDOWS\SYSTEM\JCJ.DLL
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
-
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
-
O15 - Trusted Zone: http://*.63.219.181.7
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.yeak.net
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: www.master70.biz
O15 - Trusted Zone: www.master71.biz
O15 - Trusted Zone: *.05p.com
O15 - Trusted Zone: *.scoobidoo.com
O15 - Trusted Zone: *.awmdabest.com
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.static.topconverting.com
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.05p.com (HKLM)
O15 - Trusted Zone: *.scoobidoo.com (HKLM)
O15 - Trusted Zone: *.awmdabest.com (HKLM)
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.static.topconverting.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O15 - Trusted IP range: 67.19.185.246 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
-
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
-
O16 - DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - http://www.clickteam.com/vitalize3/vitalize.cab
O16 - DPF: {2048B51E-8D74-4762-82CE-B48CF545EEEA} (CAX Object) - http://content.handyspider.com/sc.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/605690.exe
O16 - DPF: {EFB22865-F3BC-4309-ADFA-C8E078A7F762} (SysWebTelecomInt Class) - http://www.sponsoradulto.com/cab/14/en/SysWebTelecomInt.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O18 - Filter: text/html - {5238C9A8-8E63-11D9-85AD-4445DBC5EAE2} - C:\WINDOWS\SYSTEM\JCJ.DLL
O18 - Filter: text/plain - {5238C9A8-8E63-11D9-85AD-4445DBC5EAE2} - C:\WINDOWS\SYSTEM\JCJ.DLL
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
CERBMOD.DLL
JCJ.DLL
CERES.DLL
==================================

Svuota la cartella C:\WINDOWS\TEMP di tutto il contenuto, la cartella TEMP deve risultare vuota

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.
Collaboratore Aiutamici
Torna in alto
 
wally_621
Inviato: Monday, March 07, 2005 12:20:10 AM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ciao Alfonso,primaditutto ti voglio ringraziare per la disponibilità e per la rapidità,sei davvero gentilissimo,poi ti faccio rapporto sulle operazioni compiute.
Dunque,seguite le tue istruzioni alla lettera,per ora pare sia tutto risolto,non ho solo trovato le tre dll che mi consigliavi di eliminare(ceres,jcj e cerbmod)ma avendo usato cwshredder prima facile siano già state eliminate,in compenso ho trovato un ceres.inf(che faccio?)
Poi ho fatto girare il norton in modalità provvisoria è ha trovato il file Xlhrobep.exe trojan download che ho messo in quarantena poi eliminato.
Ora,sperando sia tutto risolto,mi piacerebbe sapere come fare a non trovarmi + sti cavallini che mi gironzolano per l'apertissima prateria che probabilmente è il mio pc<img src=icon_smile.gif border=0 align=middle>,considera che ho norton antivirus,cwshredder e ad aware,inoltre due stringhe di deltree nell'autoexcec.bat riferite a cookies e temp,c'è qualcosa di freeware che potrebbe fare in modo che il mio pc non sia un'autostrada senza casello?
Ah,dimenticavo,gironzolo spesso su astalavista e siti affini,da cui come sai di certo oltre a cio' che serve scende di tutto, e il mio inglese è decisamente intuitivo,come l'uso del pc del resto,quindi immagino di essere io la prima causa dei danni<img src=icon_smile_blush.gif border=0 align=middle>.
Ringraziandoti ancora tantissimo ti saluto e non manchero' di segnalare questo splendido sito a tutti gli autodidatti casinisti come me che incontro
Torna in alto
 
alfonso
Inviato: Monday, March 07, 2005 2:10:26 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Prima di tutto evita siti come astalavista, covo di pirati e malintenzionati, vedrai che eviterai tanti problemi.

Se non hai installato un Firewall, installa questo programma, e in inglese ma se leggi la descrizione su aiutamici e facile da usare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=919

altro programma da installare e SpywareBlaster che inserisce una lista nera di siti pericolosi iin Internet Explorer
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041
leggi sempre la descrizione

inoltre aggiorna Windows 98 tramite il windows update con tutte le patch disponibili sulla sicurezza.

Il file CERES.INF puoi eliminarlo

per sicurezza fai un nuovo log e invialo cosi controlliamo se e tutto a posto,
Collaboratore Aiutamici
Torna in alto
 
wally_621
Inviato: Monday, March 07, 2005 10:06:57 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Eseguito tutto alla lettera,compresa installazione di ad aware se personal(avevo veccchia versione) che ho fatto girare e mi ha trovato.............130 oggetti "pericolosi",io ho buttato via,in fondo ti metto il file di quarantena.
Outpost credo di averlo capito,come mi pare di non dover fare upgrade se mi dice che mi installa la versione professional valida trenta gg(mi sbaglio?)
Unico problema ho installato piu' volte Spywareblaster,ma quando cerco di avviarlo mi da il messaggio "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it." la cui cosa mi pare ben strana,ho riscaricato il setup,scansionato il pc con tutte le armi a disposizione,ma non risulta nulla.
Ah,come hai consigliato,ho poco fa fatto nuovamente girare HiJack,ti mando il file log per verifica.


Logfile of HijackThis v1.99.1
Scan saved at 21.53.38, on 07/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\HIJACK\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

P.S questo è il file di quarantena di ad aware:

ArchiveData(auto-quarantine- 2005-03-07 21-01-21.bckp)
Referencefile : SE1R29 05.03.2005
======================================================

ALEXA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[0]=Regkey : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
obj[1]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuText"
obj[2]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "MenuStatusBar"
obj[3]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Script"
obj[4]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "clsid"
obj[5]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "Icon"
obj[6]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "HotIcon"
obj[7]=RegValue : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} "ButtonText"
obj[45]=RegValue : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"

CLICKSPRING
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj<img src=icon_smile_8ball.gif border=0 align=middle>=Regkey : software\clickspring
obj[9]=RegValue : software\clickspring "UUID"

DYFUCA
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[10]=Regkey : .DEFAULT\software\ist
obj[11]=RegValue : .DEFAULT\software\ist "InstallDate"
obj[12]=RegValue : .DEFAULT\software\ist "account_id"
obj[13]=RegValue : .DEFAULT\software\ist "config"
obj[14]=RegValue : .DEFAULT\software\ist "NeverISTsvc"
obj[15]=Regkey : .DEFAULT\software\policies\avenue media
obj[16]=Regkey : software\policies\avenue media
obj[72]=Regkey : software\microsoft\windows\currentversion\policies\ameopt

ISTBAR.DOTCOMTOOLBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[17]=Regkey : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}
obj[18]=RegValue : software\classes\clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} ""
obj[73]=Regkey : software\ist
obj[74]=RegValue : software\ist "InstallDate"
obj[75]=RegValue : software\ist "account_id"
obj[76]=RegValue : software\ist "config"
obj[77]=RegValue : software\ist "NeverISTsvc"
obj[78]=Regkey : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll
obj[79]=RegValue : software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/istactivex.dll ".Owner"

ISTBAR
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[19]=Regkey : interface\{0985c112-2562-46f2-8da6-92648ba4630f}
obj[20]=RegValue : interface\{0985c112-2562-46f2-8da6-92648ba4630f} ""
obj[21]=Regkey : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486}
obj[22]=RegValue : clsid\{5f1abcdb-a875-46c1-8345-b72a4567e486} ""
obj[55]=RegValue : .DEFAULT\software\microsoft\internet explorer\toolbar\webbrowser "{5F1ABCDB-A875-46C1-8345-B72A4567E486}"

SAHAGENT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[23]=Regkey : software\vgroup

SIDEFIND
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[24]=Regkey : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807}
obj[25]=RegValue : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} "Default Visible"
obj[26]=RegValue : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} "ButtonText"
obj[27]=RegValue : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} "CLSID"
obj[28]=RegValue : software\microsoft\internet explorer\extensions\{10e42047-deb9-4535-a118-b3f6ec39b807} "BandCLSID"
obj[29]=Regkey : software\microsoft\sidefind
obj[30]=RegValue : software\microsoft\sidefind "webautosearch"
obj[31]=RegValue : software\microsoft\sidefind "shoppingautosearch"
obj[32]=Regkey : software\sidefind
obj[33]=RegValue : software\sidefind "account_id"
obj[34]=RegValue : software\sidefind "InstallDate"

