E' la prima volta che vi scrivo e vi ringrazio anticipatamente per l'aiuto.
In un sistema win98se, ad ogni avvio viene mostrata la finestra di connessione ad internet. Per chiuderla occorre cliccare molte volte (fino a 270) nella casella di controllo o su annulla. Ho eseguito alcuni controlli con Adaware se, S&D, Adware Away, CwSredder e con l'antivirus eliminando alcine cose. Per ultimo ho usato Hijack This col quale ho eliminato molti oggetti, senza però risolvere il problema. vi invio il log prima della modifica per un controllo. Grazie di nuovo.
Logfile of HijackThis v1.99.1
Scan saved at 16.25.57, on 12/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCSETMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCPROXY.EXE
C:\WINDOWS\DOWNLOADED PROGRAM FILES\O3MTEJ\LT4EJJ.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\MIXER.EXE
C:\PROGRAM FILES\ASUS\PROBE\ASUSPROB.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAMMI\UTILITY\CLONECD\CLONECDTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\PASSWORD MANAGER\ACCTMGR.EXE
C:\PROGRAMMI\CYBERLINK\POWERDVD\PDVDSERV.EXE
C:\WINDOWS\SYSTEM\KMZIXXBU.EXE
C:\WINDOWS\SYSTEM\NSUAEKFOG.EXE
C:\PROGRAMMI\FILE COMUNI\SYMANTEC SHARED\CCAPP.EXE
C:\PROGRAMMI\FILE COMUNI\ROXIO SHARED\PROJECT SELECTOR\PROJSELECTOR.EXE
C:\PROGRAMMI\ROXIO\EASY CD CREATOR 6\DRAGTODISC\DRGTODSC.EXE
C:\PROGRAMMI\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\RXMON.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAMMI\UTILITY\ASHAMPOO WINOPTIMIZER 2004\POPUPKILLER.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINSM32.EXE
C:\PROGRAMMI\UTILITY\DIGISOFT ANTIDIALER\ANTIDIALER.EXE
C:\PROGRAMMI\ROXIO\EASY CD CREATOR 6\AUDIOCENTRAL\PLAYLIST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\Monwow.exe
C:\WINDOWS\LEXAREJ0.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\UT ESEGUIBILI\HIJACK THIS\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.libero.it/R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD01.DLL
O2 - BHO: IEHlprObj Class - {01FB9C55-FC66-4476-A199-389241193188} - C:\WINDOWS\SYSTEM\APOOCUKL.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\utility\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: IE PopUp-Killer ; Neikeisoft - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\UTILITY\ASHAMP~1\POPUP.DLL
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\LOGITECH\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [CloneCDTray] c:\programmi\utility\clonecd\CloneCDTray.exe
O4 - HKLM\..\Run: [MHInit] C:\Programmi\Utility\UnInstaller 4\mhinit.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [NPROTECT] C:\Programmi\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [Necutray] LEXAREJ0.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [TikBellExe] C:\WINDOWS\SYSTEM\KMZIXXBU.EXE
O4 - HKLM\..\Run: [nsuaekfog] c:\windows\system\nsuaekfog.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Programmi\File comuni\Symantec Shared\cfgwiz.exe /GUID NIS /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Programmi\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [projselector] "C:\Programmi\File comuni\Roxio Shared\Project Selector\projselector.exe" -r
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Programmi\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Programmi\File comuni\Symantec Shared\SymTray.exe "Norton SystemWorks"
O4 - HKLM\..\RunServices: [NPROTECT] C:\Programmi\Norton SystemWorks\Norton Utilities\Nprotect.exe
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinject.exe
O4 - HKLM\..\RunServices: [ccSetMgr] "C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe"
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [ccProxy] C:\PROGRA~1\FILECO~1\SYMANT~1\CCPROXY.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MailSkinner] c:\programmi\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\PROGRAMMI\UTILITY\ASHAMPOO WINOPTIMIZER 2004\PopUpKiller.exe
O4 - Startup: Microsoft Office.lnk = C:\WINDOWS\Application Data\Microsoft\Installer\{00000410-78E1-11D2-B60F-006097C998E7}\misc.exe
O4 - Startup: Promemoria del Calendario di Microsoft Works.lnk = C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Programmi\Norton SystemWorks\Norton CleanSweep\csinsm32.exe
O4 - Startup: Digisoft AntiDialer.lnk = C:\Programmi\Utility\Digisoft AntiDialer\AntiDialer.exe
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O15 - Trusted Zone:
www.sgrunt.bizO15 - Trusted Zone:
www.xbeta69.comO15 - Trusted Zone:
www.redfunny.comO15 - Trusted Zone:
www.skymasters.bizO15 - Trusted Zone:
www.archiviosex.netO15 - Trusted Zone: *.3
O15 - Trusted Zone:
www.new-access.bizO15 - Trusted Zone:
www.contentcooler.bizO15 - Trusted Zone:
http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {01BE5BD7-B2DD-48B3-A759-59265A91E787} -
http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1064.cabO16 - DPF: {C6760A07-A574-4705-B113-7856315922C3} -
http://akamai.downloadv3.com/binaries/IA/sysnetsvc32_EN.cabO16 - DPF: {A1C392A2-B274-46DB-89BE-1FBD476B9C93} -
http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1065.cabO16 - DPF: {B2B0AEDF-7CDF-4792-BB67-7654AD1E1B13} -
http://scripts.downloadv3.com/binaries/IA/sysinetsvc32_EN.cabO16 - DPF: {E114CD5B-17CE-4807-890E-7B1EDF9F2E5E} -
http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1066.cabO16 - DPF: {E24E8472-89B7-479F-8AD8-BBD7206A6A02} -
http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1067.cabO16 - DPF: {95460ABD-946A-46FF-9F56-268718323EEE} -
http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1068.cabO16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {43331111-1111-1111-1111-611111195622} - file://c:\ex.cab
O16 - DPF: {BA749BC1-143E-430D-B1DA-1D2AF67A3658} -
http://scripts.downloadv3.com/binaries/EGDAccess/EGDACCESS_1069.cab