kyuss
03-02-2005, 18:06
oggi ho usato per la prima volta questo programma ma non mi è chiaro il funzionamento (son andato sul sito http://www.tomcoyote.org/hjt/#Top e non è stato di grande aiuto come tutorial).
ho fatto il log ho usato il link il link (http://www.ilsoftware.it/hijackthis.asp) per vedere cosa avrei dovuto eliminare.
uso il fix sugli elementi consigliati ma allo scan seguente mi ritrovo gli stessi elementi.
quindi non capisco come eliminarli definitivamente
questo è il log:
Logfile of HijackThis v1.99.0
Scan saved at 18.05.27, on 03/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmi\Sygate\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\WinPortrait\wpctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Sicurezza\Avast\aswUpdSv.exe
C:\Programmi\WinPortrait\floater.exe
D:\Programmi\Portrait Displays\forteManager\dtsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Sicurezza\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\SICURE~1\Avast\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - D:\Sicurezza\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - D:\Sicurezza\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Sicurezza\Avast\ashMaiSv.exe
O23 - Service: Portrait Displays Display Tune Service - Unknown - D:\Programmi\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - D:\Programmi\Sygate\smc.exe
dovrei eliminare: tutti gli O13 ma dopo il fix li trovo allo stesso posto.
ho fatto il log ho usato il link il link (http://www.ilsoftware.it/hijackthis.asp) per vedere cosa avrei dovuto eliminare.
uso il fix sugli elementi consigliati ma allo scan seguente mi ritrovo gli stessi elementi.
quindi non capisco come eliminarli definitivamente
questo è il log:
Logfile of HijackThis v1.99.0
Scan saved at 18.05.27, on 03/02/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programmi\Sygate\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Programmi\WinPortrait\wpctrl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
D:\Sicurezza\Avast\aswUpdSv.exe
C:\Programmi\WinPortrait\floater.exe
D:\Programmi\Portrait Displays\forteManager\dtsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Sicurezza\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinFoxV2] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SmcService] D:\PROGRA~1\Sygate\smc.exe -startgui
O4 - HKLM\..\Run: [PivotSoftware] "C:\Programmi\WinPortrait\wpctrl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] D:\SICURE~1\Avast\ashDisp.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - D:\Sicurezza\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - D:\Sicurezza\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Sicurezza\Avast\ashMaiSv.exe
O23 - Service: Portrait Displays Display Tune Service - Unknown - D:\Programmi\Portrait Displays\forteManager\dtsrvc.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sygate Personal Firewall Pro - Sygate Technologies, Inc. - D:\Programmi\Sygate\smc.exe
dovrei eliminare: tutti gli O13 ma dopo il fix li trovo allo stesso posto.