Ho pensato subito ad un virus ma vorrei aver certezza, in quanto stamattina dopo ulteriori tentativi di ripristino, e dopo tempestivi messaggi di errore, sul kernel, improvvisamente riesco a lanciare gran parte delle applicazioni eccetto OUTLOOK che segnala sempre lo stesso errore. Oltretutto riesco a vedere il contenuto delle cartelle. Quindi mi sono proposto di risolvere il problema entro stamattina e prima del prossimo arresto del pc, in quanto al prossimo avvio potrei risocntrare gli stessi errori.
Le operazioni di ripristino per risolvere sono queste:
- Controllato applicazioni in esecuzione (0 file sospetti)
- Controllato chiavi registro autorun (0 chiavi sospette)
- Ripristinato registro al 9 settembre 2005
- Reinstallazione OS (windows 98se)
All'avvio dopo la reinstallazione dell'oS, prima di caricare il desktop uno strano messaggio: mi elencava circa nomi di drivers, annunciando che questi file sono stati recentemente modificati da un applicazione eseguita recentemente. E windows potrebbe non funzionare correttamente. Per ripristinare tali Riavviare Sistema. Lo fatto ma scarsi risultati.
Attendo con grande piacere una vostra pronta considerazione.
Ringrazio tutti in anticipo per aver dimostrato interesse al mio problema
.
Vi riporto in fondo pagina il log di hijack magari qualcuno potrebbe individurare i sospetti e potrei tentare di fixare le chiavi...
Logfile of HijackThis v1.99.1
Scan saved at 10.10.47, on 26/11/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\STARTER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\ALICE\ALICE ENTERNET\APP\ENTERNET.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSIMPL.EXE
D:\ARTICOLI - PROGRAMMAZIONE - HACK - WAREZ ECT\APPLZ ^ HACK ^ SICUREZZA\PROTEZIONE AND AV^^\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.freehqmovies.com/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freehqmovies.com/enter.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.freehqmovies.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.linksummary.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.freehqmovies.com/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://martfinder.com/reindex.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {FFFFFEF0-5B30-21D4-945D-000000000000} - C:\PROGRA~1\STARDO~1\SDIEINT.DLL
O2 - BHO: FHFMMObj Class - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - C:\WINDOWS\FHFMM.DLL (file missing)
O2 - BHO: BHO.clsUrlSearch - {60E78CAC-E9A7-4302-B9EE-8582EDE22FBF} - C:\WINDOWS\SYSTEM\BHO001.DLL (file missing)
O2 - BHO: F1 Organizer Class - {00000EF1-34E3-4633-87C6-1AA7A44296DA} - C:\WINDOWS\SYSTEM\GBROLYSHJU.DLL (file missing)
O2 - BHO: eXact Browser Companion - {F9765480-72D1-11D4-A75A-004F49045A87} - C:\PROGRAMMI\EXACT\EXACTTOOLBAR.DLL (file missing)
O2 - BHO: MSViewObj Class - {00000580-C637-11D5-831C-00105AD6ACF0} - C:\WINDOWS\MSVIEW.DLL (file missing)
O2 - BHO: (no name) - {00A0A40C-F432-4C59-BA11-B25D142C7AB7} - C:\PROGRA~2\CLIENT~1\RUN\2IN161~1.DLL (file missing)
O2 - BHO: DnsRepObj Class - {96BE1D9A-9E54-4344-A27A-37C088D64FB4} - C:\PROGRAM FILES\CLIENTMAN\RUN\DNSREPA9C22CA5.DLL (file missing)
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\PROGRA~2\CLIENT~1\RUN\GSTYLE~1.DLL (file missing)
O2 - BHO: MsVrfyObj Class - {166348F1-2C41-4C9F-86BB-EB2B8ADE030C} - C:\PROGRAM FILES\CLIENTMAN\RUN\MSVRFY804449FD.DLL (file missing)
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\PROGRA~2\CLIENT~1\RUN\TRACKU~1.DLL (file missing)
O2 - BHO: CUrlCliObj Class - {A097840A-61F8-4B89-8693-F68F641CC838} - C:\PROGRAM FILES\CLIENTMAN\RUN\URLCLI50C9D9FA.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAMMI\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O2 - BHO: (no name) - {F7F808F0-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\PROGRAM FILES\NAVEXCEL\NAVHELPER\V2.0.2\NHELPER.DLL (file missing)
O2 - BHO: UrlCatcher Class - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\PROGRA~1\BARGAI~1\BIN2\APUC.DLL (file missing)
O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - (no file)
O2 - BHO: ctadl Class - {AEFCDEC8-EB7D-429F-BC73-4F30D07BFE41} - C:\WINDOWS\SYSTEM\CTADL2.DLL (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (file missing)
O2 - BHO: ctsr Class - {858126B0-3708-4051-AE8E-B48521401CA2} - C:\WINDOWS\SYSTEM\CTSR3.DLL (file missing)
O2 - BHO: ctap Class - {DB0018A2-F7D9-4B71-9651-640143DF23F9} - C:\WINDOWS\SYSTEM\CTAP7.DLL (file missing)
O2 - BHO: psic Class - {B6598677-4B54-42A9-BA67-8B64E3FCD92D} - C:\WINDOWS\SYSTEM\PSIC1.DLL (file missing)
O2 - BHO: ctpp Class - {4B021269-DD24-48B2-96B4-DA121E9C0502} - C:\WINDOWS\SYSTEM\CTPP7.DLL (file missing)
O2 - BHO: brdg Class - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - C:\WINDOWS\DOWNLOADED PROGRAM FILES\BRIDGE.DLL (file missing)
O2 - BHO: (no name) - {83DE62E0-5805-11D8-9B25-00E04C60FAF2} - C:\WINDOWS\2_0_1browserhelper2.dll (file missing)
O3 - Toolbar: (no name) - {69550BE2-9A78-11D2-BA91-00600827878D} - (no file)
O3 - Toolbar: &eXact Toolbar - {224530A0-C9CB-4AEE-9C0F-54AC1B533211} - C:\PROGRAMMI\EXACT\EXACTTOOLBAR.DLL (file missing)
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAMMI\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
O3 - Toolbar: ISTbar - {5F1ABCDB-A875-46c1-8345-B72A4567E486} - C:\PROGRAMMI\ISTBAR\ISTBAR.DLL (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\PROGRAM FILES\MSN TOOLBAR\01.01.2607.0\IT\MSNTB.DLL
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NetMouse] C:\GNET98\gmnet.exe
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [Dialer Control] C:\PROGRA~1\DIALER~1\DC.EXE
O4 - HKLM\..\Run: [Safe] C:\Programmi\Save\Save.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NetPumper] "C:\Programmi\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [ACADMA.EXE] C:\PROGRAMMI\ACCESS ADMINISTRATOR\ACADMA.EXE
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe C:\WINDOWS\Pirelli.USB\CnxTrApp.dll,AppEntryA -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Startup: Encoder Agent.lnk = C:\Programmi\Windows Media Components\Encoder\WMENCAGT.EXE
O4 - User Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - User Startup: Encoder Agent.lnk = C:\Programmi\Windows Media Components\Encoder\WMENCAGT.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: PC Manager - file://D:\Various RW\sicurezza - gudie & applicazioni\WManager.exe
O8 - Extra context menu item: Edit with &XML Spy - C:\Programmi\Altova\AUTHENTIC\spy.htm
O8 - Extra context menu item: Download with Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Scarica con Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Download with NetPumper - C:\Programmi\NetPumper\AddUrl.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Save Flash - res://C:\PROGRAMMI\UNH SOLUTIONS\FLASH SAVING PLUGIN\FLASHSBUTTON.DLL/210
O8 - Extra context menu item: Salva oggetto con Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\sdie.htm
O8 - Extra context menu item: Accoda in Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\sdieenq.htm
O8 - Extra context menu item: Salva tutti gli oggetti con Star Downloader - C:\PROGRAMMI\STAR DOWNLOADER\leechie.htm
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programmi\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programmi\Altova\AUTHENTIC\spy.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Programmi\Altova\AUTHENTIC\spy.htm (file missing) (HKCU)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\PROGRAMMI\UNH SOLUTIONS\FLASH SAVING PLUGIN\FLASHSBUTTON.DLL (HKCU)
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O13 - WWW. Prefix: http://%65%68%74%74%70%2E%63%63/?
O16 - DPF: {00000012-890E-4AAC-AFD9-EFF6954A34DD} -
O16 - DPF: {8522F9B3-38C5-4AA4-AE40-7401F1BBC851} - http://62.129.133.7/mt/dialers/nl/intl2 ... 931707.cab
O16 - DPF: {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} (FHFMMObj Class) -
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {A45F39DC-3608-4237-8F0E-139F1BC49464} - http://php.offshoreclicks.com/dialup_files/99950291.cab
O16 - DPF: {018B7EC3-EECA-11D3-8E71-0000E82C6C0D} (Installer Class) - http://www.gxplugin.com/loader/dialer_files/100038.exe
O16 - DPF: {A1DC3241-B122-195F-B21A-000000000000} - http://pluginaccess.com/Browser_Plugin.cab
O16 - DPF: {FFFF0003-0001-101A-A3C9-08002B2F49FB} - http://deposito.hostance.net/dialer/304067.exe
O16 - DPF: {FFFF0017-0002-101A-A3C9-08002B2F49FB} - http://www.cellularlook.net/23c25375.exe
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://216.219.226.165/pgm/basta81.EXE
O16 - DPF: {DA9A0B1E-9B7B-11D3-B8A4-00C04F79641C} (NSUpdateLiteCtrl Class) - http://xbs.mtreexxx.nl/mt/dialers/on/NSupd9x.cab
O16 - DPF: {11BF0E2B-4229-4ADC-9C11-1C6968731018} (Download Class) - http://www.0190-dialer.com/VLoading.cab
O16 - DPF: {5D589287-1496-4223-AE64-65FA078B5EAB} (Server Class) - http://client.vrmedia.it/XVRPlayer.cab
O16 - DPF: {8334A270-3B24-4D17-9809-890E57B21183} (VRScript3D Class) - http://percro.sssup.it/~sandro/ControlloB.dll
O16 - DPF: {F5192746-22D6-41BD-9D2D-1E75D14FBD3C} (ddm_download.ddm_control) - http://download.rfwnad.com/cab/crack.CAB
O16 - DPF: {AB1E62EB-3DE3-428F-A417-64AB3C9B6CF0} (eConn Class) - http://econnect.libereco.net/econnect.cab
O16 - DPF: {02C20140-76F8-4763-83D5-B660107B7A90} (Moniker32 Class) - http://63.219.181.7/cax.cab
O16 - DPF: {FC87A650-207D-4392-A6A1-82ADBC56FA64} (MultiDist) - http://xbs.climaxbucks.com/internet-opt ... tiDist.CAB
O16 - DPF: {87D1A6EF-8CBC-458A-84B5-0333562418CD} (ctadlctrl Class) - http://www.clicktracking.info/ctadl1.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014061.exe
O16 - DPF: {12398DD6-40AA-4C40-A4EC-A42CFC0DE797} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/games-gb/gb/games4.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://www2.flingstone.com/cab/98ME/CDTInc/bridge.cab
O16 - DPF: {EF86873F-04C2-4A95-A373-5703C08EFC7B} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... cracks.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O18 - Protocol: ayb - (no CLSID) - (no file)
O18 - Filter: text/html - {0A077C00-81C6-11D8-8DDC-444553540000} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.15.DAT