Mi controllate per favore log Hijack?Grazie - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate per favore log Hijack?Grazie

Mi controllate per favore log Hijack?Grazie

Opzioni

Topic Precedente · Topic Sucessivo

Ikks

Inviato: Monday, May 16, 2005 10:39:16 PM

Rank: Member

Iscritto dal : 11/16/2004
Posts: 4

Logfile of HijackThis v1.99.1
Scan saved at 15.57.42, on 16/05/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\OFFICESCAN 95\PCCWIN97.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAMMI\OFFICESCAN 95\OFCDOG.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\ADDOS32.EXE
C:\WINDOWS\SYSTEM\NTAF.EXE
C:\WINDOWS\ATLWK.EXE
C:\WINDOWS\JAVAZH.EXE
C:\WINDOWS\SYSTEM\MFCLD.EXE
C:\WINDOWS\IEZY32.EXE
C:\WINDOWS\SYSTEM\ATLNY.EXE
C:\WINDOWS\SYSTEM\ATLNY.EXE
C:\WINDOWS\SYSTEM\WINGB32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\NTLG32.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\NTLG32.EXE
C:\WINDOWS\WINSN.EXE
C:\WINDOWS\SYSTEM\MSYR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SDKQQ.EXE
C:\WINDOWS\SDKQQ.EXE
C:\WINDOWS\SYSTEM\IEST.EXE
C:\WINDOWS\SDKQQ.EXE
C:\WINDOWS\SDKQQ.EXE
C:\WINDOWS\SYSTEM\IEST.EXE
C:\WINDOWS\SYSTEM\MSKF32.EXE
C:\WINDOWS\SYSTEM\MSKF32.EXE
C:\WINDOWS\D3HQ32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\WINPR32.EXE
C:\WINDOWS\SYSTEM\MSKF32.EXE
C:\WINDOWS\WINRL.EXE
C:\WINDOWS\SYSTEM\IEST.EXE
C:\WINDOWS\SYSTEM\IEST.EXE
C:\WINDOWS\SYSTEM\NTAF.EXE
C:\DOCUMENTI\P\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.my-google.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.my-google.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.my-google.biz/clickpps.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Class - {EBCD7590-0C14-0FA4-2C88-89C477A6453E} - C:\WINDOWS\SYSTEM\SDKVJ32.DLL
O2 - BHO: Class - {3366A681-63B6-7915-C2CB-2CC4EF3E7DB2} - C:\WINDOWS\SYSTEM\APPPJ32.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] systray.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [SoundFusion] RunDll32 cwcprops.cpl,CrystalControlWnd
O4 - HKLM\..\Run: [CanonScannerMonitor 1.1] "C:\Programmi\Canon\ScanGear CS-S 4.3\SCANMON.EXE"
O4 - HKLM\..\Run: [OfficeScan95] "C:\PROGRAMMI\OFFICESCAN 95\pccwin97.exe" -HideWindow
O4 - HKLM\..\Run: [CreateCD50] "C:\Programmi\File comuni\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [WINPR32.EXE] C:\WINDOWS\SYSTEM\WINPR32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Machine Debug Manager] C:\WINDOWS\SYSTEM\MDM.EXE
O4 - HKLM\..\RunServices: [OfficeScan95] "C:\PROGRAMMI\OFFICESCAN 95\pccwin97.exe"
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [WINHR.EXE] C:\WINDOWS\SYSTEM\WINHR.EXE /s
O4 - HKLM\..\RunServices: [WINZB32.EXE] C:\WINDOWS\WINZB32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZH.EXE] C:\WINDOWS\JAVAZH.EXE /s
O4 - HKLM\..\RunServices: [SYSTH32.EXE] C:\WINDOWS\SYSTEM\SYSTH32.EXE /s
O4 - HKLM\..\RunServices: [IEST.EXE] C:\WINDOWS\SYSTEM\IEST.EXE /s
O4 - HKLM\..\RunServices: [WINSI.EXE] C:\WINDOWS\SYSTEM\WINSI.EXE /s
O4 - HKLM\..\RunServices: [APIAF32.EXE] C:\WINDOWS\APIAF32.EXE /s
O4 - HKLM\..\RunServices: [NTPH.EXE] C:\WINDOWS\SYSTEM\NTPH.EXE /s
O4 - HKLM\..\RunServices: [WINES32.EXE] C:\WINDOWS\SYSTEM\WINES32.EXE /s
O4 - HKLM\..\RunServices: [MSNM.EXE] C:\WINDOWS\SYSTEM\MSNM.EXE /s
O4 - HKLM\..\RunServices: [NTJC.EXE] C:\WINDOWS\SYSTEM\NTJC.EXE /s
O4 - HKLM\..\RunServices: [ATLWP.EXE] C:\WINDOWS\SYSTEM\ATLWP.EXE /s
O4 - HKLM\..\RunServices: [ATLUY32.EXE] C:\WINDOWS\ATLUY32.EXE /s
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [SDKLT32.EXE] C:\WINDOWS\SYSTEM\SDKLT32.EXE /s
O4 - HKLM\..\RunServices: [NTMV.EXE] C:\WINDOWS\NTMV.EXE /s
O4 - HKLM\..\RunServices: [D3EG.EXE] C:\WINDOWS\SYSTEM\D3EG.EXE /s
O4 - HKLM\..\RunServices: [IEWC32.EXE] C:\WINDOWS\SYSTEM\IEWC32.EXE /s
O4 - HKLM\..\RunServices: [APPRT32.EXE] C:\WINDOWS\SYSTEM\APPRT32.EXE /s
O4 - HKLM\..\RunServices: [NTFW.EXE] C:\WINDOWS\NTFW.EXE /s
O4 - HKLM\..\RunServices: [NTAV.EXE] C:\WINDOWS\SYSTEM\NTAV.EXE /s
O4 - HKLM\..\RunServices: [APPZD32.EXE] C:\WINDOWS\SYSTEM\APPZD32.EXE /s
O4 - HKLM\..\RunServices: [ADDRU32.EXE] C:\WINDOWS\SYSTEM\ADDRU32.EXE /s
O4 - HKLM\..\RunServices: [ATLLL32.EXE] C:\WINDOWS\ATLLL32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFX32.EXE] C:\WINDOWS\SYSTEM\JAVAFX32.EXE /s
O4 - HKLM\..\RunServices: [ADDJI32.EXE] C:\WINDOWS\SYSTEM\ADDJI32.EXE /s
O4 - HKLM\..\RunServices: [NTXX32.EXE] C:\WINDOWS\SYSTEM\NTXX32.EXE /s
O4 - HKLM\..\RunServices: [ATLMQ32.EXE] C:\WINDOWS\SYSTEM\ATLMQ32.EXE /s
O4 - HKLM\..\RunServices: [ADDRB.EXE] C:\WINDOWS\ADDRB.EXE /s
O4 - HKLM\..\RunServices: [MFCLD.EXE] C:\WINDOWS\SYSTEM\MFCLD.EXE /s
O4 - HKLM\..\RunServices: [D3EL32.EXE] C:\WINDOWS\SYSTEM\D3EL32.EXE /s
O4 - HKLM\..\RunServices: [ATLWK.EXE] C:\WINDOWS\ATLWK.EXE /s
O4 - HKLM\..\RunServices: [MFCWU32.EXE] C:\WINDOWS\MFCWU32.EXE /s
O4 - HKLM\..\RunServices: [ADDOS32.EXE] C:\WINDOWS\SYSTEM\ADDOS32.EXE /s
O4 - HKLM\..\RunServices: [SDKHS.EXE] C:\WINDOWS\SYSTEM\SDKHS.EXE /s
O4 - HKLM\..\RunServices: [CRSO.EXE] C:\WINDOWS\SYSTEM\CRSO.EXE /s
O4 - HKLM\..\RunServices: [MFCLB32.EXE] C:\WINDOWS\SYSTEM\MFCLB32.EXE /s
O4 - HKLM\..\RunServices: [NTCO32.EXE] C:\WINDOWS\SYSTEM\NTCO32.EXE /s
O4 - HKLM\..\RunServices: [IEZY32.EXE] C:\WINDOWS\IEZY32.EXE /s
O4 - HKLM\..\RunServices: [ATLNY.EXE] C:\WINDOWS\SYSTEM\ATLNY.EXE /s
O4 - HKLM\..\RunServices: [WINGB32.EXE] C:\WINDOWS\SYSTEM\WINGB32.EXE /s
O4 - HKLM\..\RunServices: [NTLG32.EXE] C:\WINDOWS\NTLG32.EXE /s
O4 - HKLM\..\RunServices: [WINSN.EXE] C:\WINDOWS\WINSN.EXE /s
O4 - HKLM\..\RunServices: [MSYR.EXE] C:\WINDOWS\SYSTEM\MSYR.EXE /s
O4 - HKLM\..\RunServices: [SDKQQ.EXE] C:\WINDOWS\SDKQQ.EXE /s
O4 - HKLM\..\RunServices: [MSKF32.EXE] C:\WINDOWS\SYSTEM\MSKF32.EXE /s
O4 - HKLM\..\RunServices: [D3HQ32.EXE] C:\WINDOWS\D3HQ32.EXE /s
O4 - HKLM\..\RunServices: [WINRL.EXE] C:\WINDOWS\WINRL.EXE /s
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Hummingbird Inetd.lnk = C:\WINDOWS\SYSTEM\Hummingbird\Connectivity\7.10\Inetd\inetd32.exe
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAMMI\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAMMI\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAMMI\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O13 - DefaultPrefix: http://web.my-google.biz/best.php?url=
O13 - WWW Prefix: http://web.my-google.biz/best.php?url=
O13 - Home Prefix: http://web.my-google.biz/best.php?url=
O13 - Mosaic Prefix: http://web.my-google.biz/best.php?url=
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.3,151.99.125.2
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll

Torna in alto

Sponsor

Inviato: Monday, May 16, 2005 10:39:16 PM

Torna in alto

alfonso

Inviato: Monday, May 16, 2005 11:04:19 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132

Ciao ,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://web.my-google.biz/clickpps.php
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://web.my-google.biz/clickpps.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.my-google.biz/clickpps.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\bokfd.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://web.my-google.biz/clickpps.php
-
R3 - Default URLSearchHook is missing
-
O2 - BHO: Class - {EBCD7590-0C14-0FA4-2C88-89C477A6453E} - C:\WINDOWS\SYSTEM\SDKVJ32.DLL
O2 - BHO: Class - {3366A681-63B6-7915-C2CB-2CC4EF3E7DB2} - C:\WINDOWS\SYSTEM\APPPJ32.DLL
-
O4 - HKLM\..\Run: [WINPR32.EXE] C:\WINDOWS\SYSTEM\WINPR32.EXE
-
O4 - HKLM\..\RunServices: [NTAF.EXE] C:\WINDOWS\SYSTEM\NTAF.EXE /s
O4 - HKLM\..\RunServices: [WINHR.EXE] C:\WINDOWS\SYSTEM\WINHR.EXE /s
O4 - HKLM\..\RunServices: [WINZB32.EXE] C:\WINDOWS\WINZB32.EXE /s
O4 - HKLM\..\RunServices: [JAVAZH.EXE] C:\WINDOWS\JAVAZH.EXE /s
O4 - HKLM\..\RunServices: [SYSTH32.EXE] C:\WINDOWS\SYSTEM\SYSTH32.EXE /s
O4 - HKLM\..\RunServices: [IEST.EXE] C:\WINDOWS\SYSTEM\IEST.EXE /s
O4 - HKLM\..\RunServices: [WINSI.EXE] C:\WINDOWS\SYSTEM\WINSI.EXE /s
O4 - HKLM\..\RunServices: [APIAF32.EXE] C:\WINDOWS\APIAF32.EXE /s
O4 - HKLM\..\RunServices: [NTPH.EXE] C:\WINDOWS\SYSTEM\NTPH.EXE /s
O4 - HKLM\..\RunServices: [WINES32.EXE] C:\WINDOWS\SYSTEM\WINES32.EXE /s
O4 - HKLM\..\RunServices: [MSNM.EXE] C:\WINDOWS\SYSTEM\MSNM.EXE /s
O4 - HKLM\..\RunServices: [NTJC.EXE] C:\WINDOWS\SYSTEM\NTJC.EXE /s
O4 - HKLM\..\RunServices: [ATLWP.EXE] C:\WINDOWS\SYSTEM\ATLWP.EXE /s
O4 - HKLM\..\RunServices: [ATLUY32.EXE] C:\WINDOWS\ATLUY32.EXE /s
-
O4 - HKLM\..\RunServices: [SDKLT32.EXE] C:\WINDOWS\SYSTEM\SDKLT32.EXE /s
O4 - HKLM\..\RunServices: [NTMV.EXE] C:\WINDOWS\NTMV.EXE /s
O4 - HKLM\..\RunServices: [D3EG.EXE] C:\WINDOWS\SYSTEM\D3EG.EXE /s
O4 - HKLM\..\RunServices: [IEWC32.EXE] C:\WINDOWS\SYSTEM\IEWC32.EXE /s
O4 - HKLM\..\RunServices: [APPRT32.EXE] C:\WINDOWS\SYSTEM\APPRT32.EXE /s
O4 - HKLM\..\RunServices: [NTFW.EXE] C:\WINDOWS\NTFW.EXE /s
O4 - HKLM\..\RunServices: [NTAV.EXE] C:\WINDOWS\SYSTEM\NTAV.EXE /s
O4 - HKLM\..\RunServices: [APPZD32.EXE] C:\WINDOWS\SYSTEM\APPZD32.EXE /s
O4 - HKLM\..\RunServices: [ADDRU32.EXE] C:\WINDOWS\SYSTEM\ADDRU32.EXE /s
O4 - HKLM\..\RunServices: [ATLLL32.EXE] C:\WINDOWS\ATLLL32.EXE /s
O4 - HKLM\..\RunServices: [JAVAFX32.EXE] C:\WINDOWS\SYSTEM\JAVAFX32.EXE /s
O4 - HKLM\..\RunServices: [ADDJI32.EXE] C:\WINDOWS\SYSTEM\ADDJI32.EXE /s
O4 - HKLM\..\RunServices: [NTXX32.EXE] C:\WINDOWS\SYSTEM\NTXX32.EXE /s
O4 - HKLM\..\RunServices: [ATLMQ32.EXE] C:\WINDOWS\SYSTEM\ATLMQ32.EXE /s
