hurryowl
01-06-2004, 15:14
Ho installato spybot 1.3 sul pc e ad ogni scansione mi si ripresenta sempre lo stesso risultato:
Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-20\Software\Aureate
Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-19\Software\Aureate
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
C' questo aurate che non so che sia e questo dso exploit che mi da per risolto e poi ad ogni nuova scansione si ripresenta!
Provo a mettere anche il log di hijack:
Logfile of HijackThis v1.97.7
Scan saved at 15.13.05, on 01/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmi\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.2383217593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/arcadegames/spacerocks/gameloft/wtinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it
Potete aiutarmi? :muro:
Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-20\Software\Aureate
Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-19\Software\Aureate
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3
C' questo aurate che non so che sia e questo dso exploit che mi da per risolto e poi ad ogni nuova scansione si ripresenta!
Provo a mettere anche il log di hijack:
Logfile of HijackThis v1.97.7
Scan saved at 15.13.05, on 01/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmi\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductUpdates/content/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.2383217593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/arcadegames/spacerocks/gameloft/wtinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it
Potete aiutarmi? :muro: