Invio A Pop Non Desiderati (virus E1xplorer E W1inmovieplugin)

[sart]

PC inutilizzabile per vecchia infezione da parte di e1xplorer e w1inmovie...

:sigh: Invio a pop non desiderati e presenza icone persistenti!!!

Attendo aiuto o indicazioni prima di inserire log file seguente:

Logfile of HijackThis v1.99.1

Scan saved at 17.19.43, on 12/11/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Grazie anticipatamente, ahime !!! Quanto son scarso con sti PC!!!

[Kuma]

[ben]jjump[/ben]

Ciao, posta il log di HIJACK completo dalla prima all'ultima riga che vediamo cosa si carica...

Visto che ci siamo, preleva l'ultima versione per fare il log (quella che usi è ormai vecchia)

Istruzioni e Download Hijack

___ PS___

Speriamo che non sia troppo infetto, perchè molti tools non lavorano con windows 98 :angel_not:

[sart]

Intanto grazie della disponibilità dimostrata, se va male potrei comunque riformattare tutto, ma spero non serva posto qui il log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18.17.15, on 12/12/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ANVSHELL.EXE

C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\WINDOWS\ATIP.EXE

C:\WINDOWS\APPLICATION DATA\RATOREFACI\SYSRTMVS.EXE

C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60046

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60046

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60046

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60046

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60046

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Programmi\ASUS\Tweaking Utilities\atstart.exe

O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [AtiPanel] C:\WINDOWS\atip.exe

O4 - HKLM\..\Run: [aouei] C:\WINDOWS\Application Data\ratorefaci\sysrtmvs.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O9 - Extra button: @sysiecom.dll,-2100@1040,Traduci (SYSTRAN) - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2102@1040,SYSTRAN: Traduci - {703436F1-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra button: @sysiecom.dll,-2103@1040,Traduci frame (SYSTRAN) - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2105@1040,SYSTRAN: Traduci tutti i frame - {703436F2-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra button: @sysiecom.dll,-2115@1040,Opzioni (SYSTRAN) - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2117@1040,SYSTRAN: Opzioni - {703436F3-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra button: (no name) - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2108@1040,SYSTRAN: Cancella cache traduzione - {703436F4-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra button: (no name) - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2111@1040,SYSTRAN: Registra - {703436F5-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra button: (no name) - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O9 - Extra 'Tools' menuitem: @sysiecom.dll,-2114@1040,SYSTRAN: Verifica aggiornamenti - {703436F6-3E1F-11d3-8F6B-00105A2A1D59} - (no file)

O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.com/italy/start

O15 - Trusted Zone: www.softlab.name

O15 - Trusted Zone: www.adslconnection.name

O15 - Trusted Zone: www.xxx-content.name

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O24 - Desktop Component 0: (no name) - file:///C:/Documenti/Immagini/Filippo/DSCN0318_JPG_file/DSCN0318.JPG

--

End of file - 4894 bytes

[Steve75]

ciao

proviamo a fare tutto manualmente;

Avvia hijackthis, metti la spunta alle voci che andro ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked

O4 - HKLM\..\Run: [AtiPanel] C:\WINDOWS\atip.exe

O4 - HKLM\..\Run: [aouei] C:\WINDOWS\Application Data\ratorefaci\sysrtmvs.exe

Tutte le 015

e anche le 09 se non hai piu systran

poi cerca ed elimina;

C:\WINDOWS\ATIP.EXE

C:\WINDOWS\APPLICATION DATA\RATOREFACI -->cartella

[sart]

OK, ho eseguito quanto consigliato ora il mio log ha questo aspetto:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 0.29.51, on 15/12/07

Platform: Windows 98 SE (Win9x 4.10.2222A)

MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Boot mode: Normal

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL

C:\WINDOWS\SYSTEM\MSGSRV32.EXE

C:\WINDOWS\SYSTEM\MPREXE.EXE

C:\WINDOWS\SYSTEM\mmtask.tsk

C:\WINDOWS\EXPLORER.EXE

C:\WINDOWS\TASKMON.EXE

C:\WINDOWS\SYSTEM\SYSTRAY.EXE

C:\WINDOWS\ANVSHELL.EXE

C:\PROGRAMMI\CREATIVE\SHAREDLL\CTNOTIFY.EXE

C:\PROGRAMMI\CREATIVE\SHAREDLL\MEDIADET.EXE

C:\WINDOWS\SYSTEM\WMIEXE.EXE

C:\WINDOWS\SYSTEM\RNAAPP.EXE

C:\WINDOWS\SYSTEM\TAPISRV.EXE

C:\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.a...&tbid=60046

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60046

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60046

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60046

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60046

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX

O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O4 - HKLM\..\Run: [scanRegistry] C:\WINDOWS\scanregw.exe /autorun

O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe

O4 - HKLM\..\Run: [systemTray] SysTray.Exe

O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O4 - HKLM\..\Run: [anvshell] anvshell.exe

O4 - HKLM\..\Run: [ASUSTweakEnable] C:\Programmi\ASUS\Tweaking Utilities\atstart.exe

O4 - HKLM\..\Run: [Rilevatore di dischi] C:\Programmi\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\Run: [Disc Detector] C:\Programmi\Creative\ShareDLL\CtNotify.exe

O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

O8 - Extra context menu item: Crawler Search - tbr:iemenu

O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it

O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.com/italy/start

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll

O24 - Desktop Component 0: (no name) - file:///C:/Documenti/Immagini/Filippo/DSCN0318_JPG_file/DSCN0318.JPG

--

End of file - 3164 bytes

Per il momento avrei cancellato manualmente da esplora risorse tutti i file E1xplorer e W1inmovie...

per il momento non riappaiono più. Penso di dover controllare tutto con un buon antivirus spyware malware hai qualche suggerimento? Anche i cosidetti free necessitano di registrazione per eliminare file infetti io al momento non mi sono ancora fidato di navigare in internet con quel PC.

Sono già molto contento che non appaiano icone o partano numeri pop non desiderati.

Grazie molte, mi sento in debito!!!

[Steve75]

il log é pulito, dovresti comunque installare un antivirus , un firewall e dovresti anche aggiornare il sistema....