Help spybot

hurryowl · 01-06-2004, 15:14

Ho installato spybot 1.3 sul pc e ad ogni scansione mi si ripresenta sempre lo stesso risultato:

Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-20\Software\Aureate

Aureate: Settings for current user (Chiave di registro, fixing failed)
HKEY_USERS\S-1-5-19\Software\Aureate

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

C'è questo aurate che non so che sia e questo dso exploit che mi da per risolto e poi ad ogni nuova scansione si ripresenta!
Provo a mettere anche il log di hijack:

Logfile of HijackThis v1.97.7
Scan saved at 15.13.05, on 01/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmi\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\msiexec.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductU...ntent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.2383217593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...oft/wtinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it

Potete aiutarmi?

axxaxxa3 · 01-06-2004, 18:05

http://www2.palsol.com/spyrem_offer/...hop=frenewcars
Clicca su Download spyware remover free!

MrOZ · 01-06-2004, 19:09

Aureate/Radiate è un adaware (è Gator) che si installa insieme a software free. così anche wildtangent. Rimuovendo questi spyware xò il software con cui questi si sono installati potrebbero non funzionare +.

Appena ho un sec di tempo di controllo il log.

Ciao.

hurryowl · 02-06-2004, 11:26

Aureate sono riuscito a eliminarlo anche se non mi ha fatto piacere il modo, ho disinstallato spybot 1.3 e ho messo la versione 1.2 che è riuscita ad eliminarlo. Adesso ho rimesso la versione 1.3 ma entrambe le versioni non riescono ad eliminarmi questo:

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Modifica al registro, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

HO provato a fissare wildtangent con hijack, rimetto un nuovo log di hijack:

Logfile of HijackThis v1.97.7
Scan saved at 10.37.26, on 02/06/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\Programmi\Realtek\Rtl8180\RtlWake.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE
O4 - Global Startup: RtlWake.lnk = ?
O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductU...ntent/opuc.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.2383217593
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it

axxaxxa3 · 02-06-2004, 23:41

Prova a scaricare Reg Cleaner, lancialo e controlla tutti i file con la denominazione:"nuovo".
Poi posta qui i nomi
Ciao!

hurryowl · 03-06-2004, 11:06

Ho anche jv16, ma il fatto è che non so cosa andare ad eliminare.. ecco la lista:

RegCleaner 4.3 by Jouni Vuorio
Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore
[syntax: Author, Software, Age ]

[Unknown], Apple, New
[Unknown], Apple Computer, Inc., New
[Unknown], Corel, New
[Unknown], Four11Corp, New
[Unknown], Gremlin Interactive, New
[Unknown], IDT Corporation, New
[Unknown], Licenses, New
[Unknown], Pinnacle Systems, New
[Unknown], RtlWake, New
[Unknown], Sound Source Interactive, New
[Unknown], C6 Client, New
[Unknown], Cavedog Entertainment, New
[Unknown], White Pine, New
[Unknown], WinZip Computing, New
0.00, Settings, New
ACE Compression Software, ActiveAce, New
Adobe, CommonFiles, New
Adobe, Repair, New
Adobe, Acrobat Reader, New
Adobe, Adobe Acrobat, New
ALWIL Software, Avast, New
ArcSoft, ArcSoft Camera Suite, New
C07ft5Y, WinXP, New
Creative, Creative Mouse Optical 3000, New
Creative Mouse, MouseDrv, New
Creative Tech, Component Installed, New
Creative Tech, Creative Launcher, New
Creative Tech, MediaSourceGo, New
Creative Tech, Creative Keytar, New
Creative Tech, Creative WaveStudio, New
CyberLink, Pdvd, New
CyberLink, PowerDVD, New
CyberLink, Vgaspeed, New
Cycore, Cult3D, New
Epson, EPSON Photo Sheet, New
Executive Software, Diskeeper, New
Freeware, Mame32, New
Ibm, Ibmdsp, New
InstallShield, Driver, New
JavaSoft, Java Plug-in, New
JavaSoft, Java Runtime Environment, New
Jetstream, IWClean, New
LeaderTech, Executive Software, New
LeaderTech, PowerRegister, New
Local AppWizard-Generated Applications, InstallDriver, New
Local AppWizard-Generated Applications, RtlWake, New
Local AppWizard-Generated Applications, RtwAdvCfg, New
Logitech, OVComS, New
Mediacom Technologies (S), MediaRing Talk Audio, New
Mediacom Technologies (S), Talk98, New
Mike Bradley, Lmlm, New
Mike Bradley, Lmmpc, New
Mike Bradley, MobiMB, New
Mozilla, Desktop, New
Mozilla, Netscape 6 6.2.2, New
Nokia, Nokia Connection Manager, New
Nokia, Nokia Modem Options, New
Nokia, Nokia System Tray, New
Nokia, Mpdb, New
Nokia, Nokia Application Installer, New
Nokia, Nokia Content Copier, New
Nokia, Nokia Image Converter, New
Nokia, Nokia PC Composer 4.0, New
Nokia, Nokia PC Graphics 3.0, New
Nokia, Nokia PC Sync, New
Nokia, Nokia PC WAP Manager, New
Nokia, Nokia Sound Converter, New
Nokia, NokiaPcWAPmanager, New
Nokia, Phone Editor, New
Nokia, ServiceLayer, New
Oska Educational Systems, DeskMates, New
PepiMK Software, SpybotSnD, New
PowerQuest, PartitionMagic, New
Preview, Z~‡~wv”_kRf, New
Schlumberger, Smart Cards And Terminals, New
Soeperman Enterprises Ltd., HijackThis, New
SpywareBlaster, Settings, New
Symantec, CcReg, New
Symantec, CommonClient.tmp, New
USB-IrDA, Scheda USB-IrDA, New
VB And VBA Program Settings, Spyware Remover, New
[Unknown], Voice, Old
Adaptec, Cdr4vsd, Old
Adaptec, Easy CD Engine, Old
Adobe, Acrobat Reader 3.01, Old
Adobe, Acrobat, Old
Adobe, AcrobatReader, Old
ATI Technologies, 3d, Old
ATI Technologies, Cds, Old
ATI Technologies, Desktop, Old
ATI Technologies, Driver, Old
ATI Technologies, Install, Old
Audio Explosion, Mjuice, Old
Aureal, A3d, Old
Aureal, Vortex, Old
Bvrp, Phonetools, Old
BVRP Software, Anagrafico, Old
BVRP Software, Annuaire, Old
BVRP Software, Modem Exchanges, Old
Cakewalk Music Software, Tools Menu, Old
Computer Artworks, Organic Art, Old
Creative Tech, MixerName, Old
Creative Tech, Reboot, Old
Creative Tech, Sbpci, Old
Creative Tech, Waveset, Old
Creative Tech, Creative CD, Old
Creative Tech, Creative MIDI, Old
Creative Tech, Creative Mixer, Old
Creative Tech, Creative Remote, Old
Creative Tech, Creative Wave, Old
Creative Tech, Product Registration, Old
Creative Tech, Soundo'LE, Old
CurrentControlSet, Services, Old
Dosch Design GmbH, Oss, Old
Elemedia, Multi7383, Old
Elemedia, Multimedia, Old
Epson, Cepcnf2, Old
Epson, EBPrinter, Old
Headlight, GetRight, Old
Ibm, VoiceType, Old
Intel, Intel 3D Scalability Toolkit, Old
Intel, Psis, Old
Intel, Rdx, Old
Intel, Realistic Sound Experience, Old
Intel, Indeo, Old
Kodak, Imaging, Old
Kodak, Woi, Old
Logitech, Camware, Old
Logitech, Liu, Old
Logitech, Logitech Internet Update, Old
Logitech, LVComS, Old
Logitech, MouseWare, Old
Logitech, Rubicon, Old
Logitech, Twain, Old
Logitech, Video Server, Old
Logitech, WaveCheck, Old
Lvmcomp.ini, VideoCompression, Old
Macromedia, Shockwave, Old
Macromedia, Shockwave 8, Old
Matrox, PowerDesk, Old
MicroQuill, SmartHeap, Old
Mindscape, PrintMaster Gold, Old
Mpath, MPlayer, Old
Nec, Socks5 Sdk, Old
Netscape, Conference, Old
Netscape, Deinstall, Old
Netscape, Media Player, Old
Netscape, Netcaster, Old
Netscape, Cosmo, Old
Netscape, Netscape 6, Old
Netscape, Netscape Navigator, Old
Nico Mak Computing, WinZip, Old
Optx, Splay, Old
Packard Bell NEC Europe BV, ATI 3D Rage Pro Divers V5.30, Old
Packard Bell Nec, Inc., System, Old
Preview Systems, Profile, Old
RealNetworks, Internet, Old
RealNetworks, RealDownload, Old
RealNetworks, Visualizations, Old
RichFX, Player, Old
Rockwell, Rockwell HCF 56K Modem, Old
Seagate, Backup Exec, Old
Silicon Integrated Systems Corp., SiS 5591 GART Driver, Old
Symantec, Installed About Extensions, Old
Symantec, InstalledApps, Old
Symantec, InstalledTransports, Old
Symantec, LiveSubscribe, Old
Symantec, SharedUsage, Old
Symantec, SubInstall, Old
Symantec, Symevent, Old
Symantec, Common, Old
Symantec, Norton Uninstall Deluxe, Old
Trident Microsystems, AGPConfig, Old
Vdo, Multimedia, Old
Via, VIA_GART Setup Program, Old
Voice, SpeechRecognition, Old
Woi, O/i, Old

01-06-2004, 15:14	#1
hurryowl Senior Member Iscritto dal: Feb 2004 Messaggi: 343	Help spybot Ho installato spybot 1.3 sul pc e ad ogni scansione mi si ripresenta sempre lo stesso risultato: Aureate: Settings for current user (Chiave di registro, fixing failed) HKEY_USERS\S-1-5-20\Software\Aureate Aureate: Settings for current user (Chiave di registro, fixing failed) HKEY_USERS\S-1-5-19\Software\Aureate DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 C'è questo aurate che non so che sia e questo dso exploit che mi da per risolto e poi ad ogni nuova scansione si ripresenta! Provo a mettere anche il log di hijack: Logfile of HijackThis v1.97.7 Scan saved at 15.13.05, on 01/06/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Programmi\Realtek\Rtl8180\RtlWake.exe C:\WINDOWS\System32\msiexec.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE O4 - Global Startup: RtlWake.lnk = ? O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductU...ntent/opuc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.2383217593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/w...oft/wtinst.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it Potete aiutarmi? __________________ Apple iMac 4k 2017; Apple Macbook pro 15" 2015;

01-06-2004, 18:05	#2
axxaxxa3 Senior Member Iscritto dal: Mar 2004 Città: * * * * Messaggi: 2320	http://www2.palsol.com/spyrem_offer/...hop=frenewcars Clicca su Download spyware remover free! __________________ Là, dove tutti fuggono terrorizzati, loro vanno.Chi sono?

02-06-2004, 11:26	#4
hurryowl Senior Member Iscritto dal: Feb 2004 Messaggi: 343	Aureate sono riuscito a eliminarlo anche se non mi ha fatto piacere il modo, ho disinstallato spybot 1.3 e ho messo la versione 1.2 che è riuscita ad eliminarlo. Adesso ho rimesso la versione 1.3 ma entrambe le versioni non riescono ad eliminarmi questo: DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-21-839522115-789336058-1202660629-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 DSO Exploit: Data source object exploit (Modifica al registro, fixed) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3 HO provato a fissare wildtangent con hijack, rimetto un nuovo log di hijack: Logfile of HijackThis v1.97.7 Scan saved at 10.37.26, on 02/06/2004 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe C:\Programmi\Executive Software\Diskeeper\DkService.exe C:\Programmi\Realtek\Rtl8180\RtlWake.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\Documenti\HOBBY\Pc\Hijack\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iol.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.libero.it:8080 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = libero.it; iol.it R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\OFFICE\OSA9.EXE O4 - Global Startup: RtlWake.lnk = ? O8 - Extra context menu item: &Elenco collegamenti - C:\WINDOWS\WEB\urllist.htm O8 - Extra context menu item: &Evidenzia - C:\WINDOWS\WEB\highlight.htm O8 - Extra context menu item: &Zoom avanti - C:\WINDOWS\WEB\zoomin.htm O8 - Extra context menu item: Apri fra&me in un'altra finestra - C:\WINDOWS\WEB\frm2new.htm O8 - Extra context menu item: Elen&co immagini - C:\WINDOWS\Web\imglist.htm O8 - Extra context menu item: Ricerca &Web - C:\WINDOWS\WEB\selsearch.htm O8 - Extra context menu item: Zoom in&dietro - C:\WINDOWS\WEB\zoomout.htm O9 - Extra button: Messenger (HKLM) O9 - Extra 'Tools' menuitem: Messenger (HKLM) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/ProductU...ntent/opuc.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.co...868.2383217593 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = dns.tin.it O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = dns.tin.it O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = dns.tin.it __________________ Apple iMac 4k 2017; Apple Macbook pro 15" 2015;

02-06-2004, 23:41	#5
axxaxxa3 Senior Member Iscritto dal: Mar 2004 Città: * * * * Messaggi: 2320	Prova a scaricare Reg Cleaner, lancialo e controlla tutti i file con la denominazione:"nuovo". Poi posta qui i nomi Ciao! __________________ Là, dove tutti fuggono terrorizzati, loro vanno.Chi sono?

03-06-2004, 11:06	#6
hurryowl Senior Member Iscritto dal: Feb 2004 Messaggi: 343	Ho anche jv16, ma il fatto è che non so cosa andare ad eliminare.. ecco la lista: RegCleaner 4.3 by Jouni Vuorio Software registered to the Registry. You should delete every program's entries you know you've had, but don't have anymore [syntax: Author, Software, Age ] [Unknown], Apple, New [Unknown], Apple Computer, Inc., New [Unknown], Corel, New [Unknown], Four11Corp, New [Unknown], Gremlin Interactive, New [Unknown], IDT Corporation, New [Unknown], Licenses, New [Unknown], Pinnacle Systems, New [Unknown], RtlWake, New [Unknown], Sound Source Interactive, New [Unknown], C6 Client, New [Unknown], Cavedog Entertainment, New [Unknown], White Pine, New [Unknown], WinZip Computing, New 0.00, Settings, New ACE Compression Software, ActiveAce, New Adobe, CommonFiles, New Adobe, Repair, New Adobe, Acrobat Reader, New Adobe, Adobe Acrobat, New ALWIL Software, Avast, New ArcSoft, ArcSoft Camera Suite, New C07ft5Y, WinXP, New Creative, Creative Mouse Optical 3000, New Creative Mouse, MouseDrv, New Creative Tech, Component Installed, New Creative Tech, Creative Launcher, New Creative Tech, MediaSourceGo, New Creative Tech, Creative Keytar, New Creative Tech, Creative WaveStudio, New CyberLink, Pdvd, New CyberLink, PowerDVD, New CyberLink, Vgaspeed, New Cycore, Cult3D, New Epson, EPSON Photo Sheet, New Executive Software, Diskeeper, New Freeware, Mame32, New Ibm, Ibmdsp, New InstallShield, Driver, New JavaSoft, Java Plug-in, New JavaSoft, Java Runtime Environment, New Jetstream, IWClean, New LeaderTech, Executive Software, New LeaderTech, PowerRegister, New Local AppWizard-Generated Applications, InstallDriver, New Local AppWizard-Generated Applications, RtlWake, New Local AppWizard-Generated Applications, RtwAdvCfg, New Logitech, OVComS, New Mediacom Technologies (S), MediaRing Talk Audio, New Mediacom Technologies (S), Talk98, New Mike Bradley, Lmlm, New Mike Bradley, Lmmpc, New Mike Bradley, MobiMB, New Mozilla, Desktop, New Mozilla, Netscape 6 6.2.2, New Nokia, Nokia Connection Manager, New Nokia, Nokia Modem Options, New Nokia, Nokia System Tray, New Nokia, Mpdb, New Nokia, Nokia Application Installer, New Nokia, Nokia Content Copier, New Nokia, Nokia Image Converter, New Nokia, Nokia PC Composer 4.0, New Nokia, Nokia PC Graphics 3.0, New Nokia, Nokia PC Sync, New Nokia, Nokia PC WAP Manager, New Nokia, Nokia Sound Converter, New Nokia, NokiaPcWAPmanager, New Nokia, Phone Editor, New Nokia, ServiceLayer, New Oska Educational Systems, DeskMates, New PepiMK Software, SpybotSnD, New PowerQuest, PartitionMagic, New Preview, Z~‡~wv”_kRf, New Schlumberger, Smart Cards And Terminals, New Soeperman Enterprises Ltd., HijackThis, New SpywareBlaster, Settings, New Symantec, CcReg, New Symantec, CommonClient.tmp, New USB-IrDA, Scheda USB-IrDA, New VB And VBA Program Settings, Spyware Remover, New [Unknown], Voice, Old Adaptec, Cdr4vsd, Old Adaptec, Easy CD Engine, Old Adobe, Acrobat Reader 3.01, Old Adobe, Acrobat, Old Adobe, AcrobatReader, Old ATI Technologies, 3d, Old ATI Technologies, Cds, Old ATI Technologies, Desktop, Old ATI Technologies, Driver, Old ATI Technologies, Install, Old Audio Explosion, Mjuice, Old Aureal, A3d, Old Aureal, Vortex, Old Bvrp, Phonetools, Old BVRP Software, Anagrafico, Old BVRP Software, Annuaire, Old BVRP Software, Modem Exchanges, Old Cakewalk Music Software, Tools Menu, Old Computer Artworks, Organic Art, Old Creative Tech, MixerName, Old Creative Tech, Reboot, Old Creative Tech, Sbpci, Old Creative Tech, Waveset, Old Creative Tech, Creative CD, Old Creative Tech, Creative MIDI, Old Creative Tech, Creative Mixer, Old Creative Tech, Creative Remote, Old Creative Tech, Creative Wave, Old Creative Tech, Product Registration, Old Creative Tech, Soundo'LE, Old CurrentControlSet, Services, Old Dosch Design GmbH, Oss, Old Elemedia, Multi7383, Old Elemedia, Multimedia, Old Epson, Cepcnf2, Old Epson, EBPrinter, Old Headlight, GetRight, Old Ibm, VoiceType, Old Intel, Intel 3D Scalability Toolkit, Old Intel, Psis, Old Intel, Rdx, Old Intel, Realistic Sound Experience, Old Intel, Indeo, Old Kodak, Imaging, Old Kodak, Woi, Old Logitech, Camware, Old Logitech, Liu, Old Logitech, Logitech Internet Update, Old Logitech, LVComS, Old Logitech, MouseWare, Old Logitech, Rubicon, Old Logitech, Twain, Old Logitech, Video Server, Old Logitech, WaveCheck, Old Lvmcomp.ini, VideoCompression, Old Macromedia, Shockwave, Old Macromedia, Shockwave 8, Old Matrox, PowerDesk, Old MicroQuill, SmartHeap, Old Mindscape, PrintMaster Gold, Old Mpath, MPlayer, Old Nec, Socks5 Sdk, Old Netscape, Conference, Old Netscape, Deinstall, Old Netscape, Media Player, Old Netscape, Netcaster, Old Netscape, Cosmo, Old Netscape, Netscape 6, Old Netscape, Netscape Navigator, Old Nico Mak Computing, WinZip, Old Optx, Splay, Old Packard Bell NEC Europe BV, ATI 3D Rage Pro Divers V5.30, Old Packard Bell Nec, Inc., System, Old Preview Systems, Profile, Old RealNetworks, Internet, Old RealNetworks, RealDownload, Old RealNetworks, Visualizations, Old RichFX, Player, Old Rockwell, Rockwell HCF 56K Modem, Old Seagate, Backup Exec, Old Silicon Integrated Systems Corp., SiS 5591 GART Driver, Old Symantec, Installed About Extensions, Old Symantec, InstalledApps, Old Symantec, InstalledTransports, Old Symantec, LiveSubscribe, Old Symantec, SharedUsage, Old Symantec, SubInstall, Old Symantec, Symevent, Old Symantec, Common, Old Symantec, Norton Uninstall Deluxe, Old Trident Microsystems, AGPConfig, Old Vdo, Multimedia, Old Via, VIA_GART Setup Program, Old Voice, SpeechRecognition, Old Woi, O/i, Old __________________ Apple iMac 4k 2017; Apple Macbook pro 15" 2015;

01-06-2004, 19:09	#3
MrOZ Senior Member Iscritto dal: Jun 2003 Città: "Mantua me genuit" Trattative concluse: 1 fracco!!! Devianze: MacTard iMac 27" i5 2,8Ghz 4GB IPHONE 5 32GB Black Iscritto dal: Nov 2002 Messaggi: 4426	Aureate/Radiate è un adaware (è Gator) che si installa insieme a software free. così anche wildtangent. Rimuovendo questi spyware xò il software con cui questi si sono installati potrebbero non funzionare +. Appena ho un sec di tempo di controllo il log. Ciao.

Strumenti
Mostra una versione stampabile Invia questa pagina per email