SYSWEB-TELECOM DIALER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[35]=Regkey : syswebtelecom.syswebtelecom
obj[36]=RegValue : syswebtelecom.syswebtelecom ""

TIB BROWSER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[37]=Regkey : .DEFAULT\software\websiteviewer
obj[80]=Regkey : software\websiteviewer

VX2
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[38]=Regkey : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}
obj[39]=Regkey : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
obj[40]=RegValue : interface\{bb0d5adc-028d-4185-9288-722ddce2c757} ""
obj[41]=Regkey : ceresdll.ceresdllobj.1
obj[42]=RegValue : ceresdll.ceresdllobj.1 ""
obj[43]=Regkey : ceresdll.ceresdllobj
obj[44]=RegValue : ceresdll.ceresdllobj ""
obj[81]=RegValue : software\microsoft\internet explorer\toolbar\webbrowser "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"

BARGAINBUDDY
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[46]=RegValue : software\exactutil "PartnerID"
obj[47]=RegValue : software\exactutil "UtilFolder"
obj[48]=RegValue : software\exactutil "PartnerName"
obj[49]=RegValue : software\exactutil "FirstHit"
obj[50]=RegValue : software\exactutil "BuildNumber"
obj[51]=RegValue : software\exactutil "UninstallUrl"
obj[52]=RegValue : software\exactutil "UniqueKeyUrl"
obj[53]=RegValue : software\exactutil "FirstHitUrl"
obj[82]=Regkey : software\exactutil
obj[83]=RegValue : software\exactutil "UniqueKey"
obj[84]=RegValue : software\exactutil "System"
obj[85]=RegValue : software\exactutil "InstallOccurUrl"
obj[86]=RegValue : software\exactutil "AlreadyInstalledUrl"
obj[87]=RegValue : software\exactutil "NewPartnerName"
obj[88]=RegValue : software\exactutil "PrevBBBuildNumber"
obj[89]=RegValue : software\exactutil "UninstalledSystem"
obj[105]=File : c:\WINDOWS\SYSTEM\MSBE.DL$
obj[106]=File : c:\WINDOWS\SYSTEM\angelex.exe
obj[107]=File : c:\WINDOWS\SYSTEM\exdl.exe
obj[108]=File : c:\WINDOWS\SYSTEM\exul.exe
obj[110]=File : c:\WINDOWS\SYSTEM\javexulm.vxd
obj[114]=File : c:\WINDOWS\zeta.exe
obj[116]=File : C:\WINDOWS\SYSTEM\bbchk.exe
obj[117]=File : C:\WINDOWS\SYSTEM\exdl0.exe
obj[118]=File : C:\WINDOWS\autoheal.exe

IEHIJACKER.HERETOFIND
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[54]=RegValue : .DEFAULT\software\websiteviewer\settings "lc"

POWERSCAN
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[56]=RegValue : .DEFAULT\software\powerscan "account_id"
obj[57]=RegValue : software\powerscan "LoadNum"
obj[90]=Regkey : software\powerscan
obj[91]=RegValue : software\powerscan "account_id"
obj[92]=Regkey : software\powerscan
obj[93]=Regkey : .default\software\powerscan

POSSIBLE BROWSER HIJACK ATTEMPT
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[58]=Regkey : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7
obj[59]=RegValue : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\63.219.181.7 "http"
obj[60]=Regkey : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
obj[61]=RegValue : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com "*"
obj[62]=Regkey : Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\static.topconverting.com
obj[63]=Regkey : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7}
obj[64]=RegValue : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} "SystemComponent"
obj[65]=RegValue : SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D54160C3-DB7B-4534-9B65-190EE4A9C7F7} "Installer"
obj[115]=File : C:\WINDOWS\Preferiti\Giochi&software\Online Game - Internet Game - Game Downloads.url

