file non cancellabile.....

**Babuk** · 15-07-2004, 15:40

Ciao a Tutti.

Ho un file .avi scaricato con emule che mi crea qualche problemino...

Il file non si può cancellare perchè risulta in uso da un altro utente o programma. Anche avviando in modalità provvisoria come Amministratore, la risposta è la stessa.

Un'altra cosa della quale non sono sicuro (preciso di avere scarsissime nozioni) è questa chiave del Registro di Sistema:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
NOME CHIAVE: nwiz
TIPO : REG_SZ
DATI : nwiz.exe /install

è una cosa normale?

Se potesse servire, allego il log di Hijackthis con scansione fatta in modalità provvisoria:

Logfile of HijackThis v1.97.7
Scan saved at 15.18.42, on 15/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi Scaricati\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CC7B3B4-AA1A-49C3-8712-59C34D2BDD11} - C:\WINDOWS\mrhop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...898.0811921296
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B4CAC53-4A20-4081-99D7-20E667CEED39}: NameServer = 151.99.125.2,151.99.252.2

Grazie per la collaborazione.

**infoservice** · 15-07-2004, 15:50

Anche a me era capitato ma riavviando e collegandomi come altro utente e cancellandolo senza fare nulla ci sono riuscito.
Devi pero' riavviare e non provare ad aprirlo.

**Babuk** · 15-07-2004, 15:54

è quello che ho provato a fare in modalità provvisoria entrando come Administrator, ma....
non si cancella...

Tra l'altro andando a controllare con msconfig mi ritrovo tra le voci di avvio quella citata prima:

nwiz.exe /install

ma non sapendo di cosa si tratta non l'ho disabilitata.

**amvinfe** · 15-07-2004, 16:52

Originariamente inviato da Babuk
è quello che ho provato a fare in modalità provvisoria entrando come Administrator, ma....
non si cancella...

Tra l'altro andando a controllare con msconfig mi ritrovo tra le voci di avvio quella citata prima:

nwiz.exe /install

ma non sapendo di cosa si tratta non l'ho disabilitata.

nwiz.exe è ok

http://www.liutilities.com/products/...slibrary/nwiz/

Da -links utili- in Rilievo scaricati la nuova versione di HijackThis (1.98.0) mettilo all'interno di una nuova cartella fai un nuovo log e postalo

**infoservice** · 15-07-2004, 16:53

Beh, disabilitarla coll' msconfig non guasta. Tanto piu' che se ti accorgi che serviva la puoi riabilitare facilmente.
Io temo pero' che se tale applicazione e' un backdoor ti si reistalli!

Invece per la cancellazione del file...... che tipo di partizione hai? NTFS o FAT32.

Ma spostarlo te lo fa fare?

**Babuk** · 16-07-2004, 10:44

La scansione con HJT l'ho fatta sempre riavviando in modalità provvisoria; tanto il problema persiste anche in quel modo e, magari, nel log c'è un pò di materiale in meno da controllare...

Per quanto diceva "infoservice": il file non si può nemmeno spostare...

Logfile of HijackThis v1.98.0
Scan saved at 10.37.31, on 16/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\Programmi Scaricati\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CC7B3B4-AA1A-49C3-8712-59C34D2BDD11} - C:\WINDOWS\mrhop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B4CAC53-4A20-4081-99D7-20E667CEED39}: NameServer = 151.99.125.2,151.99.252.2
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O18 - Filter: text/html - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll
O18 - Filter: text/plain - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll

**amvinfe** · 16-07-2004, 18:37

sicuramente in provvisoria i valori da controllare sono meno, il problema è l'essatto contrario, i valori servono tutti

fai uno scan dalla modalità normale

**Babuk** · 16-07-2004, 19:53

Non capisco perchè, visto che il problema mi si presenta anche in modalità provvisoria, comunque la mia IGNORANZA cede il passo alla tua CONOSCENZA...

Come sempre grazie per la disponibilità.

Logfile of HijackThis v1.98.0
Scan saved at 19.50.11, on 16/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\mysql\bin\mysqld-nt.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
D:\Programmi Scaricati\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: CnfSearch Class - {4E9E60F0-0C7A-4fe9-8EC2-9D5BA41757F0} - C:\WINDOWS\System32\ConfuSearch.dll
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0CC7B3B4-AA1A-49C3-8712-59C34D2BDD11} - C:\WINDOWS\mrhop.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B4CAC53-4A20-4081-99D7-20E667CEED39}: NameServer = 151.99.125.2,151.99.252.2
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O18 - Filter: text/html - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll
O18 - Filter: text/plain - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll

**amvinfe** · 17-07-2004, 10:56

Scaricati questi tre programmi

sphjfix

Crea una nuova cartella sul desktop e mettici dentro l'eseguibile.

CWShredder

AdAware

Ora con tutti i programmi chiusi (!),anche il browser dev'essere chiuso (!), apri la cartella precedentemente creata e clicca sul file sphjfix e poi su "start disinfection" finita la scansione riavvia e fai una nuova scansione.

Riavvia in modalità provvisoria.

Apri HijackThis (tutti i programmi DEVONO essere chiusi, anche il browser) clicca su Scan e metti la spunta al fianco dei valori e clicca su Fix Checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\mrhop.dll/sp.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R3 - URLSearchHook: CnfSearch Class - {4E9E60F0-0C7A-4fe9-8EC2-9D5BA41757F0} - C:\WINDOWS\System32\ConfuSearch.dll
O2 - BHO: biObj Class - {000006B1-19B5-414A-849F-2A3C64AE6939} - C:\WINDOWS\bi.dll
O2 - BHO: (no name) - {0CC7B3B4-AA1A-49C3-8712-59C34D2BDD11} - C:\WINDOWS\mrhop.dll
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll
O18 - Filter: text/html - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll
O18 - Filter: text/plain - {9EACBB12-45CB-40BA-AC3C-A54E32C23381} - C:\WINDOWS\mrhop.dll

Apri, sempre dalla modalità provvisoria, AdAware e settalo così:

Dalla finestra principale del programma portati in alto e clicca sull'icona Configurazione (icona ingranaggio), troverai 4 voci metti la spunta selle ultime tre (devono diventare verdi)
1) salva log file
2) in quarantena prima di rimuovere
3) Modo sicuro
Ora clicca su Personalizza (sempre dalla stessa finestra)
Metti la spunta su "Usa la mia configurazione di default" e clicca al suo fianco su Personalizza
Metti la spunata su
"Controlla all'interno delle cartelle"
Nella parte "Memoria & Registro" metti la spunta a tutte e 5 le voci (devono sempre diventare verdi)
Clicca su Continua (in basso)
Ora clicca con tutte le applicazioni chiuse, su Inizio (in basso a dx) e poi su Avanti.
Finita la scansione elimina tutti i valori in rosso che AdAware ti ha trovato, riavvia il pc in modalità normale.

Apri CWShredder e clicca su Fix. Riavvia il pc.

Fai un nuovo Scan con HJT e posta il Log

**Babuk** · 19-07-2004, 15:57

Logfile of HijackThis v1.98.0
Scan saved at 15.56.28, on 19/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\Programmi\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
D:\Programmi Scaricati\Sicurezza\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/home/index.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: DNSProxyObj Class - {FF4E2C50-BCF3-47cf-952A-A512F5B5D0E8} - C:\WINDOWS\System32\DNSProxy.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Startup: WinMySQLadmin.lnk = C:\mysql\bin\winmysqladmin.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search the Web - C:\WINDOWS\Web\Ers_src.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {A996E48C-D3DC-4244-89F7-AFA33EC60679} (Settings Class) - https://www.bancodisicilia.it/hb2001s/capicom.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9B4CAC53-4A20-4081-99D7-20E667CEED39}: NameServer = 151.99.125.2,151.99.252.2
O18 - Filter: application/hta - {D962EF38-5FB0-4761-8638-C86F085E25E6} - C:\WINDOWS\chp.dll
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll

Discussione: file non cancellabile.....

Strumenti discussione

Ricerca discussione

Visualizza

file non cancellabile.....

eccolo

ok

che fatica...

Permessi di invio