Condividi:        

virus vari

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

virus vari

Postdi kobelak » 08/03/06 15:44

Ciao a tutti.
I problemi sono due:1. i fastidiosi processi che fixo con hj riguardanti la trusted zone che mi fanno comparire strane icone nel desktop, nonostante fixi le voci. rimangono sempre...leggendo vecchi topics si consigliava di riparare la trusted zone con "deldomains", l'ho scaricata e l'ho messo nel desktop ma non so se c'entra con il mio problema..

2. all'avvio della connessione mi spunta una finestra d'errore che mi segnala la mancanza del file "startpage" in cartella Temp e contemporeanamente mi parte avg che mi segnala il virus e seleziono "delete file" ma ogni volta che apro internet mi spunta la stessa finestra

Logfile of HijackThis v1.99.1
Scan saved at 15.43.34, on 08/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
D:\WINDOWS\system32\cisvc.exe
D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\WINDOWS\System32\oodag.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\svchost.exe
D:\Programmi\IPM\Adsl\DataWay\dslstat.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\paprport\pptd40nt.exe
D:\WINDOWS\NCLAUNCH.EXe
D:\Programmi\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
D:\WINDOWS\system32\cidaemon.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Documents and Settings\Administrator\Documenti\Danilo\Free Time\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=D:\WINDOWS\SYSTEM32\Userinit.exe,,D:\WINDOWS\SERVICES.EXE
O2 - BHO: (no name) - {DE4BF7F9-8AE7-40E3-AC88-B30D86C9DDE1} - D:\WINDOWS\System32\jcda.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\paprport\pptd40nt.exe
O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe
O4 - Startup: Trend Micro Anti-Spyware.lnk = D:\Programmi\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = D:\Programmi\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Programmi\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {DDCF1F91-8601-46DB-AAC3-B88DC8558836} - D:\WINDOWS\System32\jcda.dll
O18 - Filter: text/plain - {DDCF1F91-8601-46DB-AAC3-B88DC8558836} - D:\WINDOWS\System32\jcda.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
kobelak
Utente Senior
 
Post: 130
Iscritto il: 17/09/05 14:58

Sponsor
 

Postdi lucas/s » 08/03/06 15:58

Ciao scaricati questo programma
http://www.derbilk.de/cms/_data/SpSeHjfix112.zip
Decomprimilo in una cartella permanente

-Avvia il programma "SpSeHjfix"
-Clicca su "Start disinfection"
-Finita la scansione,ti chiedera di riavviare,Riavvia il pc in modalità provvisoria

Apri Hijackthis ed elimina queste stringhe se presenti

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/space.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/space.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

F2 - REG:system.ini: UserInit=D:\WINDOWS\SYSTEM32\Userinit.exe,,D:\WINDOWS\SERVICES.EXE

O2 - BHO: (no name) - {DE4BF7F9-8AE7-40E3-AC88-B30D86C9DDE1} - D:\WINDOWS\System32\jcda.dll

O18 - Filter: text/html - {DDCF1F91-8601-46DB-AAC3-B88DC8558836} - D:\WINDOWS\System32\jcda.dll

O18 - Filter: text/plain - {DDCF1F91-8601-46DB-AAC3-B88DC8558836} - D:\WINDOWS\System32\jcda.dll


Start>Pannello di controllo>Opzioni cartella
-Portartatevi sulla scheda visualizzazione
-Mettete la spunta nella casella "Visualizza file e cartelle
-Togliete la spunta dalla casella "Nascondi file di sistema(consigliato)
-Rispondere di SI al messaggio
-Applica>OK

Elimina i files in rosso(se presenti)
D:\WINDOWS\System32\jcda.dll
D:\WINDOWS\SERVICES.EXE(non confonderlo con quello che si trova nella cartella System32)

Riavvia in modalità normale
Scarica questo programma
http://www.besttechie.net/tools/AboutBuster.zip
decomprimilo in una cartella permanente
Senza essere connessio apri la cartella e avvia l'eseguibile(.exe)
Clicca su Begin removal
Clicca su Yes
Aspetta la fine della scansione e clicca su OK

Riavvia il pc
Gentilmente apri la cartella di SpSeHjfix(1°tool)ci dovrebbe essere un rapporto postalo idem per aboutbuster ed infne un nuovo log di Hijackthis
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi kobelak » 08/03/06 17:11

ho fatto quello che mi hai detto.
ecco i vari log.

Logfile of HijackThis v1.99.1
Scan saved at 17.09.03, on 08/03/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\WINDOWS\System32\drivers\CDAC11BA.EXE
D:\PROGRA~1\CACHEM~1\CachemanXP.exe
D:\WINDOWS\system32\cisvc.exe
D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
D:\WINDOWS\System32\oodag.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\IPM\Adsl\DataWay\dslstat.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\Programmi\File comuni\Real\Update_OB\realsched.exe
D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\paprport\pptd40nt.exe
D:\WINDOWS\NCLAUNCH.EXe
D:\Programmi\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
D:\Programmi\Trend Micro\Tmas\Tmas.exe
D:\WINDOWS\system32\svchost.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
D:\Documents and Settings\Administrator\Documenti\Danilo\Free Time\Software\HijackThis.exe
D:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoflt07.exe
D:\Programmi\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "D:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [PaperPort PTD] d:\paprport\pptd40nt.exe
O4 - HKCU\..\Run: [NCLaunch] D:\WINDOWS\NCLAUNCH.EXe
O4 - Startup: Trend Micro Anti-Spyware.lnk = D:\Programmi\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = D:\Programmi\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Pinnacle Scheduler.lnk = D:\Programmi\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Programmi\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - D:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - D:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\System32\oodag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe





AboutBuster 6.01
Scan started on [08/03/2006] at [17.03.35]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 17.04.35








(3/8/06 16.50.55) SPSeHjFix started v1.1.2
(3/8/06 16.50.55) OS: WinXP (5.1.2600)
(3/8/06 16.50.55) Language: italiano
(3/8/06 16.50.55) Win-Path: D:\WINDOWS
(3/8/06 16.50.55) System-Path: D:\WINDOWS\System32
(3/8/06 16.50.55) Temp-Path: D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\
(3/8/06 16.50.58) Disinfection started
(3/8/06 16.50.58) Bad-Dll(IEP): d:\docume~1\admini~1\impost~1\temp\se.dll
(3/8/06 16.50.58) Searchassistant Uninstaller found: regsvr32 /s /u D:\WINDOWS\System32\jcda.dll
(3/8/06 16.50.58) Searchassistant Uninstaller - Keys Deleted
(3/8/06 16.50.58) UBF: 9 - UBB: 0 - UBR: 8
(3/8/06 16.50.58) FilterKey: HKCR\text/html (deleted)
(3/8/06 16.50.58) FilterKey: HKCR\CLSID\{DDCF1F91-8601-46DB-AAC3-B88DC8558836} (deleted)
(3/8/06 16.50.58) FilterKey: HKLM\SOFTWARE\Classes\text/html (error while deleting)
(3/8/06 16.50.58) FilterKey: HKCR\text/plain (deleted)
(3/8/06 16.50.58) FilterKey: HKCR\CLSID\{DDCF1F91-8601-46DB-AAC3-B88DC8558836} (error while deleting)
(3/8/06 16.50.58) FilterKey: HKLM\SOFTWARE\Classes\text/plain (error while deleting)
(3/8/06 16.50.58) BHO-Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DE4BF7F9-8AE7-40E3-AC88-B30D86C9DDE1} (deleted)
(3/8/06 16.50.58) BHO-Key: HKCR\CLSID\{DE4BF7F9-8AE7-40E3-AC88-B30D86C9DDE1} (deleted)
(3/8/06 16.50.58) UBF: 7 - UBB: 0 - UBR: 8
(3/8/06 16.50.58) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar: res://d:\docume~1\admini~1\impost~1\temp\se.dll/space.html
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Bar: res://d:\docume~1\admini~1\impost~1\temp\se.dll/space.html
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Default_Page_URL: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, HomeOldSP: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(3/8/06 16.50.58) Stealth-String not found
(3/8/06 16.50.58) File added to delete: d:\windows\system32\jcda.dll
(3/8/06 16.50.58) Reboot


(3/8/06 17.00.54) SPSeHjFix started v1.1.2
(3/8/06 17.00.54) OS: WinXP (5.1.2600)
(3/8/06 17.00.54) Language: italiano
(3/8/06 17.00.54) Win-Path: D:\WINDOWS
(3/8/06 17.00.54) System-Path: D:\WINDOWS\System32
(3/8/06 17.00.54) Temp-Path: D:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\
kobelak
Utente Senior
 
Post: 130
Iscritto il: 17/09/05 14:58

Postdi lucas/s » 08/03/06 17:37

Ciao,nel log non vedo + problemi,tu riscontri ancora problemi?
Ti consiglio di aggiornarti al service pack 2 o almeno 1 ciao
lucas/s
Utente Senior
 
Post: 224
Iscritto il: 04/02/06 00:33

Postdi kobelak » 09/03/06 19:38

grazie lucas...per l'aggiornamento a service pack, ho un problema con il mio xp e penso già hai capito cosa intendo dire
kobelak
Utente Senior
 
Post: 130
Iscritto il: 17/09/05 14:58


Torna a Sicurezza e Privacy


Topic correlati a "virus vari":


Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti