View Full Version : divertimento2.exe
Che posso fare per togliermelo dalle scatrole...è un programmino che a volte mi ritrovo attivo, non è in esecuzione automatica, non è in msconfig e non lo trovo in regedit.
Fatto sta che:
mi cambia la pagina iniziale internet in www.capitan-trash.com
a volte mi scollega il modem
mi fa apparire una finestrella pop-up con scritto "ADV"
...mi rompe troppo il ca22o!!!!!
Adaware non lo trova.
avast! antivirus non lo trova.
la scansione online di pc cillin non lo trova.
Che posso fare per togliermelo dalle scatole???
ciao e grazie....
scarica hijackthis, fai uno scan, salva il log e copia-incollalo qui.
Originariamente inviato da MrOZ
scarica hijackthis, fai uno scan, salva il log e copia-incollalo qui.
Logfile of HijackThis v1.97.7
Scan saved at 17.39.32, on 29/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
f:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
f:\Programmi\Alwil Software\Avast4\ashServ.exe
f:\Programmi\CPUCooL\CooLSrv.exe
E:\WINDOWS\System32\tcpsvcs.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\DRIVERS\WtSrv.exe
E:\WINDOWS\Explorer.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
f:\Programmi\Logitech\MouseWare\system\em_exec.exe
F:\Programmi\SAMSUNG\Samsung Internet Keyboard\MMKbd.exe
F:\Programmi\CPUCooL\CPUCooL.exe
F:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mmjb.exe
F:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
f:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_director.exe
F:\PROGRA~1\MICROS~1\OFFICE11\OUTLOOK.EXE
F:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
E:\Programmi\Internet Explorer\iexplore.exe
F:\PROGRA~1\GoZilla\Go.exe
H:\Doc-Izio\Downloads\HijackThis.exe
E:\Programmi\Internet Explorer\iexplore.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeinternet.it?PC=1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts file is located at: E:\WINDOWS\nsdb\hosts
O1 - Hosts: 81.211.105.69 lender-search.com
O1 - Hosts: 81.211.105.68 hot-searches.com
O2 - BHO: (no name) - {01FB9C55-FC66-4476-A199-389241193188} - E:\WINDOWS\System32\CUPATN~1.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - f:\Programmi\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - F:\PROGRA~1\GoZilla\GoIEHlp.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Go!Zilla dial-up fix] "F:\PROGRA~1\GoZilla\Go.exe" /FIXRAS
O4 - HKLM\..\Run: [avast!] f:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ashMaiSv] F:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKCU\..\Run: [TClockEx] F:\Programmi\Orologio\TCLOCKEX.EXE
O4 - HKCU\..\Run: [divertimento2] E:\WINDOWS\ADDINS\divertimento2.exe /go
O4 - Startup: CPUCooL.lnk = F:\Programmi\CPUCooL\CPUCooL.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = E:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Samsung Internet Keyboard.lnk = ?
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche (HKLM)
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeinternet.it?PC=1
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-9.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9AC4A2FE-BED4-460D-B0EB-217BE72B24D6}: NameServer = 193.70.192.25 193.70.152.25
scarica CWShredder e lancialo. poi fai uno scan con adaware6 aggiornato. infine dopo aver fatto tutto riposta un nuovo log di hijackthi.,
Norwegian17
22-07-2004, 19:57
try the "seek" option that you find at Start
enter divertimento2, than you find two files..simply delete the .exe -file
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.