Visualizzazione dei risultati da 1 a 8 su 8

Discussione: mi controllate il log

  1. #1

    mi controllate il log

    Ecco, ho dei problemi con IE e con SpyrewareBlaster, quest'ultimo non mi parte neanche disistallandolo e reistallandolo:

    Logfile of HijackThis v1.97.7
    Scan saved at 15.23.14, on 22/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Programmi\Norton AntiVirus\navapsvc.exe
    C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Programmi\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programmi\Norton AntiVirus\SAVScan.exe
    C:\Programmi\Microsoft IntelliType Pro\type32.exe
    C:\Programmi\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\3Com\Launcher.exe
    C:\Programmi\DLink\Software Bluetooth\BTTray.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Programmi\SpywareGuard\sgmain.exe
    C:\Programmi\File comuni\3Com\LanSupportService.exe
    C:\Programmi\File comuni\3Com\AllWirelessLansService.exe
    C:\Programmi\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Documents and Settings\mino\Documenti\hjt\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.globservice.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
    O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
    O4 - Global Startup: 3Com Launcher.lnk = C:\Programmi\3Com\Launcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Image Transfer.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Ricerche (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...ctor/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...070.1068287037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  2. #2
    up!

    Ecco le immagini dei messaggi che mi appaiono.

    Chi mi aiuta?

    SWBlaster non mi funziona più!

  3. #3
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Prova così:

    1- Scaricare ed installare AdAware ed aggiornarlo con le ultime definizioni.

    2- Riavviare in modalità provvisoria

    3- Aprire Esplora Risorse cliccare su Visualizza poi su Opzioni cartella e poi ancora su Visualizza. Mettere la spunta su "Mostra tutti i file" cliccare su Applica.

    4- Settare AdAware:
    dalla finestra principale del programma portarsi in alto e cliccare sull'icona Configurazione (icona ingranaggio), ci saranno 4 voci mettere la spunta selle ultime tre (devono diventare verdi)
    A) salva log file
    B) in quarantena prima di rimuovere
    C) Modo sicuro
    Ora cliccare su Personalizza (sempre dalla stessa finestra)
    Mettere la spunta su "Usa la mia configurazione di default" e cliccare al suo fianco su Personalizza
    Mettere la spunata su
    "Controlla all'interno delle cartelle"
    Nella parte "Memoria & Registro" mettere la spunta a tutte e 5 le voci (devono sempre diventare verdi)
    Cliccare su Continua (in basso)
    Ora cliccare con tutte le applicazioni chiuse, su Inizio (in basso a dx) e poi su Avanti.

    5- Riavviare, ripristinare i settaggi riguardanti i file di sistema
    Aprire Esplora Risorse cliccare su Visualizza poi su Opzioni cartella e poi ancora su Visualizza. Mettere la spunta su "Non mostrare i file nascosti e di sistema" cliccare su Applica.


    6- Fare una scansione con HJT e postare il log
    ==
    Visita il mio blog SuspectFile.com
    ==

  4. #4
    Ciao, grazie per l'aiuto.
    Ho fatto tutto ed ecco il log.

    Ho scaricato ed installato "Kerio personal Firewall", potrei risolvere con questo programma? Se si, alla scadenza del trial compro la versione.

    codice:
       
    Logfile of HijackThis v1.97.7
    Scan saved at 9.50.22, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Programmi\Norton AntiVirus\navapsvc.exe
    C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Programmi\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programmi\Microsoft IntelliType Pro\type32.exe
    C:\Programmi\Microsoft IntelliPoint\point32.exe
    C:\Programmi\Norton AntiVirus\SAVScan.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\File comuni\Real\Update_OB\rnathchk.exe
    C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Spyware Doctor\spydoctor.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\3Com\Launcher.exe
    C:\Programmi\DLink\Software Bluetooth\BTTray.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Programmi\SpywareGuard\sgmain.exe
    C:\Programmi\File comuni\3Com\LanSupportService.exe
    C:\Programmi\File comuni\3Com\AllWirelessLansService.exe
    C:\Programmi\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Documents and Settings\mino\Documenti\hjt\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.globservice.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE
    O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\spydoctor.exe" /Q
    O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
    O4 - Global Startup: 3Com Launcher.lnk = C:\Programmi\3Com\Launcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Image Transfer.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Ricerche (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...ctor/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...070.1068287037
    O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/A...ler/dwnldr.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  5. #5
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    Scaricati questi due programmi

    SP.html - Hijack Fixer Crea una nuova cartella sul desktop e mettici dentro l'eseguibile.


    CWShredder

    Ora con tutti i programmi chiusi (!),anche il browser dev'essere chiuso (!), apri la cartella precedentemente creata e clicca sul file sphjfix e poi su "start disinfection" finita la scansione riavvia e fai una nuova scansione.

    Riavvia in modalità provvisoria.

    Apri HijackThis (tutti i programmi DEVONO essere chiusi) clicca su Scan e metti la spunta al fianco dei valori e clicca su Fix Checked.


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\mino\IMPOST~1\Temp\sp.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
    O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file)
    O6 - HKCU\Software\Policies\Microsoft\Interne
    t Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Interne
    t Explorer\Control Panel present

    Non conosco questo valore,

    O4 - HKLM\..\Run: [SplashDisplayer] C:\WINDOWS\System32\ISTHTB.EXE


    verificalo e se non è associato a nessun programma che conosci spuntalo e rimuovilo.
    Ricordati poi che andrà rimosso, in modalità provvisoria, anche l'eseguibile. Eseguibile che troverai in

    C:\WINDOWS\System32\ISTHTB.EXE <===il file.
    =====================================
    Sempre dalla modalità provvisoria Avvia AdAware e settato in questo modo fai una scansione:

    Dalla finestra principale del programma portati in alto e clicca sull'icona Configurazione (icona ingranaggio), troverai 4 voci metti la spunta selle ultime tre (devono diventare verdi)
    A) salva log file
    B) in quarantena prima di rimuovere
    C) Modo sicuro
    Ora clicca su Personalizza (sempre dalla stessa finestra)
    Metti la spunta su "Usa la mia configurazione di default" e clicca al suo fianco su Personalizza
    Metti la spunata su
    "Controlla all'interno delle cartelle"
    Nella parte "Memoria & Registro" metti la spunta a tutte e 5 le voci (devono sempre diventare verdi)
    Clicca su Continua (in basso)
    Ora clicca con tutte le applicazioni chiuse, su Inizio (in basso a dx) e poi su Avanti.
    Finita la scansione elimina tutti i valori in rosso che AdAware ti ha trovato, riavvia il pc in modalità normale.
    ======================================


    Apri CWShredder e clicca su Fix. Riavvia il pc.

    Elimina il contenuto delle cartelle TEMP, Temporary internet files e cookies.

    Fai un nuovo Scan con HJT e posta il Log.

    P.S.
    Ovviamente prima di fare la scansione con AdAware assicurati d'avere le definizioni aggiornate. Per verificarlo apri AdAware e dalla finestra principale controlla il n° del Reffile e la data


    ==
    Visita il mio blog SuspectFile.com
    ==

  6. #6
    Utente bannato
    Registrato dal
    Mar 2002
    Messaggi
    1,768
    mi hai dato un buono spunto...

    Nn lo aggiornavo da secoli io sinceramente



  7. #7
    Ciao,
    grazie per la puntualità e la pazienza.

    Ecco il log:
    codice:
      
    Logfile of HijackThis v1.97.7
    Scan saved at 21.57.19, on 23/06/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\DLink\Software Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\gearsec.exe
    C:\Programmi\Kerio\Personal Firewall 4\kpf4ss.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\Programmi\Norton AntiVirus\navapsvc.exe
    C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\Programmi\RealVNC\WinVNC\WinVNC.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Norton AntiVirus\SAVScan.exe
    C:\Programmi\Kerio\Personal Firewall 4\kpf4gui.exe
    C:\WINDOWS\System32\RunDll32.exe
    C:\Programmi\Microsoft IntelliType Pro\type32.exe
    C:\Programmi\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\carpserv.exe
    C:\Programmi\File comuni\Real\Update_OB\rnathchk.exe
    C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\QuickTime\qttask.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\3Com\Launcher.exe
    C:\Programmi\DLink\Software Bluetooth\BTTray.exe
    C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    C:\Programmi\Sony Corporation\Image Transfer\SonyTray.exe
    C:\Programmi\SpywareGuard\sgmain.exe
    C:\Programmi\File comuni\3Com\LanSupportService.exe
    C:\Programmi\File comuni\3Com\AllWirelessLansService.exe
    C:\Programmi\SpywareGuard\sgbhp.exe
    C:\PROGRA~1\3Com\WLANMA~1\Activate.exe
    C:\Documents and Settings\mino\Documenti\hjt\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.globservice.net/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programmi\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [type32] "C:\Programmi\Microsoft IntelliType Pro\type32.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Programmi\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [B'sCLiP] C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programmi\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
    O4 - HKLM\..\Run: [MMTray] C:\Programmi\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TerraTec Remote Control] C:\Programmi\TerraTec\Cinergy 400 TV\TTTVRC.exe
    O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Spyware Doctor] "C:\Programmi\Spyware Doctor\spydoctor.exe" /Q
    O4 - Startup: SpywareGuard.lnk = C:\Programmi\SpywareGuard\sgmain.exe
    O4 - Global Startup: 3Com Launcher.lnk = C:\Programmi\3Com\Launcher.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: hpoddt01.exe.lnk = ?
    O4 - Global Startup: Image Transfer.lnk = ?
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\DLink\Software Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
    O9 - Extra button: Ricerche (HKLM)
    O9 - Extra button: @btrez.dll,-4015 (HKLM)
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 (HKLM)
    O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/pub...ctor/swdir.cab
    O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...ntent/opuc.cab
    O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...070.1068287037
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab

  8. #8
    Moderatore di Sicurezza informatica e virus L'avatar di amvinfe
    Registrato dal
    May 2002
    Messaggi
    6,739
    dal Log sembrerebbe tutto a posto
    ==
    Visita il mio blog SuspectFile.com
    ==

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.