spyware che non riesco ha trovare

[grf87]

ciao, facendo la scansione on_line con panda eccco il risultato.......

Adware:adware/sgrunt Not disinfected Windows Registry
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\john\Cookies\john@doubleclick[1].txt

.....solo che non riesco ha trovare e ad eliminare questi due spyware....come mai????

facendo la scansione con un altro sito....KASPERSKY..


Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStor e.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb .log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp .edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{AD9DB3 CC-EACB-4569-A1A6-88AB4941B598}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.





come posso procedere??????





Logfile of HijackThis v1.99.1
Scan saved at 12.47.06, on 30/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\TUGZip\TUGZip.exe
C:\DOCUME~1\john\IMPOST~1\Temp\tz_exec.tmp130\Hija ckThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language. exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EAE9C6A1-8BDD-4A48-B3B1-9528C59BBCC6}: NameServer = 85.37.17.57 85.38.28.80
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

[tognazzi]

O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe

io non vedo niente, log pulito per me. la voce sopra è tuttora sotto giudizio in www.processlibrary.com. questo NON significa che devi fixarla, solo che lo staff di quel sito non ha ancora dato un giudizio (se considerarla legittima o nociva).
ma in ogni caso non mi pare che sia la fonte del tuo problema.
scarica systemscan da www.suspectfile.com, salva il report, caricalo su www.easy-share.com e posta qui il link che otterrai.

[grf87]

non riesco a scaricare systemscan

Warning! You should have already downloaded the last Systemscan version (sys9238.exe).
If you can't download it probably your browser or your firewall is blocking popups.
Please enable popup on your PC and try again.

Systemscan will be available within 113 seconds. Please reload this page after that time.

[holifay]

con che browser?

[grf87]

Originariamente inviato da grf87
non riesco a scaricare systemscan

Warning! You should have already downloaded the last Systemscan version (sys9238.exe).
If you can't download it probably your browser or your firewall is blocking popups.
Please enable popup on your PC and try again.

Systemscan will be available within 113 seconds. Please reload this page after that time.

utilizzo IE

[holifay]

svuota i file temporanei di internet e la cronologia e riprova. Puo darsi che nelle opzioni avanzate è deselezionata la voce "abilita installazione su richiesta"?

[grf87]

Originariamente inviato da holifay
svuota i file temporanei di internet e la cronologia e riprova. Puo darsi che nelle opzioni avanzate è deselezionata la voce "abilita installazione su richiesta"?

la voce è selezionata..........ho svuotato ma non riesco ad istallare

[holifay]

tasto destro, "salva con nome"
http://www.suspectfile.com/systemsca...4/sys93284.exe

[grf87]

Originariamente inviato da holifay
tasto destro, "salva con nome"
http://www.suspectfile.com/systemsca...4/sys93284.exe

accedendo da questo link ho questo problema:File non trovato

L'indirizzo inserito non è più disponibile oppure è errato. Verifica di aver digitato correttamente dopodichè avvisa il webmaster del problema incontrato.

[grf87]

perchè non riesco a scaricare systemscan???????