View Full Version : LOG DI HIJACK!!
ciao !
ho beccato about:blank......
ho seguito le istruzioni per levarlo.. ma ho qualceh dubbio:
ecco a voi il log di hijack:
Logfile of HijackThis v1.97.7
Scan saved at 19.24.44, on 05/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\DirectCn++\Prog. Scaricati1\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.3800694444
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 80.19.134.152
qual' e' il file che devo FIXARE?
sulla giuda si parlava dei random 02... e 04.... non ho ben capito quali...
successivamente devo fare partire about buster.... e ecceccecc..
chi mi sa dire qualcosa?
;)
porva innanzitutti a eseguire due volte AboutBuster
http://www.majorgeeks.com/download4289.html
da modalità provvisoria...
riavvia e riposta il nuovo log
okay?
Originariamente inviato da netquik
porva innanzitutti a eseguire due volte AboutBuster
http://www.majorgeeks.com/download4289.html
da modalità provvisoria...
riavvia e riposta il nuovo log
okay?
anche da modalita' provvisoria mi dice che mi manca il file mscomctl.ocx ... che roba e'? sara' per colpa dello spy?
no è probabile che non hai i runtimes necessari...
http://www.malwarebytes.biz/forums/index.php?showtopic=5
Originariamente inviato da netquik
no è probabile che non hai i runtimes necessari...
http://www.malwarebytes.biz/forums/index.php?showtopic=5
nada... installato il file che mi dicevi...... ma solito risultato....:muro:
hai scompattato about buster in una cartella?
e hai riavviato dopo aver installato MSVB6?
inoltre scusa mi noto ora che usi una vecchia versione di hijackthis...
scarica la nuova ...è necessario...
Originariamente inviato da netquik
hai scompattato about buster in una cartella?
mha... ho estratto il file con win rar in una cartella... dovevo fare diversamente?
il ho preso about dai link postati... credo che sia l'ultima versione... eventualmente mi posti un link aggiornato?
si, ho scaricato e installato il file della microsofr che mi hai postato...
http://www.majorgeeks.com/download4289.html
sì questo è il link...
mah vabbè se proprio dopo queste tentativi non dovesse andare
scarica comunque hijackthis nuovo e posta il nuovo log
http://www.majorgeeks.com/download3155.html
ah considera che l'archivio aboutbuster.zip contiene l'eseguibile e una dll... quindi estrai tutto in una cartella tipo C:\AboutBuster
e prova a farlo partire..
Originariamente inviato da netquik
ah considera che l'archivio aboutbuster.zip contiene l'eseguibile e una dll... quindi estrai tutto in una cartella tipo C:\AboutBuster
e prova a farlo partire..
ho provato in tutte le salse...
http://img4.exs.cx/img4/8176/RidimensionadiIM1688.jpg
ultima prova esegui questo
http://www.javacoolsoftware.net/downloads/missingfilesetup.exe
Originariamente inviato da netquik
ultima prova esegui questo
http://www.javacoolsoftware.net/downloads/missingfilesetup.exe
ottimo.. ora sembra fungere!
ma che file mi mancava?
dopo ora provo a fare la procedura standard... poi ti faccio sapere...
ps grazie 10000 x la disponibilita'!:D
bene... puffff...
fai DUE passate con about da provissoria
purtroppo mi devo assentare per un po...
comunque dopo aver fatto le due passate..
riavvia e posta il nuovo log di hiajackthis
(mi raccomando scarica l'ultima versione)
appena torno ci do un'occhiata...
eccomi!
allora....
about buster effettuato da modalita' provvisoria:
Scanned at: 16.13.18 on: 06/09/2004
-- Scan 1 ---------------------------
About:Buster Version 3.0
Reference List : 15
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
-- Scan 2 ---------------------------
About:Buster Version 3.0
Reference List : 15
No ADS found on system
Attempted Clean Of Temp folder.
Pages Reset... Done!
hijack:
Logfile of HijackThis v1.97.7
Scan saved at 16.52.27, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINNT\system32\NOTEPAD.EXE
E:\DirectCn++\Prog. Scaricati1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.3800694444
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 80.19.134.152
Scanned at: 16.45.04 on: 06/09/2004
dimenticavo, di hijack ho la versione v 1.97.7
credo che sia l'ultima, no?
ciao! fammi sapere!
Originariamente inviato da netquik
purtroppo mi devo assentare per un po...
comunque dopo aver fatto le due passate..
riavvia e posta il nuovo log di hiajackthis
(mi raccomando scarica l'ultima versione)
appena torno ci do un'occhiata...
ecco come si presenta il mio hujack:
Logfile of HijackThis v1.97.7
Scan saved at 20.05.57, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
E:\DirectCn++\Prog. Scaricati1\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38037.3800694444
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 151.99.
allora quindi Bout non ha trovato nulla..
priam di fixare con hijackthis devi assolutamente scaricare l'ultima versione
http://www.majorgeeks.com/download3155.html
e posta re il nuovo log
Originariamente inviato da netquik
allora quindi Bout non ha trovato nulla..
priam di fixare con hijackthis devi assolutamente scaricare l'ultima versione
http://www.majorgeeks.com/download3155.html
e posta re il nuovo log
Logfile of HijackThis v1.98.2
Scan saved at 21.12.10, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Paolo\IMPOST~1\Temp\Rar$EX00.783\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 151.99.0.100 212.216.172.62
O18 - Filter: text/html - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/plain - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
ecco qua!
infatti...
allora proviamo prima fixare normalmente... poi se non va dobbiamo verificare che non ci siano dll nascoste...
allora possibilemente da modalità provvissoria
fixa queste righe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/html - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/plain - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
in esegui
regsvr32 /u "C:\WINNT\system32\ealmpi.dll"
e poi elimina C:\WINNT\system32\ealmpi.dll
riavvia e riposta un nuovo log
Originariamente inviato da netquik
infatti...
allora proviamo prima fixare normalmente... poi se non va dobbiamo verificare che non ci siano dll nascoste...
allora possibilemente da modalità provvissoria
fixa queste righe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Paolo\IMPOST~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/html - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/plain - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
in esegui
regsvr32 /u "C:\WINNT\system32\ealmpi.dll"
e poi elimina C:\WINNT\system32\ealmpi.dll
riavvia e riposta un nuovo log
piccolo problemino.... il log di prima non mi riappare piu'...:S adesso ho questo!
come mai?
la versione di hijack e' la stessa .. overo l'ultima!:
Logfile of HijackThis v1.98.2
Scan saved at 22.31.01, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Paolo\IMPOST~1\Temp\Rar$EX00.524\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {540F31D2-71AE-402F-9888-6CB3CF3CF9C6} - C:\WINNT\system32\ealmpi.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 80.19.134.152 151.99.125.1
O18 - Filter: text/html - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
O18 - Filter: text/plain - {72BDC397-9743-4BD0-8FB9-D32AF9C2262D} - C:\WINNT\system32\ealmpi.dll
non so piu' qulale file fixare.. dato che non c'e' lo stesso r1 ecc ecc...
no problem
segui le istruzioni di prima..
ma fixa tutti gli R
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :NavigationFailure
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about :NavigationFailure
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
sto impazzando!
apparte il fatto che ora mi e' tronato il 1o LOG e non ho capito il perche'...
cmq ho seguito le prime istruzioni che mi hai dato... e ho cancellato 4 file r1, un 02, e 2 018......
pero' mi scrive questa quando faccio esegui:
non trovo il file che ho specificato!
come faccio?
son andato pure in quella cartella e quel file proprio non lo vedo!
http://img35.exs.cx/img35/3246/RidimensionadiIM001688.jpg
okay.. calma...
assicurati che sia attiva la vis dei file nascosti e di sistema in opzioni cartella
regsrv non fa niente..
ma è necessario eliminare la dll...
prova da provvisoria nel caso
stiamo provando la via facile... non ti preoccupare...
se non va.. c'è altro da provare
;)
Originariamente inviato da netquik
stiamo provando la via facile... non ti preoccupare...
se non va.. c'è altro da provare
;)
azz.. io gia mi sento perso.... figuriamoci quella difficile!!!
cmq posta pure altri metodi.... :mc:
ps.. qualcosa pero' e' cambiato!
ora mi fa aprire la posta di hotmail.... e non mi attivano piu' gli avvisi di spy sweeper....
ora provo a riavviare e vedo se e' permanente questa situaz!
incorciamo tutto...
se non funziona
prova così
scarica questa utility
http://download.broadbandmedic.com/DllCompare.exe
falla partire e fai Run Locate.com
completato fai in basso compare
una volta che avrà finito ... troverai la lista delle dll esistenti nel pannello di sopra...
quelle sospette nel pannello di sotto...
se vi sono delle dll nel pannello di sotto selezionale una per volta e col tasto destro fai RESCAN...
una volta fatto fai Make a log file e posta il risultato...
ho riavviato.. e sembra fungere tutto bene....
adesso do una passatina di spy sweeper... che per il momento (60%) ha gia trovato 7 spy.......
come hai fatto a distinguere i file da levare? sia nel 1o che 2o log?
se e' una cosa veloce mi piacerebbe saperlo.....
speriamo di aver levato del tutto questo bastardo about!!!!
vai cauto...
più che altro posta un nuovo log di hijackthis...
il rischio è che riesca a rigenerarsi sfruttando la connessione...
per quanto riguada il file da eliminare...
puoi farlo abbastanza facilmente usando
1. Google
2. l'analizzatore di log (che trovi nei posts in evidenza)
ma fai attenzione che niente è perfetto e anche l'analizzatore può sbagliare...
per spysweeper
questo programma è ottimo ma lla volte fin troppo preciso...
difficle che non trovi niente ;)
[B]..
il rischio è che riesca a rigenerarsi sfruttando la connessione...
azz.... ma e' proprio bastardo dentro!!!
traun momento posto pure il nuovo log
eccolo!
Logfile of HijackThis v1.98.2
Scan saved at 23.50.49, on 06/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Paolo\IMPOST~1\Temp\Rar$EX00.233\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 80.19.134.152 151.99.125.1
allora in teoria se il ocntrollo e' giusto... dovrebbe ancora esserci 2 o 3 file che non vanno....
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://forum.hwupgrade.it/index.php ', delete it.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
Possibly nasty This page could possibly be nasty. If you do not know the entry 'http://forum.hwupgrade.it/index.php ', delete it.
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
Nasty This entry should be fixed by HijackThis! This entry should be fixed by HijackThis!
fixo?
quel file da cancellare.... il system 32 ecc ecc..... che cos'era? lo hai controllato anche quello col post... o lo sapevi?
ps.. FIXARE.. vuol dire eliminare oppure il pc ha blocato questi file/scrip/varie&eventuali?
ok... allora:
Logfile of HijackThis v1.98.2
Scan saved at 0.04.40, on 07/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\svchost.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\rundll32.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\WINNT\system32\internat.exe
C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Paolo\Desktop\HijackThis.exe
C:\WINNT\notepad.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://forum.hwupgrade.it/index.php
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [DU Meter] C:\Documents and Settings\Paolo\Documenti\contatore\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{3396DE35-1848-45C0-A4E5-6BD4B108746E}: NameServer = 80.19.134.152 151.99.125.1
mettendo nell'analizzatore di log... adesso c'e' solo icone gialle....
bha... speriamo bene...
prima ho levato anche l'ultimo bastardello rosso...
Be' speriamo che sia tutto apposto... tra le altre cose sei stato davvero gentilissimo a postare tutte queste volte x aiutarmi!
grazie 1000000 mi sei stato utilissmimo!
:vicini:
Il tuo procedimento è corretto...
ma il forum di harwareupgrade lo hai messo tu come pagina iniziale
quindi non lo devi fixare ;)
per il log è PULITO
fixare per hijackthis in genere significa eliminare... altre volte resettare (seguendo le impostazioni del programma che puoi modificare)
a proposito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
è un errore dell'analizzatore...
quella chiave è più che leggittima...
okay.... ;)
Originariamente inviato da netquik
a proposito
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
è un errore dell'analizzatore...
quella chiave è più che leggittima...
okay.... ;)
ah buono......
ho appena fatto fuori una chiave importante?
c'havevo pensato al fatto che tu non me l'avessi fatta cancellare...
pero' parlavi di RIGENERAZIONI.....
ma pork......
e' un dramma senza quella chiavina?
speriamo di no..... eh?
no no... anche perchè credo proprio che sia stata ricreata...
altra punto a favore di hijackthis...
se vuoi controlla ... e puoi ripristinarla dal backup
(solo quella però)
N.B.
per questo è consigliabile mettere Hijackthis in una sua cartella
vBulletin® v3.6.4, Copyright ©2000-2026, Jelsoft Enterprises Ltd.