Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 3 1 2 3 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 23
  1. 28-10-2007, 23:33 #1
    dvign72
    dvign72 non è in linea
    Utente di HTML.it
    Registrato dal
    Oct 2007
    Messaggi
    28

    Aiuto

    Ciao a tutti!!

    Ho seguito le istruzioni per eliminare virus e/o spyware e/o trojan ecc., ma non ci sono riuscito del tutto.

    Allego il log di Hijackthis se qualcuno mi puo' aiutare.

    1000 Grazie anticipate.
    Logfile of HijackThis v1.99.1
    Scan saved at 22.29.07, on 28/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\NetScreen\NetScreen-Remote\IreIKE.exe
    C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
    C:\Programmi\Juniper Networks\Common Files\dsNcService.exe
    C:\WINDOWS\system32\HDDSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\NetScreen\NetScreen-Remote\IPSecMon.exe
    C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\hphmon06.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\WINDOWS\ALCMTR.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
    C:\Programmi\File comuni\Symantec Shared\ccApp.exe
    C:\Programmi\File comuni\Real\Update_OB\realsched.exe
    C:\Programmi\Nero\Nero 7\InCD\InCD.exe
    C:\Programmi\iTunes\iTunesHelper.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
    C:\Programmi\Windows Media Player\WMPNSCFG.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\iPod\bin\iPodService.exe
    C:\Programmi\NetScreen\NetScreen-Remote\SafeCfg.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php...MjI6Ojg5&lid=2
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
    O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CZFMDXPK] C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\1193558115\bm.exe" dm=http://bravenet.com; ad=http://bravenet.com
    O4 - HKLM\..\Run: [rtasks] C:\Programmi\1193558115\rtasks.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programmi\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Programmi\NetScreen\NetScreen-Remote\SafeCfg.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .nwc: C:\Programmi\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
    O15 - Trusted Zone: *.3
    O15 - Trusted Zone: www.superspots.biz
    O15 - Trusted Zone: www.xbeta69.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147116971171
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://80.18.126.53/tsweb/,DanaInfo....1.2+msrdp.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O21 - SSODL: bxsbang - {76E9B313-BC42-48FF-AE09-310F07083FC3} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {915E05B5-666B-46A3-9AD5-5D736FF1DECA} - C:\WINDOWS\ocgrep.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    ....
    Rispondi quotando Rispondi quotando
  2. 29-10-2007, 00:47 #2
    Habanero
    Habanero non è in linea
    Moderatore di Sicurezza informatica e virus L'avatar di Habanero
    Registrato dal
    Jun 2001
    Messaggi
    9,782
    dvign72 come nuovo utente di suggerisco la lettura del regolamento:
    http://forum.html.it/forum/showthrea...hreadid=997970

    Per favore la prossima volta scegli meglio il titolo della discussione e indica con più dettaglio il problema riscontrato. Grazie.
    Leggi il REGOLAMENTO!

    E' molto complicato, un mucchio di input e output, una quantità di informazioni, un mucchio di elementi da considerare, ho una quantità di elementi da tener presente...
    Drugo
    Rispondi quotando Rispondi quotando
  3. 29-10-2007, 04:23 #3
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Scarica Avenger, CCleaner e FindAWF
    Entra in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
    Disattiva il ripristino configurazione di sistema (start - pannello di controllo - sistema - ripristino configurazione di sistema - spunta "disattiva ripristino configuraz. di sistema")

    Con hjt fixa:
    O2 - BHO: MSVPS System - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - C:\WINDOWS\movctrlnkd.dll
    O3 - Toolbar: The nssfrch - {AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD} - C:\WINDOWS\nssfrch.dll
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O15 - Trusted Zone: *.3
    O15 - Trusted Zone: www._superspots.biz
    O15 - Trusted Zone: www._xbeta69.com
    O21 - SSODL: bxsbang - {76E9B313-BC42-48FF-AE09-310F07083FC3} - C:\WINDOWS\bxsbang.dll
    O21 - SSODL: ocgrep - {915E05B5-666B-46A3-9AD5-5D736FF1DECA} - C:\WINDOWS\ocgrep.dll

    Esegui avenger, seleziona l'opzione "Input Script Manually" e clicca sulla lente d'ingrandimento.
    All'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:
    files to delete:
    C:\WINDOWS\movctrlnkd.dll
    C:\WINDOWS\nssfrch.dll
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\ocgrep.dll
    Clicca sul pulsante "Done", poi sul semaforo verde, rispondi Yes. Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu.

    Esegui CCleaner; in opzioni avanzate togli la spunta su "Cancella i file temp. piu vecchi di 48 ore". Ripulisci sia i file temporanei e cookie che il registro.
    Esegui FindAWF (scegli opzione "1") e salva il report
    Riattiva il ripristino configurazione di sistema.
    Posta i report di avenger, di hjt e FindAWF.
    Rispondi quotando Rispondi quotando
  4. 29-10-2007, 10:48 #4
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    questo è lo script per avenger, inseriscilo al posto di quello suindicato.

    files to delete:
    C:\WINDOWS\movctrlnkd.dll
    C:\WINDOWS\nssfrch.dll
    C:\WINDOWS\bxsbang.dll
    C:\WINDOWS\ocgrep.dll
    C:\WINDOWS\kthemup.exe

    folders to delete:
    C:\WINDOWS\privacy_danger
    Rispondi quotando Rispondi quotando
  5. 29-10-2007, 22:55 #5
    dvign72
    dvign72 non è in linea
    Utente di HTML.it
    Registrato dal
    Oct 2007
    Messaggi
    28

    1000 grazie

    1000 grazie Deifobe. Con il tuo aiuto sono riuscito a ripulire il computer.
    Allego i report finali.

    P.S.: Chi mi puo' dare qualche consiglio per ottimizzare il computer??

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Service s\oylwowdp

    *******************

    Script file located at: \??\C:\Documents and Settings\gexjgjld.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:



    File C:\WINDOWS\movctrlnkd.dll not found!
    Deletion of file C:\WINDOWS\movctrlnkd.dll failed!

    Could not process line:
    C:\WINDOWS\movctrlnkd.dll
    Status: 0xc0000034

    File C:\WINDOWS\nssfrch.dll deleted successfully.
    File C:\WINDOWS\bxsbang.dll deleted successfully.
    File C:\WINDOWS\ocgrep.dll deleted successfully.
    File C:\WINDOWS\kthemup.exe deleted successfully.
    Folder C:\WINDOWS\privacy_danger deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.


    Logfile of HijackThis v1.99.1
    Scan saved at 20.34.47, on 29/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ion&pf=desktop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    F2 - REG:system.ini: Shell=explorer.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
    O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [CZFMDXPK] C:\PROGRA~1\FDD_FM~1\CZFMDXPK.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Diskeeper Corporation\Diskeeper\DkIcon.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Programmi\Nero\Nero 7\InCD\InCD.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Salestart] "C:\Programmi\File comuni\1193558115\bm.exe" dm=http://bravenet.com; ad=http://bravenet.com
    O4 - HKLM\..\Run: [rtasks] C:\Programmi\1193558115\rtasks.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Programmi\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Programmi\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Global Startup: NetScreen-Remote.lnk = C:\Programmi\NetScreen\NetScreen-Remote\SafeCfg.exe
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .nwc: C:\Programmi\NoteWorthy Software\NWC Browser Plugin\npnwcw32.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147116971171
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://80.18.126.53/tsweb/,DanaInfo....1.2+msrdp.cab
    O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game12.zylom.com/activex/zylomgamesplayer.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
    O23 - Service: CZFMDSER.EXE - Unknown owner - C:\PROGRA~1\FDD_FM~1\CZFMDSER.EXE
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Programmi\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: HDD Information Service (HDDSvc) - AltrixSoft (http://www.altrixsoft.com/) - C:\WINDOWS\system32\HDDSvc.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Nero\Nero 7\InCD\InCDsrv.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Programmi\NetScreen\NetScreen-Remote\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Programmi\NetScreen\NetScreen-Remote\IreIKE.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
    Rispondi quotando Rispondi quotando
  6. 29-10-2007, 23:18 #6
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    non abbiamo ancora finito... resta il registro da ripulire

    Scarica Registry Search Tool.

    fixa:
    O2 - BHO: (no name) - {077F45D5-5CC9-4FC8-A7BB-9D79836A6066} - (no file)

    Lancia il programma che hai scaricato (regsrch) e cerca separatamente quanto ti elenco (fai copia/incolla ed elimina le virgolette), salvando o lasciando aperti i file .txt con i risultati.
    Il programma potrebbe anche dirti che non ha trovato nulla, ci vorra' qualche secondo prima di ricevere una risposta e puoi anche farlo mentre sei connesso. Non ci vorrà molto.

