Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 10 su 10

Discussione: Advertisement popup

  1. 16-11-2007, 15:10 #1
    sabboc
    sabboc non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2004
    Messaggi
    28

    Advertisement popup

    Cia oa tutti.Ho provato tutti i metodi elencati nel topic in evidenza,antivirus,scansioneonline,antispyware,ecc ecc ma questo fastidiosissimo problema non va via.L'ultima soluzione è il vostro aiuto con i log di hijack...ecco i log
    Rispondi quotando Rispondi quotando
  2. 16-11-2007, 15:12 #2
    sabboc
    sabboc non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2004
    Messaggi
    28
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\DAEMON Tools\daemon.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\SoftwareUpdater.exe
    C:\WINDOWS\mrofinu387.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Insider\Insider.exe
    C:\PROGRA~1\MCROSO~1.NET\netdde.exe
    C:\Programmi\WinAble\winable.exe
    C:\Programmi\ISM2\ISMPack7.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\BitTorrent\bittorrent.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft\w?auboot.exe
    C:\Programmi\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: XBTB06456 - {271383CE-5C7C-4DDA-87F3-3C519E7C6320} - C:\PROGRA~1\PAGINE~1\visual.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Programmi\ISM\BndDrive7.dll
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    O2 - BHO: (no name) - {B38DDD42-6384-2C1D-DA29-4BE603F502E7} - C:\WINDOWS\system32\hlsmjepz.dll
    O3 - Toolbar: PagineGialle Visual Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Programmi\PagineGialle Visual Toolbar\visual.dll
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
    Rispondi quotando Rispondi quotando
  3. 16-11-2007, 15:13 #3
    sabboc
    sabboc non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2004
    Messaggi
    28
    O4 - HKLM\..\Run: [Hotplug] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
    O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [auoie] C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba\syslcznp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Update 3400C] C:\DOCUME~1\ADMINI~1\Desktop\SALVAT~1\Drivers\Scan ner\hpupdate.exe 3400C
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu387.exe 61A847B5BBF728113A9C284503996897C881240221C8670836 AC4FA7C8933154389A24566EF90DE0D29332016DC76C5C01F3 7D84BBFD566D55F8540B30A647BA9CC6211A35856D1E27
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - HKCU\..\Run: [Insider] C:\Programmi\Insider\Insider.exe
    O4 - HKCU\..\Run: [Rauh] "C:\PROGRA~1\MCROSO~1.NET\netdde.exe" -vt ndrv
    O4 - HKCU\..\Run: [Odkcux] "C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft\w?auboot.exe"
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Administrator\Dati applicazioni\WinTouch\WinTouch.exe
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrator\Dati applicazioni\Microsoft\Windows\gjvaww.exe
    O4 - HKCU\..\Run: [Words] C:\Programmi\Words\Words.exe
    O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe
    O4 - HKCU\..\Run: [ISMPack7] "C:\Programmi\ISM2\ISMPack7.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = H:\@Varie\Preinstallati\512\winPenPack\Bin\OpenOff ice\program\quickstart.exe
    O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.happyfile.net
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/files...Install_it.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vaxo.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
    O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {AB6466A4-27CA-417D-A76D-5DA68E08FFE8} - http://uqbvru5am.com/5bb45dd6c0b083d...imateBonus.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {E0BCBA6D-103A-42BD-96F0-C54FE40FF129} - http://bknroe85r8.com/1dbb68715a1061...TrueSearch.cab
    O16 - DPF: {F2BA92C0-F059-492B-92A6-2ACFF71D0EEA} - http://fef7l4wm.com/47995f4f459e7951...rivateGold.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A45623-6BF3-474B-BDFD-DB4D66A0774A}: NameServer = 85.37.17.49 85.38.28.91
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Rilevamento Plug&Play (rltpp) - Unknown owner - C:\WINDOWS\Downlo~1\j3w0y90\4tfriu.exe (file missing)
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    Rispondi quotando Rispondi quotando
  4. 17-11-2007, 13:32 #4
    sabboc
    sabboc non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2004
    Messaggi
    28
    pleaseee nn li sopporto più
    Rispondi quotando Rispondi quotando
  5. 17-11-2007, 14:16 #5
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    provo a ripulirlo ma..... neanche il mirar e altri trojan si son tolti? mah...

    scarica: CCleaner, MSNFix, combofix, Superantispyware , Virit
    (gli ultimi due lì installi e fai un aggiornamento).
    per ripristinare la Trusted Zone scarica DelDomains e salvalo sul desktop.
    => clic con tasto destro del mouse e scegli "Installa".

