about blank

77andrea77 · 11-07-2004, 15:33

Ragazzi le ho provate tutte ma non riesco a rimuovere about blank.
Tra l'altro non mi si avvia nemmeno windows in modalità provvisoria.
Vi posto il log di HijackThis
Aspetto notizie.
grazie e ciao

Logfile of HijackThis v1.98.0
Scan saved at 15.31.17, on 11/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\CPUCooL\CooLSrv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\System32\GSICON.EXE
C:\WINDOWS\System32\dslagent.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
C:\WINDOWS\System32\wfxsnt40.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\WinMX\WinMX.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\hippyyaye\Impostazioni locali\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7431DD5A-DCDE-4F36-A3D2-D08FD08A6D74} - C:\WINDOWS\System32\aonod.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {DC99E960-6594-45e3-9D5D-141D825B8096} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO
O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1014_EN_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_EN_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C605A6C9-334B-41B0-A20F-9A3031AAB7F3}: NameServer = 62.211.69.150 212.48.4.15
O18 - Filter: text/html - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll
O18 - Filter: text/plain - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll

ciao

GiulioM · 11-07-2004, 17:20

Oddio...e' balordo ma si leva

guarda qui

http://forum.hwupgrade.it/showthread...hreadid=722343

netquik · 12-07-2004, 01:36

allora hai detto di aver provato tutto e findnfix non trova nulla no?

proviamo così

prima di tutto aggiorna adware con le ultime definizioni e procurati http://www.downloads.subratam.org/AboutBuster.zip

ora riavvia in provvisoria e fai pulizia con
Ad-ware settandolo come più profonda possibile
con HijckThis elimina
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

e fai almeno due volte la pulizia con
about:blaster

riavvia
e sperando qualcosa sia successo riposta il log di hijckThis

netquik · 12-07-2004, 01:41

per configurare al meglio adware segui questo...
nonpenso abbia bisogno di esssere trdotto

Launch the program, and click on the Gear at the top of the start screen.
Click the "Scanning" button (On the left side).
Under Drives & Folders, select "Scan within Archives" (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.)
Click "Click here to select Drives + folders" and select your installed hard drives.
Under Memory & Registry, select all options.
Click the "Advanced" button (On the left hand side).
Under "Log-file detail", select all options.
Click the "Tweak" button (Again, on the left hand side).
Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following:
"Include additional Ad-aware settings in logfile"
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Automatically try to unregister objects prior to deletion."
"Let Windows remove files in use after reboot."
Click on "Proceed" to save these Preferences.
Click on the "Scan Now" button on the left.
Under "Select Scan Mode, be sure to select "Use Custom Scanning Options".
Select "Activate in-Depth scan".
Close all programs except ad-aware.
Click on "Next" in the bottom right corner to start the scan.
Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to.
After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish.
Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.
Close Ad-Aware 6.
Download the free VX2 Cleaner http://updates.ls-servers.com/plvx2cleaner.exe.
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
If your computer isn’t infected, click "Close".
If your computer is infected:
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run a second scan to make sure the files have been removed from your computer.

The Lenny · 13-07-2004, 03:52

figata! bella 'sta scansione ignorante!

netquik · 13-07-2004, 13:42

se non dovesse funzionare....

proviamo a rifare la cosa più semplice...

riavvia in provvisoria, e in hijckThis elimina

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing)

O2 - BHO: (no name) - {7431DD5A-DCDE-4F36-A3D2-D08FD08A6D74} - C:\WINDOWS\System32\aonod.dll

O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binari..._1014_EN_XP.cab
O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_EN_XP.cab
O18 - Filter: text/html - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll
O18 - Filter: text/plain - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll

sempre da provvisoria rinominma e poi elimina
C:\WINDOWS\System32\aonod.dll

e fai una scansione come sopra con adaware...

riavvia e riposta il nuovo log

11-07-2004, 15:33	#1
77andrea77 Member Iscritto dal: Apr 2003 Messaggi: 296	about blank Ragazzi le ho provate tutte ma non riesco a rimuovere about blank. Tra l'altro non mi si avvia nemmeno windows in modalità provvisoria. Vi posto il log di HijackThis Aspetto notizie. grazie e ciao Logfile of HijackThis v1.98.0 Scan saved at 15.31.17, on 11/07/2004 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe C:\Programmi\CPUCooL\CooLSrv.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Norton AntiVirus\navapsvc.exe C:\Programmi\Norton AntiVirus\AdvTools\NPROTECT.EXE C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\anvshell.exe C:\WINDOWS\System32\GSICON.EXE C:\WINDOWS\System32\dslagent.exe C:\Programmi\File comuni\Symantec Shared\ccApp.exe C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe C:\WINDOWS\System32\wfxsnt40.exe C:\Programmi\QuickTime\qttask.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\rundll32.exe C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Programmi\eMule\emule.exe C:\Programmi\WinMX\WinMX.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\hippyyaye\Impostazioni locali\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {7431DD5A-DCDE-4F36-A3D2-D08FD08A6D74} - C:\WINDOWS\System32\aonod.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {DC99E960-6594-45e3-9D5D-141D825B8096} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [anvshell] anvshell.exe O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE O4 - HKLM\..\Run: [SoundMan] soundman.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [UninstallAbility] "C:\Programmi\UninstallAbility\uability.exe" /AUTO O4 - HKCU\..\Run: [Instant Access] rundll32.exe p2esocks_1014.dll,InstantAccess O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 6.0\Distillr\acrotray.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binarie...1014_EN_XP.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binarie...pe32_EN_XP.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C605A6C9-334B-41B0-A20F-9A3031AAB7F3}: NameServer = 62.211.69.150 212.48.4.15 O18 - Filter: text/html - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll O18 - Filter: text/plain - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll ciao

11-07-2004, 17:20	#2
GiulioM Senior Member Iscritto dal: May 2001 Città: Prov. di Alessandria Messaggi: 1842	Oddio...e' balordo ma si leva guarda qui http://forum.hwupgrade.it/showthread...hreadid=722343 __________________ PC1: p4 2400bus 800/ IC7 / 1GB ddr 400 / XFX 7600GT 256mb DDR3 / Maxtor 60gb /ali 400w/ Hitachi 174sxw PC2: p3 700 / BE6 / 512 sdr / POV MX2 400 /Quantum 20gb/Philips 107e/ alice 640 PC3: Acer TM292ELC Celeron M 1,3ghz / 256 ddr / Intel Extreme2 / Hd 40 gb / Combo DvD-CD / lcd 15"

12-07-2004, 01:36	#3
netquik Senior Member Iscritto dal: May 2001 Messaggi: 1740	allora hai detto di aver provato tutto e findnfix non trova nulla no? proviamo così prima di tutto aggiorna adware con le ultime definizioni e procurati http://www.downloads.subratam.org/AboutBuster.zip ora riavvia in provvisoria e fai pulizia con Ad-ware settandolo come più profonda possibile con HijckThis elimina R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank e fai almeno due volte la pulizia con about:blaster riavvia e sperando qualcosa sia successo riposta il log di hijckThis __________________ www.tweakness.net - Trucchi per il PC DECALOGO ANTISPY - GUIDA A HIJACKTHIS - GUIDA AI SERVIZI DI WIN XP - CONSIGLI ANTIVIRUS PER BART'S PE - SP2 SLIPSTREAMING - FAQ WINDOWS XPSP2 - I SERVIZI DOPO SP2 - XP SP2 UNATTENDED - GUIDA A nLite

12-07-2004, 01:41	#4
netquik Senior Member Iscritto dal: May 2001 Messaggi: 1740	per configurare al meglio adware segui questo... nonpenso abbia bisogno di esssere trdotto Launch the program, and click on the Gear at the top of the start screen. Click the "Scanning" button (On the left side). Under Drives & Folders, select "Scan within Archives" (Checked will be indicated by a green circle with a check mark in it, Un-Checked is a red circle with an X in it. If it is greyed out, those features are only available in the retail version.) Click "Click here to select Drives + folders" and select your installed hard drives. Under Memory & Registry, select all options. Click the "Advanced" button (On the left hand side). Under "Log-file detail", select all options. Click the "Tweak" button (Again, on the left hand side). Expand "Scanning Engine" by clicking on the "+" (Plus) symbol) and select the following: "Include additional Ad-aware settings in logfile" "Unload recognized processes during scanning." Under "Cleaning Engine", select the following: "Automatically try to unregister objects prior to deletion." "Let Windows remove files in use after reboot." Click on "Proceed" to save these Preferences. Click on the "Scan Now" button on the left. Under "Select Scan Mode, be sure to select "Use Custom Scanning Options". Select "Activate in-Depth scan". Close all programs except ad-aware. Click on "Next" in the bottom right corner to start the scan. Run the Ad-Aware scan and allow it to remove everything it finds and then REBOOT - Even if not prompted to. After you log back in, Ad-Aware may run to finalize the scan and remove any locked files that it may of found. Allow it to finish. Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in. Close Ad-Aware 6. Download the free VX2 Cleaner http://updates.ls-servers.com/plvx2cleaner.exe. Install the VX2 Cleaner. Start Ad-Aware and click on "Plug-ins". Select the VX2 Cleaner plug-in and click "Run Plugin". If your computer isn’t infected, click "Close". If your computer is infected: Select "Clean System". Reboot your computer. Scan your computer with Ad-Aware. Remove any VX2 objects detected. Reboot your computer again. Run a second scan to make sure the files have been removed from your computer. __________________ www.tweakness.net - Trucchi per il PC DECALOGO ANTISPY - GUIDA A HIJACKTHIS - GUIDA AI SERVIZI DI WIN XP - CONSIGLI ANTIVIRUS PER BART'S PE - SP2 SLIPSTREAMING - FAQ WINDOWS XPSP2 - I SERVIZI DOPO SP2 - XP SP2 UNATTENDED - GUIDA A nLite

13-07-2004, 03:52	#5
The Lenny Senior Member Iscritto dal: Apr 2004 Messaggi: 502	figata! bella 'sta scansione ignorante! __________________ "Chiù pilu pì tutti" - "Tira chiù nu pilu ca nu 'nsartu!" A volte, una ricerca su Google vale più di mille parole.. Non dimentichiamo che...

13-07-2004, 13:42	#6
netquik Senior Member Iscritto dal: May 2001 Messaggi: 1740	se non dovesse funzionare.... proviamo a rifare la cosa più semplice... riavvia in provvisoria, e in hijckThis elimina R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\HIPPYY~1\IMPOST~1\Temp\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINDOWS\mslagent\4b_1,0,1,0_mslagent.dll (file missing) O2 - BHO: (no name) - {7431DD5A-DCDE-4F36-A3D2-D08FD08A6D74} - C:\WINDOWS\System32\aonod.dll O16 - DPF: {0594AF7E-573B-40DF-8165-E47AB2EAEFE8} - http://akamai.downloadv3.com/binari..._1014_EN_XP.cab O16 - DPF: {EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1} - http://akamai.downloadv3.com/binari...tpe32_EN_XP.cab O18 - Filter: text/html - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll O18 - Filter: text/plain - {637945AE-3DFD-46AF-89B5-446EA5C59EB0} - C:\WINDOWS\System32\aonod.dll sempre da provvisoria rinominma e poi elimina C:\WINDOWS\System32\aonod.dll e fai una scansione come sopra con adaware... riavvia e riposta il nuovo log __________________ www.tweakness.net - Trucchi per il PC DECALOGO ANTISPY - GUIDA A HIJACKTHIS - GUIDA AI SERVIZI DI WIN XP - CONSIGLI ANTIVIRUS PER BART'S PE - SP2 SLIPSTREAMING - FAQ WINDOWS XPSP2 - I SERVIZI DOPO SP2 - XP SP2 UNATTENDED - GUIDA A nLite

Strumenti
Mostra una versione stampabile Invia questa pagina per email