    "movctrlnkd"
    "nssfrch"
    "bxsbang"
    "ocgrep"
    "kthemup"
    "privacy_danger"
    "76E9B313-BC42-48FF-AE09-310F07083FC3"
    "077F45D5-5CC9-4FC8-A7BB-9D79836A6066"
    "915E05B5-666B-46A3-9AD5-5D736FF1DECA"

    Di queste ricerche, posta eventuali risultati ottenuti a partire da questa riga:
    ; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)

    Dopo, puoi cancellare\chiudere i rapporti.
    Rispondi quotando Rispondi quotando
  7. 30-10-2007, 19:42 #7
    dvign72
    dvign72 non è in linea
    Utente di HTML.it
    Registrato dal
    Oct 2007
    Messaggi
    28
    Ciao Deifobe,
    ecco i risultati della ricerca con Registry Search Tool

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F1769 D5D-D05B-444A-ADFD-A2C39A14BB9B}\1.0\0\win32]
    @="C:\\WINDOWS\\movctrlnkd.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}]
    @="The nssfrch"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\InprocServer32]
    @="C:\\WINDOWS\\nssfrch.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\ProgID]
    @="nssfrch.ToolBar.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\VersionIndependentProgID]
    @="nssfrch.ToolBar"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar]
    @="The nssfrch"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CurVer]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CurVer]
    @="nssfrch.ToolBar.1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBa r.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBa r.1]
    @="The nssfrch"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBa r.1\CLSID]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05326 D75-1E70-4199-ADBC-C8F8C4072DA0}\1.0]
    @="nssfrch 1.0 Type Library"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05326 D75-1E70-4199-ADBC-C8F8C4072DA0}\1.0\0\win32]
    @="C:\\WINDOWS\\nssfrch.dll"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp \CLSID]
    @="{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}"

    [HKEY_USERS\S-1-5-21-2023660988-2671067792-1748185508-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}]

    [HKEY_USERS\S-1-5-21-2023660988-2671067792-1748185508-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}\iexplore]


    E adesso cosa devo fare??

    Ciao
    Davide
    Rispondi quotando Rispondi quotando
  8. 30-10-2007, 19:57 #8
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    dammi qualche minuto per compattare
    Rispondi quotando Rispondi quotando
  9. 30-10-2007, 20:30 #9
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Posso chiederti una cortesia? Le inserisco ma ci lavori domani o più tardi.
    Voglio ricontrollare tutto con calma.. mi raccomando.. Dovessero esserci modifiche te lo scrivo sotto oppure ti aggiungo solo un ok. Grazie

    Apri il registro: start - esegui - regedit

    Esporta copia registro => file => esporta => salva

    Segui i seguenti percorsi ed elimina quello in neretto

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F1769D5D-D05B-444A-ADFD-A2C39A14BB9B}\1.0\0\win32]..... @="C:\\WINDOWS\\movctrlnkd.dll"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD}]..... @="The nssfrch"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\InprocServer32]..... @="C:\\WINDOWS\\nssfrch.dll" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\ProgID]..... @="nssfrch.ToolBar.1" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB 2-8FCD-49C8-96F7-CC3CF7B453CD}\VersionIndependentProgID]..... @="nssfrch.ToolBar" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockBar]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar]..... @="The nssfrch" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CLSID] già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CurVer] già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockB ar\CurVer]..... @="nssfrch.ToolBar.1" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBar.1]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBa r.1].....@="The nssfrch" già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBa r.1\CLSID] già eliminata

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05326D75-1E70-4199-ADBC-C8F8C4072DA0}\1.0]..... @="nssfrch 1.0 Type Library"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05326 D75-1E70-4199-ADBC-C8F8C4072DA0}\1.0\0\win32]..... @="C:\\WINDOWS\\nssfrch.dll" già eliminata

    => (http://www.threatexpert.com/report.a...7-4f6e4526dffa)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp \CLSID]..... @="[{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}"

    [HKEY_USERS\S-1-5-21-2023660988-2671067792-1748185508-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}]

    [HKEY_USERS\S-1-5-21-2023660988-2671067792-1748185508-1008\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}\iexplore] già eliminata
    Rispondi quotando Rispondi quotando
  10. 30-10-2007, 22:49 #10
    Deifobe
    Deifobe non è in linea
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    scusa se ti ho fatto aspettare..

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F1769D5D-D05B-444A-ADFD-A2C39A14BB9B}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AC9BBDB2-8FCD-49C8-96F7-CC3CF7B453CD}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.StockBar

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\nssfrch.ToolBar.1

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{05326D75-1E70-4199-ADBC-C8F8C4072DA0}

    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MSVPS.MSVPSApp \CLSID]..... @="[{077F45D5-5CC9-4FC8-A7BB-9D79836A6066}

    puoi eliminare tranquillamente 5 cartelle e 1 valore (l'ultimo). Sono tutte create da nssfrch.
    Sulle ultime 2 chiavi che mi avevi postato non trovo nulla.. e le lasciamo stare.

    ti consiglio di fare delle scansioni... Qualcuna la trovi qui: http://forum.html.it/forum/showthrea...eadid=1179694.

    posta quando puoi il report di FindAWF, scegli l'opzione 1

    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.