O4 - HKLM\..\RunServices: [ADDRB.EXE] C:\WINDOWS\ADDRB.EXE /s
O4 - HKLM\..\RunServices: [MFCLD.EXE] C:\WINDOWS\SYSTEM\MFCLD.EXE /s
O4 - HKLM\..\RunServices: [D3EL32.EXE] C:\WINDOWS\SYSTEM\D3EL32.EXE /s
O4 - HKLM\..\RunServices: [ATLWK.EXE] C:\WINDOWS\ATLWK.EXE /s
O4 - HKLM\..\RunServices: [MFCWU32.EXE] C:\WINDOWS\MFCWU32.EXE /s
O4 - HKLM\..\RunServices: [ADDOS32.EXE] C:\WINDOWS\SYSTEM\ADDOS32.EXE /s
O4 - HKLM\..\RunServices: [SDKHS.EXE] C:\WINDOWS\SYSTEM\SDKHS.EXE /s
O4 - HKLM\..\RunServices: [CRSO.EXE] C:\WINDOWS\SYSTEM\CRSO.EXE /s
O4 - HKLM\..\RunServices: [MFCLB32.EXE] C:\WINDOWS\SYSTEM\MFCLB32.EXE /s
O4 - HKLM\..\RunServices: [NTCO32.EXE] C:\WINDOWS\SYSTEM\NTCO32.EXE /s
O4 - HKLM\..\RunServices: [IEZY32.EXE] C:\WINDOWS\IEZY32.EXE /s
O4 - HKLM\..\RunServices: [ATLNY.EXE] C:\WINDOWS\SYSTEM\ATLNY.EXE /s
O4 - HKLM\..\RunServices: [WINGB32.EXE] C:\WINDOWS\SYSTEM\WINGB32.EXE /s
O4 - HKLM\..\RunServices: [NTLG32.EXE] C:\WINDOWS\NTLG32.EXE /s
O4 - HKLM\..\RunServices: [WINSN.EXE] C:\WINDOWS\WINSN.EXE /s
O4 - HKLM\..\RunServices: [MSYR.EXE] C:\WINDOWS\SYSTEM\MSYR.EXE /s
O4 - HKLM\..\RunServices: [SDKQQ.EXE] C:\WINDOWS\SDKQQ.EXE /s
O4 - HKLM\..\RunServices: [MSKF32.EXE] C:\WINDOWS\SYSTEM\MSKF32.EXE /s
O4 - HKLM\..\RunServices: [D3HQ32.EXE] C:\WINDOWS\D3HQ32.EXE /s
O4 - HKLM\..\RunServices: [WINRL.EXE] C:\WINDOWS\WINRL.EXE /s
-
O13 - DefaultPrefix: http://web.my-google.biz/best.php?url=
O13 - WWW Prefix: http://web.my-google.biz/best.php?url=
O13 - Home Prefix: http://web.my-google.biz/best.php?url=
O13 - Mosaic Prefix: http://web.my-google.biz/best.php?url=
-
O21 - SSODL: DDE Module - {303F44D5-5FEA-4509-ABDE-5E00C3F2125A} - C:\WINDOWS\SYSTEM\hun32.dll
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
bokfd.dll
sp.html
SDKVJ32.DLL
APPPJ32.DLL
WINPR32.EXE
SYSTEM\NTAF.EXE
WINHR.EXE
WINZB32.EXE
JAVAZH.EXE
SYSTH32.EXE
IEST.EXE
WINSI.EXE
APIAF32.EXE
NTPH.EXE
WINES32.EXE
MSNM.EXE
NTJC.EXE
ATLWP.EXE
ATLUY32.EXE
SDKLT32.EXE
NTMV.EXE
D3EG.EXE
IEWC32.EXE
APPRT32.EXE
NTFW.EXE
NTAV.EXE
APPZD32.EXE
ADDRU32.EXE
ATLLL32.EXE
JAVAFX32.EXE
ADDJI32.EXE
NTXX32.EXE
ATLMQ32.EXE
ADDRB.EXE
MFCLD.EXE
D3EL32.EXE
ATLWK.EXE
MFCWU32.EXE
ADDOS32.EXE
SDKHS.EXE
CRSO.EXE
MFCLB32.EXE
NTCO32.EXE
IEZY32.EXE
ATLNY.EXE
WINGB32.EXE
NTLG32.EXE
WINSN.EXE
MSYR.EXE
SDKQQ.EXE
MSKF32.EXE
D3HQ32.EXE
WINRL.EXE
hun32.dll
==================================

Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus.

Nel sistema manca un programma Antivirus e un Firewall, leggi la guida alla protezione PC
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=132&SH=N

Collaboratore Aiutamici

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate per favore log Hijack?Grazie

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded