|
|||||||
|
|
|
 |
|
|
Strumenti |
16-07-2005, 17:09
|
#1 |
|
Senior Member
Iscritto dal: Aug 2002
Città: Reggio Calabria
Messaggi: 1945
|
trojan nel mio pc...con cosa li tolgo?
salve gente.....
da qualche giorno nel mio pc si aprtono finestre internet a tutta forza in cui mi dice che ho trojan e spyware... la home page di internet explorer mi porta about blank ed esce un sito con tantissimi link... ho provato con spy bot ma nulla... nn li toglie..... come antivirus ho l'avast aggiornato giornalmente.... come posso fare? nn ce la faccio +... mi dite qualche programma da scaricare? grazie saluti
__________________
Soprano Thermaltake con neon,q-tec 550watt, AMD 6000x2 2x1gbddr800kingstone, asus m2n-e sli maxtor 160gb+250gb sata2,nec 3520 dvd-rw, dvd lg 16/48x Pinnacle pctv Acer 5920 Gemstone |nVidia 8600m-gt|160gb|2ghz|2gb |
|
|
|
17-07-2005, 20:39
|
#2 |
|
Senior Member
Iscritto dal: Mar 2003
Città: B.A.T.
Messaggi: 3291
|
innanzitutto fai fare ad avast una bella scansione generale possibilmente in modalità provvisoria.
poi esegui sempre in modalità provvisoria sia ad-ware che spyboth (aggiornati) se non risolvi prova ad usare CWSHredder, che serve proprio per about blank e simili. poi vediamo che succede
__________________
I5 12400F | ASUS B760 PLUS | 2*16GB DDR5 5200 Corsair Vengeance | Asus Geforce Dual RTX 3050 8GB OC V2 | WD BLACK SN850 500GB NVMe | SSD Crucial BX500 2TB | Alim. - Be-quiet! Pure Power 13M 650W | LG 24MP77HM | Logitech G510 |
|
|
|
|
17-07-2005, 21:50
|
#3 |
|
Senior Member
Iscritto dal: Sep 2004
Città: Brescia
Messaggi: 6574
|
allora iniziamo da
hijackthis con una bella analisi del log ... posta il tuo poi protresti provare con Adware Away e Spybot  aspettto tue notizie
__________________
|
|
|
|
|
18-07-2005, 02:30
|
#4 | |
|
Senior Member
Iscritto dal: Apr 2004
Città: Roma
Messaggi: 1692
|
Quote:
__________________
MOTHERBOARD: ASUS P5Q-E - CPU: Intel e7300 @ 3600MHz e 1,216Vcore (425MHz x 8.5) - DISSIPATORE: Thermalright SI-128 SE - RAM: 2x2GB G.SKILL DDRII PiBlack series 900MHz - VGA: HD3450 512MB DDR2 - ALI.: Corsair HX520W - CASE: Lian-Li PC7A - HDD: 1x500GB Western Digital - S.O.: Windows 7 64bit |
|
|
|
|
|
18-07-2005, 02:37
|
#5 | |
|
Senior Member
Iscritto dal: Mar 2003
Città: B.A.T.
Messaggi: 3291
|
Quote:
__________________
I5 12400F | ASUS B760 PLUS | 2*16GB DDR5 5200 Corsair Vengeance | Asus Geforce Dual RTX 3050 8GB OC V2 | WD BLACK SN850 500GB NVMe | SSD Crucial BX500 2TB | Alim. - Be-quiet! Pure Power 13M 650W | LG 24MP77HM | Logitech G510 |
|
|
|
|
|
18-07-2005, 11:48
|
#6 | |
|
Senior Member
Iscritto dal: Apr 2004
Città: Roma
Messaggi: 1692
|
Quote:
Permettimi di farti un'altra domanda! Se faccio una scansione in modalità normale e trovo un virus, mi conviene non eliminarlo, riavviare il PC in modalità provvisoria e eliminarlo in questa condizione? oppure conviene sempre fare scansioni in m.p.? Questo vale per maleware in genere (anche dialer ecc)? Grazie 
__________________
MOTHERBOARD: ASUS P5Q-E - CPU: Intel e7300 @ 3600MHz e 1,216Vcore (425MHz x 8.5) - DISSIPATORE: Thermalright SI-128 SE - RAM: 2x2GB G.SKILL DDRII PiBlack series 900MHz - VGA: HD3450 512MB DDR2 - ALI.: Corsair HX520W - CASE: Lian-Li PC7A - HDD: 1x500GB Western Digital - S.O.: Windows 7 64bit |
|
|
|
|
|
18-07-2005, 13:44
|
#7 |
|
Senior Member
Iscritto dal: Sep 2004
Città: Brescia
Messaggi: 6574
|
bhe lo puoi eliminare cmq ma a volte alcuni virus intaccano alcuni file di sistema o in esecuzione e quindi non vengono o non possono essere eliminati ... invece se si fa i modalita provv a volte si risce a eliminarli ...
Se non si eliminano il m.p allora si deve vedere se esistono dei fix o tool in grado di eliminarli o riparare al danno il tutto nella fase di boot del Os . non so se mi sono spiegato bene 
__________________
|
|
|
|
|
18-07-2005, 13:52
|
#8 |
|
Senior Member
Iscritto dal: Aug 2002
Città: Reggio Calabria
Messaggi: 1945
|
nulla raga.... ho provato sia con il redder... sia con adware... nulla.... ricompaiono sempre.....
cosa dovrei fare?
__________________
Soprano Thermaltake con neon,q-tec 550watt, AMD 6000x2 2x1gbddr800kingstone, asus m2n-e sli maxtor 160gb+250gb sata2,nec 3520 dvd-rw, dvd lg 16/48x Pinnacle pctv Acer 5920 Gemstone |nVidia 8600m-gt|160gb|2ghz|2gb |
|
|
|
|
18-07-2005, 13:57
|
#9 |
|
Senior Member
Iscritto dal: Aug 2002
Città: Reggio Calabria
Messaggi: 1945
|
Ad-Aware SE Build 1.06r1
Logfile Created on:lunedì 18 luglio 2005 13.48.58 Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R54 14.07.2005 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch(TAC index:10):22 total references MRU List(TAC index:0):2 total references Possible Browser Hijack attempt(TAC index:3):1 total references Tracking Cookie(TAC index:3):1 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : During removal, unload Explorer and IE if necessary Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 18-07-2005 13.48.58 - Scan started. (Full System Scan) MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw MRU List Object Recognized! Location: : S-1-5-21-1482476501-1682526488-839522115-1003\software\microsoft\internet explorer\typedurls Description : list of recently entered addresses in microsoft internet explorer Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [smss.exe] FilePath : \SystemRoot\System32\ ProcessID : 660 ThreadCreationTime : 18-07-2005 11.40.07 BasePriority : Normal #:2 [csrss.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 736 ThreadCreationTime : 18-07-2005 11.40.09 BasePriority : Normal #:3 [winlogon.exe] FilePath : \??\C:\WINDOWS\system32\ ProcessID : 760 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : High #:4 [services.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 804 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Applicazione Servizi e Controller InternalName : services.exe LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati. OriginalFilename : services.exe #:5 [lsass.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 816 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : LSA Shell (Export Version) InternalName : lsass.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : lsass.exe #:6 [ati2evxx.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 968 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 6.14.10.4116 ProductVersion : 6.14.10.4116 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:7 [svchost.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1016 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:8 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1096 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:9 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1172 ThreadCreationTime : 18-07-2005 11.40.10 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:10 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1200 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:11 [spoolsv.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1432 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : Normal FileVersion : 5.1.2600.0 (XPClient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Spooler SubSystem App InternalName : spoolsv.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : spoolsv.exe #:12 [aswupdsv.exe] FilePath : C:\Programmi\Alwil Software\Avast4\ ProcessID : 1544 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : Normal #:13 [ashserv.exe] FilePath : C:\Programmi\Alwil Software\Avast4\ ProcessID : 1572 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : High FileVersion : 4, 6, 665, 0 ProductVersion : 4, 6, 0, 0 ProductName : avast! Antivirus FileDescription : avast! antivirus service InternalName : aswServ LegalCopyright : Copyright (c) 2005 ALWIL Software OriginalFilename : aswServ.exe #:14 [mdm.exe] FilePath : C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\ ProcessID : 1612 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : Normal FileVersion : 7.00.9466 ProductVersion : 7.00.9466 ProductName : Microsoft® Visual Studio .NET CompanyName : Microsoft Corporation FileDescription : Machine Debug Manager InternalName : mdm.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : mdm.exe #:15 [svchost.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1656 ThreadCreationTime : 18-07-2005 11.40.11 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Generic Host Process for Win32 Services InternalName : svchost.exe LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : svchost.exe #:16 [wdfmgr.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 1796 ThreadCreationTime : 18-07-2005 11.40.12 BasePriority : Normal FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act) ProductVersion : 5.2.3790.1230 ProductName : Microsoft® Windows® Operating System CompanyName : Microsoft Corporation FileDescription : Windows User Mode Driver Manager InternalName : WdfMgr LegalCopyright : © Microsoft Corporation. All rights reserved. OriginalFilename : WdfMgr.exe #:17 [ashmaisv.exe] FilePath : C:\Programmi\Alwil Software\Avast4\ ProcessID : 568 ThreadCreationTime : 18-07-2005 11.40.14 BasePriority : Normal #:18 [ashwebsv.exe] FilePath : C:\Programmi\Alwil Software\Avast4\ ProcessID : 580 ThreadCreationTime : 18-07-2005 11.40.14 BasePriority : Normal #:19 [ati2evxx.exe] FilePath : C:\WINDOWS\system32\ ProcessID : 1292 ThreadCreationTime : 18-07-2005 11.40.16 BasePriority : Normal FileVersion : 6.14.10.4116 ProductVersion : 6.14.10.4116 ProductName : ATI External Event Utility for WindowsNT and Windows9X CompanyName : ATI Technologies Inc. FileDescription : ATI External Event Utility EXE Module InternalName : ATI2EVXX.EXE LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc. OriginalFilename : ATI2EVXX.EXE #:20 [explorer.exe] FilePath : C:\WINDOWS\ ProcessID : 1684 ThreadCreationTime : 18-07-2005 11.40.17 BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Esplora risorse InternalName : explorer LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati. OriginalFilename : EXPLORER.EXE #:21 [realsched.exe] FilePath : C:\Programmi\File comuni\Real\Update_OB\ ProcessID : 216 ThreadCreationTime : 18-07-2005 11.40.18 BasePriority : Normal FileVersion : 0.1.0.3275 ProductVersion : 0.1.0.3275 ProductName : RealPlayer (32-bit) CompanyName : RealNetworks, Inc. FileDescription : RealNetworks Scheduler InternalName : schedapp LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004 LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc. OriginalFilename : realsched.exe #:22 [msnmsgr.exe] FilePath : C:\Programmi\MSN Messenger\ ProcessID : 252 ThreadCreationTime : 18-07-2005 11.40.18 BasePriority : Normal FileVersion : 7.0.0813 ProductVersion : 7.0.0813 ProductName : MSN Messenger CompanyName : Microsoft Corporation FileDescription : MSN Messenger InternalName : msnmsgr LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005 LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries. OriginalFilename : msnmsgr.exe #:23 [msnappau.exe] FilePath : C:\Programmi\MSN Apps\Updater\01.02.3000.1001\it\ ProcessID : 2392 ThreadCreationTime : 18-07-2005 11.40.29 BasePriority : Normal #:24 [rundll32.exe] FilePath : C:\WINDOWS\System32\ ProcessID : 2436 ThreadCreationTime : 18-07-2005 11.40.30 BasePriority : Normal FileVersion : 5.1.2600.0 (xpclient.010817-1148) ProductVersion : 5.1.2600.0 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Modulo di esecuzione DLL come applicazioni InternalName : rundll LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati. OriginalFilename : RUNDLL.EXE CoolWebSearch Object Recognized! Type : Process Data : se.dll TAC Rating : 10 Category : Malware Comment : (CSI MATCH) Object : C:\DOCUME~1\~1\IMPOST~1\Temp\ Warning! CoolWebSearch Object found in memory(C:\DOCUME~1\~1\IMPOST~1\Temp\se.dll) "C:\WINDOWS\System32\rundll32.exe"Process terminated successfully #:25 [iexplore.exe] FilePath : C:\Programmi\Internet Explorer\ ProcessID : 2740 ThreadCreationTime : 18-07-2005 11.40.40 BasePriority : Normal FileVersion : 6.00.2600.0000 (xpclient.010817-1148) ProductVersion : 6.00.2600.0000 ProductName : Sistema operativo Microsoft® Windows® CompanyName : Microsoft Corporation FileDescription : Internet Explorer InternalName : iexplore LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati. OriginalFilename : IEXPLORE.EXE #:26 [ad-aware.exe] FilePath : C:\Programmi\Lavasoft\Ad-Aware SE Personal\ ProcessID : 3656 ThreadCreationTime : 18-07-2005 11.48.48 BasePriority : Normal FileVersion : 6.2.0.236 ProductVersion : SE 106 ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft AB Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 3 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_USERS Object : S-1-5-21-1482476501-1682526488-839522115-1003\software\microsoft\internet explorer\main Value : HOMEOldSP CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : "HOMEOldSP" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : HOMEOldSP Possible Browser Hijack attempt Object Recognized! Type : RegValue Data : TAC Rating : 3 Category : Malware Comment : "sp" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : sp Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 3 Objects found so far: 6 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 6 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : cgi-bin[1].txt TAC Rating : 3 Category : Data Miner Comment : Hits:1 Value : Cookie:@imrworldwide.com/cgi-bin Expires : 19-01-2009 1.00.00 LastSync : Hits:1 UseCount : 0 Hits : 1 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 7 Deep scanning and examining files (C »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Deep scanning and examining files (D »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for D:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Deep scanning and examining files (E »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for E:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 7 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 1 entries scanned. New critical objects:0 Objects found so far: 7 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain CoolWebSearch Object Recognized! Type : Regkey Data : TAC Rating : 10 Category : Malware Comment : CWS.about:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : CWS.about:Blank Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall Value : UninstallString CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : CWS.about:Blank Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/html Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : protocols\filter\text/plain Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Search Bar CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Toolbars_Placement CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\new windows Value : PopupMgr CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\classes\protocols\filter\text/html Value : CLSID CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Custom Search URL CoolWebSearch Object Recognized! Type : RegValue Data : TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\internet explorer\search Value : SearchAssistant Data : about:blank CoolWebSearch Object Recognized! Type : RegData Data : no TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Use Search Asst Data : no CoolWebSearch Object Recognized! Type : RegData Data : about:blank TAC Rating : 10 Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\internet explorer\main Value : Start Page Data : about:blank CoolWebSearch Object Recognized! Type : File Data : se.dll TAC Rating : 10 Category : Malware Comment : Object : C:\DOCUME~1\~1\IMPOST~1\Temp\ CoolWebSearch Object Recognized! Type : File Data : wbemess.log TAC Rating : 10 Category : Malware Comment : Object : C:\WINDOWS\System32\wbem\logs\ Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 19 Objects found so far: 26 13.53.50 Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00.04.51.578 Objects scanned:134860 Objects identified:23 Objects ignored:0 New critical objects:23
__________________
Soprano Thermaltake con neon,q-tec 550watt, AMD 6000x2 2x1gbddr800kingstone, asus m2n-e sli maxtor 160gb+250gb sata2,nec 3520 dvd-rw, dvd lg 16/48x Pinnacle pctv Acer 5920 Gemstone |nVidia 8600m-gt|160gb|2ghz|2gb |
|
|
|
|
22-07-2005, 02:30
|
#10 |
|
Senior Member
Iscritto dal: Oct 2001
Città: Lazio Età: 52 ex mod
Messaggi: 9300
|
I thread su trojan, virus ecc vanno aperti in Antivirus e Sicurezza, non in Programmi e Utility.
Sposto la discussione.
__________________
Guida CDR - SACD/DVD-A links - Pal,Secam, Ntsc - Fonts - Radio online - Jazz -Soul&Funky - siti traduzioni lingue non rispondo a msg privati sui monitor |
|
|
|
|
22-07-2005, 12:02
|
#11 |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Serve il log di hijackthis, altrimenti si va a tentoni.
http://www.majorgeeks.com/download3155.html Ciao
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 19:26.
