PDA

View Full Version : log di Hijack un aiuto

steghi
02-10-2004, 00:03
Logfile of HijackThis v1.98.2
Scan saved at 0.00.04, on 02/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\windllsys32.exe
C:\WINDOWS\System32\systime.exe
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Downloads\Antivirus\HijackThis.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - Startup: Barra degli strumenti Microsoft Office.lnk = ?
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll


la palla è che mi carica sempre come pagina iniziale:
http://213.159.117.134/index.php
che vedete nel log
Ho fatto girare Hijack ed adware a CWShredder, ma me la ritrovo sempre qui anche dopo che l'ho fixata
canapa
02-10-2004, 00:16
Secondo me (e quindi non ti fidare molto :D :D ) dovresti fixare tutte le
R1 e R0, ma dato che non sono esperto aspetta l'aiuto di qualche guru.

Mentre questo:
C:\WINDOWS\system32\slserv.exe
Appartiene sia ad un driver, e quindi va bene, ma anche al virus gaobot (anche se io propendo per la prima).
steghi
02-10-2004, 00:46
li ho fissati...ma ritornano
:(
canapa
02-10-2004, 01:12
Anche questi 3 non sono molto chiari
C:\WINDOWS\System32\systime.exe
C:\WINDOWS\System32\windllsys32.exe
C:\WINDOWS\System32\systime.exe
Specie il secondo
netquik
02-10-2004, 01:33
fixa questi

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://213.159.117.134/index.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://213.159.117.134/index.php

O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - C:\WINDOWS\chp.dll


poi prova
da esegui

regsvr32 /u CHP.DLL

e quindi elimina il file chp.dll

ciao