TRACKING COOKIE
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[66]=IECache Entry : Cookie:ciccio@imrworldwide.com/cgi-bin
obj[67]=IECache Entry : Cookie:ciccio@as1.falkag.de/
obj[68]=IECache Entry : Cookie:ciccio@z1.adserver.com/
obj[69]=IECache Entry : c:\WINDOWS\Cookies\ciccio@z1.adserver[1].txt
obj[70]=IECache Entry : c:\WINDOWS\Cookies\ciccio@cgi-bin[2].txt
obj[71]=IECache Entry : c:\WINDOWS\Cookies\ciccio@as1.falkag[2].txt

COOLWEBSEARCH
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[94]=Regkey : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall
obj[95]=RegValue : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall "DisplayName"
obj[96]=RegValue : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall "UninstallString"
obj[97]=Regkey : software\microsoft\internet explorer\urlsearchhooks
obj[98]=RegValue : software\microsoft\internet explorer\urlsearchhooks "{92CC1082-A802-9762-B0F9-7096627CFEEA}"
obj[99]=RegValue : software\microsoft\internet explorer\main "Use Custom Search URL"
obj[100]=RegValue : software\microsoft\internet explorer\main "Use Search Asst"
obj[101]=RegValue : software\microsoft "set"
obj[102]=RegValue : software\microsoft\windows\currentversion\internet settings\zonemap\ranges\range1 ":Range"
obj[103]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[104]=RegData : software\microsoft\internet explorer\main "Use Search Asst"
obj[113]=File : c:\WINDOWS\scanregw.exe

RADS01.QUADROGRAM
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[109]=File : c:\WINDOWS\SYSTEM\msexreg.exe

WINPUP32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[111]=File : c:\WINDOWS\SYSTEM\trkgif.exe

WEBDIALER
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
obj[112]=File : c:\WINDOWS\Ole32ws.dll

Il mio sistema ora gode dei servigi di CWShredder,Ad Aware se personal,norton antivirus 2002 sempre aggiornato,regseeker,diskcleaner e outpost,oltre agli utilissimi tuoi che sono stati indispensabili,ti ribadisco un grande grazie Alfonso,ciao
Torna in alto
 
a.roselli
Inviato: Monday, March 07, 2005 10:23:05 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,050
Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
-
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
==================================


in MODALITA' PROVVISORIA utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

visto che Ad-aware ti ha trovato 130 ogetti, devi ripetere la scanzione più volte fino a che non ti trova più pericoli, gli oggetti possono essere eliminati definitivamente.


sempre in modalità provvisoria fai una scansione Antivirus.
alfonso_aiutamici@hotmail.it
Torna in alto
 
wally_621
Inviato: Monday, March 07, 2005 11:12:51 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ringrazio e provvedero',mancano comunque le risposte sul non funzionamento di spywareblaster e sull'upgrade di outcast,se dite che va bene botto via blaster e installo spybot.
Ciao e rigrazie
Torna in alto
 
wally_621
Inviato: Tuesday, March 08, 2005 12:46:12 AM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ok,ho provveduto ancora,ho deciso di rinunciare a spywareblaster e ho installato spybot che mi piace e va bene.
Ho rifatto girare hijack,ma tre delle voci di cui nel consiglio di Roselli non c'è verso di eliminarle ne in mod prov ne normale,ma pare il pc non ne risenta in alcun modo.
Ho fatto girare ad aware,spybot e il norton finchè davvero non trovano piu' nulla,credo le cose siano ragionevolmente andate a posto.
Naturalmente mando ultimo log per controllo,spero poter smettere di approfittare di voi<img src=icon_smile.gif border=0 align=middle>
Ah,come detto in post sopra,ho nell'autoexcec.bat queste due stringhe di "pulizia all'avvio"

deltree /y C:\Windows\Temp\*.*
deltree /y C:\Windows\Cookies\*.*

mi piacerebbe poterne mettere una anche per i temporary internet files,ma ci sono troppe sottocartelle,diventa un casino,mi pare di ricordare che perchè il deltree funzioni anche nelle sottocartelle uno degli slash va al contrario(che gergo!!!!!!),ma non sono certo,se poteste mandarmi la striscia giusta,sarebbe un favore.
Sempre grazie e ciao a tutti,faccio seguire logfile recente.

Logfile of HijackThis v1.99.1
Scan saved at 0.34.56, on 08/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\EXECUTIVE SOFTWARE\DISKEEPERLITE\DKSERVICE.EXE
C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\OUTPOST.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\THOMSON\SPEEDTOUCH USB\DRAGDIAG.EXE
C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\HIJACK\HIJACKTHIS.EXE
C:\WINDOWS\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /waitservice
O4 - HKLM\..\RunServices: [DkService] C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [Outpost Firewall] C:\PROGRAMMI\AGNITUM\OUTPOST FIREWALL 1.0\outpost.exe /service
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O15 - Trusted IP range: 67.19.185.246
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
Torna in alto
 
alfonso
Inviato: Tuesday, March 08, 2005 11:15:50 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Non serve che cancelli i cookie e i file temporanei ogni volta, puoi eliminare quelle righe dall'autoexec.bat, al limite puoi utilizzare questo programma per eliminare i file inutili
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1028

SpywareBlaster installalo in quanto previene alcuni pericoli prima che si installino nel sistema e non é residente.

Utilizza anche Ad-aware.
Collaboratore Aiutamici
Torna in alto
 
wally_621
Inviato: Tuesday, March 08, 2005 7:09:45 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Ok,ho già disk cleaner,per quanto riguarda spywareblaster non c'è verso di farlo funzionare,come ho descritto piu' sopra.
Ciao e grazie<font face='Tahoma'></font id='Tahoma'><font size=5></font id=size5><font color=blue></font id=blue>
Torna in alto
 
alfonso
Inviato: Tuesday, March 08, 2005 7:18:05 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Hai letto la descrizione di Spywareblaster, per l'installazione e l'utilizzo?
http://www.aiutamici.com/software/descrizione.asp?CodSw=1041
Collaboratore Aiutamici
Torna in alto
 
wally_621
Inviato: Wednesday, March 09, 2005 5:02:35 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
<BLOCKQUOTE id=quote><font size=1 face="Sans Serif, Arial, Helvetica" id=quote>quote:<hr height=1 noshade id=quote>
Hai letto la descrizione di Spywareblaster, per l'installazione e l'utilizzo?
http://www.aiutamici.com/software/descrizione.asp?CodSw=1041
<hr height=1 noshade id=quote></BLOCKQUOTE id=quote></font id=quote><font face="Sans Serif, Arial, Helvetica" size=2 id=quote>


Si,Unico problema ho installato piu' volte Spywareblaster,ma quando cerco di avviarlo mi da il messaggio "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it."
Torna in alto
 
wally_621
Inviato: Wednesday, March 09, 2005 5:04:13 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Si ho installato piu' volte Spywareblaster,ma quando cerco di avviarlo mi da il messaggio "This program has been damaged, possibly by a bad sector of the hard drive or a virus. Please reinstall it."
Torna in alto
 
alfonso
Inviato: Wednesday, March 09, 2005 9:30:18 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Prova a fare un controllo antivirus on line da questo indirizzo
http://security.symantec.com/default.asp?productid=symhome&langid=it&venid=sym
Collaboratore Aiutamici
Torna in alto
 
wally_621
Inviato: Friday, March 11, 2005 9:31:09 PM
Rank: Member

Iscritto dal : 3/6/2005
Posts: 0
Le ho provate tutte,alla fine ho scoperto di avere l'hard disk fortemente danneggiato e va a finire spywareblaster era finito installato proprio li,comunque progressivamente sono sorti altri problemi,allora ho usato il famoso e risolutovo programma "change hard disk" e adesso va tutto benissimo,provvedo a installare tutto il software presente nella vostra sezione "sicurezza" nella home.
Se va tutto bene,questa discussione penso si possa chiudere.
Grazie Alfonso <img src=icon_smile_cool.gif border=0 align=middle>
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » logfile di pc incasinato :-)


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.