    Disattiva il ripristino configurazione di sistema (start - pannello di controllo - sistema - ripristino configurazione di sistema - spunta "disattiva ripristino configuraz. di sistema")

    Esegui CCleaner; in opzioni avanzate togli la spunta su "Cancella i file temp. piu vecchi di 48 ore"
    Ripulisci sia i file temporanei e cookie che il registro.

    Usa MSNFix (scaricalo e scompattalo in una tua cartella creata in c:\programmi).
    Inizialmente devi rispondere con I e invio - R (ricerca) e invio. Alla fine della scansione troverai un file di testo e un file zip (quest'ultimo dovrai eliminarlo).

    Esegui una scansione con con combofix, Superantispyware e virit. Posta il report di combofix e virit.
    La scansione con virit devi farla in modalità provvisoria, disattivando antivirus e firewall.
    Fatto tutto, riattiva il ripristino configurazione di sistema, antivirus e firewall.
    I report richiesti devi caricarli su Sendmefile. Posta quello di hjt.


    questo è quello che ho trovato:
    da controllare su www.virustotal.com:
    O2 - BHO: (no name) - {B38DDD42-6384-2C1D-DA29-4BE603F502E7} - C:\WINDOWS\system32\hlsmjepz.dll
    O4 - HKLM\..\Run: [auoie] C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba\syslcznp.exe (Trojan.Downloader-Gen/Emitt.Process)
    O4 - HKCU\..\Run: [Rauh] "C:\PROGRA~1\MCROSO~1.NET\netdde.exe" -vt ndrv (???)

    da fixare:
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Programmi\ISM\BndDrive7.dll (AdWare.Win32.AdBand.b)
    O2 - BHO: Mirar - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (Mirar)
    O3 - Toolbar: Mirar - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (mirar)
    O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe (Virus:Trj/Downloader.QDQ)
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu387.exe 61A847B5BBF728113A9C284503996897C8812402...
    O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - HKCU\..\Run: [Insider] C:\Programmi\Insider\Insider.exe (Trojan.Win32.Agent.bnd)
    O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\Administrator\Dati applicazioni\WinTouch\WinTouch.exe (Trojan-Downloader.Matcash)
    O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\Administrator\Dati applicazioni\Microsoft\Windows\gjvaww.exe
    O4 - HKCU\..\Run: [Words] C:\Programmi\Words\Words.exe (AdWare.Win32.Agent.dn adware)
    O4 - HKCU\..\Run: [WinAble] C:\Programmi\WinAble\winable.exe ( Trojan/Backdoor)
    O15 - Trusted Zone: http://www.happyfile.net
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
    O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://cdn.downloadcontrol.com/file...eInstall_it.cab
    O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://axcab.wrs.mcboo.com/website.cab
    O16 - DPF: {F2BA92C0-F059-492B-92A6-2ACFF71D0EEA} - http://fef7l4wm.com/47995f4f459e795...PrivateGold.cab (Gromozon sites)
    O23 - Service: Rilevamento Plug&Play (rltpp) - Unknown owner - C:\WINDOWS\Downlo~1\j3w0y90\4tfriu.exe (file missing)

    se non conosci questi siti, anche:
    O16 - DPF: {AB6466A4-27CA-417D-A76D-5DA68E08FFE8} - http://uqbvru5am.com/5bb45dd6c0b083...timateBonus.cab
    O16 - DPF: {E0BCBA6D-103A-42BD-96F0-C54FE40FF129} - http://bknroe85r8.com/1dbb68715a106.../TrueSearch.cab

    con avenger
    files:
    C:\WINDOWS\Downloaded Program Files\MirarSetup.exe
    C:\WINDOWS\System32\WinDmy.dll
    C:\Programmi\ISM\BndDrive7.dll
    C:\WINDOWS\system32\WinNB58.dll
    C:\WINDOWS\SoftwareUpdater.exe
    C:\WINDOWS\mrofinu387.exe
    C:\Documents and Settings\Administrator\Dati applicazioni\WinTouch\WinTouch.exe
    C:\Documents and Settings\Administrator\Dati applicazioni\WinTouch\wintouch.cfg
    C:\Documents and Settings\Administrator\Dati applicazioni\WinTouch\WTUninstaller.exe
    e cartelle:
    C:\Programmi\Words
    C:\Programmi\WinAble
    C:\Programmi\Insider
    armati di pazienza....
    Rispondi quotando Rispondi quotando
  6. 17-11-2007, 14:29 #6
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    se guardi nella "citazione" trovi anche qualche riferimento...

    Solo il mirar porta qualcosa come 67 chiavi di registro (ci sono capitata anche io :P). Rimuoverlo con Symantec non fece nulla. Dopo 6 ore me lo ripresi tale e quale.
    Lo risolsi rimuovendo tutte le voci "mirar" presenti nel registro. Se non ricordo male, quando lo feci io uscirono dei collegamenti a dei siti mirar.
    Un po' alla volta faremo tutto.. spero :P
    Rispondi quotando Rispondi quotando
  7. 17-11-2007, 17:31 #7
    sabboc
    sabboc non è in linea
    Utente di HTML.it
    Registrato dal
    Apr 2004
    Messaggi
    28
    Innanzitutto grazie mille per l'attenzione e per il disturbo.
    Il report di combo è qui
    http://www.sendmefile.com/00595777

    l'attuale hijack è

    Logfile of HijackThis v1.99.1
    Scan saved at 16.30.53, on 17/11/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
    C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Programmi\DAEMON Tools\daemon.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\SoftwareUpdater.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UStorSrv.exe
    C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe
    C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    C:\PROGRA~1\WIDCOMM\SOFTWA~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\BitTorrent\bittorrent.exe
    C:\Programmi\Java\jre1.6.0_01\bin\jucheck.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: XBTB06456 - {271383CE-5C7C-4DDA-87F3-3C519E7C6320} - C:\PROGRA~1\PAGINE~1\visual.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O3 - Toolbar: PagineGialle Visual Toolbar - {25F97EB4-1C02-45BA-BA0C-E67AACE64D4A} - C:\Programmi\PagineGialle Visual Toolbar\visual.dll
    O4 - HKLM\..\Run: [Hotplug] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe
    O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
    O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe "
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [auoie] C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba\syslcznp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [HP Update 3400C] C:\DOCUME~1\ADMINI~1\Desktop\SALVAT~1\Drivers\Scan ner\hpupdate.exe 3400C
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Programmi\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [Odkcux] "C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft\w?auboot.exe"
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: OpenOffice.org 2.1.lnk = H:\@Varie\Preinstallati\512\winPenPack\Bin\OpenOff ice\program\quickstart.exe
    O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Picture Package Menu.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
    O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Programmi\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://vaxo.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
    O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/sel...g/ESTPTest.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F5A45623-6BF3-474B-BDFD-DB4D66A0774A}: NameServer = 85.37.17.49 85.38.28.91
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Rilevamento Plug&Play (rltpp) - Unknown owner - C:\WINDOWS\Downlo~1\j3w0y90\4tfriu.exe (file missing)
    O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SsBeSvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
    Rispondi quotando Rispondi quotando
  8. 17-11-2007, 20:21 #8
    Topdrake
    Topdrake non è in linea
    Utente di HTML.it L'avatar di Topdrake
    Registrato dal
    Jul 2006
    Messaggi
    383
    fixa:
    O4 - HKLM\..\Run: [auoie] C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba\syslcznp.exe
    O4 - HKLM\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe
    O4 - HKCU\..\Run: [Odkcux] "C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft\w?auboot.exe"
    O4 - HKCU\..\Run: [SoftwareUpdater] C:\WINDOWS\SoftwareUpdater.exe

    scarica avenger sul desktop
    http://swandog46.geekstogo.com/avenger.zip
    Decomprimi l'archivio

    Avvia il file avenger.exe
    Seleziona l'opzione "Input Script Manually"
    Clicca sulla lente di ingrandimento

    Ti si apre una finestra "View/edit script"
    All'interno del box bianco,
    copi e incolli

    files to delete:
    C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba\syslcznp.exe
    C:\WINDOWS\SoftwareUpdater.exe
    C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft\w?auboot.exe

    folders to delete:
    C:\Documents and Settings\Administrator\Dati applicazioni\semanatiba
    C:\Documents and Settings\Administrator\Dati applicazioni\?icrosoft

    clicca sul pulsante Done
    Clicca sull'icona del semaforo verde
    Rispondi Yes
    Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

    posta il log di avenger e nuovo di HJT.
    Rispondi quotando Rispondi quotando
  9. 17-11-2007, 21:20 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    posti anche quello di virit? Grazie

    analizza questo su www.vitustotal.com
    C:\WINDOWS\system32\aswBoot.exe
    C:\WINDOWS\system32\wunauclt.exe

    @ Topdrake consulenza..
    resta da aggiustare questa:
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders]
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll

    :master: si elimina il file C:\WINDOWS\ntoskrnl.dll e la sola .dll?
    penso di si.. devono restare solo le prime 4..
    Rispondi quotando Rispondi quotando
  10. 18-11-2007, 02:00 #10
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ...non saltare l'intervento di Topdrake, è importante. Una volta fatto, passi a questo.
    I controlli comprendono sia ntoskrnl.dll che ntsystem.exe (se c'è). Non so quali altri files ti erano stati trovati e cancellati, quindi.. questo è per avenger:
    files to delete:
    C:\WINDOWS\user32.exe
    C:\WINDOWS\dr.exe
    C:\WINDOWS\system32\ntoskrnl.dll
    C:\WINDOWS\system32\ntsystem.exe
    C:\WINDOWS\system32\wunauclt.exe
    C:\Programmi\serial.zip
    C:\Programmi\serial.tde
    C:\Programmi\wunauclt.zip
    C:\Programmi\wunauclt.tbe
    C:\WINDOWS\Tasks\At1.job
    C:\WINDOWS\Tasks\At2.job
    C:\WINDOWS\Tasks\At3.job
    C:\WINDOWS\Tasks\gxf.job
    C:\WINDOWS\Tasks\gzgtxvxu.job
    C:\WINDOWS\Tasks\leuhw.job
    C:\WINDOWS\Tasks\ymbuc.job
    C:\WINDOWS\Tasks\zcrchntp.job
    C:\WINDOWS\Tasks\zxxhmc.job

    folders to delete:
    C:\Programmi\Words
    C:\Programmi\WinAble
    C:\Programmi\Insider
    apri il registro (start - esegui - digita: regedit - dai l'ok)
    esporta registro: file => esporta => nominalo come vuoi e salvalo in una destinazione che ricorderai.

    segui il pecorso:
    HKEY_USERS\S-1-5-21-1085031214-1580818891-1957994488-1003\Software\Microsoft\Search Assistant\ACMru\5603
    a destra della finestra cerca "001"="ntoskrnl.dll" - se c'è, cliccaci sopra con il tasto destro ed elimina. Se c'è, elimina anche "ntsystem.exe"

    segui quest'altro percorso:
    HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\securityproviders
    a destra della finestra troverai:
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, ntoskrnl.dll
    clicca 2 volte su SecurityProviders => modifica => cancella ", ntoskrnl.dll" e dai l'ok.

    devi diventare così:
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

    chiudi il registro e riavvia il pc. Vedi se c'è ancora ntoskrnl.dll (ed eventualmente ntsystem.exe) in system32.
    Rilancia combofix e posta il report.
    Dimmi ora come va..
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.