|
|||||||
|
|
|
 |
|
|
Strumenti |
25-10-2004, 08:48
|
#1 |
|
Senior Member
Iscritto dal: May 2003
Messaggi: 1953
|
Pc appestato
Ho per le mani un pc super appestato, compreso un simpatico ospite che ad ogni connessione reimposta nome utente e numero del collegamento. Mi dareste una mano a ripulirlo? Posto il log di Hijack
Logfile of HijackThis v1.98.2 Scan saved at 20.55.10, on 22/10/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v5.50 (5.50.4134.0100) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMMI\ADAPTEC\DIRECTCD\DIRECTCD.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\PROGRAMMI\TRUST\12326 AMI MOUSE 250S MINI OPTICAL\1.0\LWBWHEEL.EXE C:\WINDOWS\SYSTEM\HPZTSB03.EXE C:\PROGRAMMI\NORTON ANTIVIRUS\NAVAPW32.EXE C:\WINDOWS\LOADQM.EXE C:\WINDOWS\SYSTEM\SPOOL32.EXE C:\WINDOWS\SYSTEM\EXPLORER.EXE C:\PROGRAMMI\ADAPTEC\EASY CD CREATOR 4\CREATECD\CREATECD.EXE C:\LOTUS\ORGANIZE\EASYCLIP.EXE C:\LOTUS\REGISTER\REMIND32.EXE C:\WINDOWS\DESKTOP\TOOLS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://tin.virgilio.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Systran40premi.IEPlugIn - {CFB25594-4D5F-11D6-AB7B-00B0D094B576} - C:\PROGRAMMI\SYSTRAN\4_0\PREMIUM\IEPLUGIN.DLL O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE O4 - HKLM\..\Run: [LWBMOUSE] C:\Programmi\Trust\12326 AMI MOUSE 250S MINI OPTICAL\1.0\lwbwheel.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb03.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMON.EXE O4 - HKLM\..\Run: [explorer] C:\WINDOWS\SYSTEM\explorer.exe -go -c7 -w5 O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Programmi\File comuni\Symantec Shared\Script Blocking\SBServ.exe" -reg O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE O4 - Startup: EPSON Controllo in background.lnk = C:\ESM2\Stms.exe O4 - Startup: Lotus Organizer EasyClip.lnk = C:\lotus\organize\easyclip.exe O4 - Startup: Registrazione Lotus SmartSuite Versione 9.lnk = C:\lotus\register\remind32.exe O4 - Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...tatsClient.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...reShowdown.cab O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab O16 - DPF: {11111111-1111-1111-1111-511111113457} - file://c:\x.cab O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab |
|
|
|
25-10-2004, 10:59
|
#2 |
|
Senior Member
Iscritto dal: Sep 2000
Città: Anzio
Messaggi: 2970
|
Allora, intanto il risultato incollalo qui che ti dice lui cosa non va!
 http://hijackthis.de/index.php?langselect=italian Poi ti consiglio una bella scansione con questi antivirus online: http://www.bitdefender.com/scan/license.php http://housecall.trendmicro.com/ http://www.pandasoftware.com/actives..._principal.htm Infine prova con i vari adaware, spyboot et simila! Ovviamente prova l'antivrus... Ciao! 
__________________
Cpu: Intel i9-9900K - MoBo: ASUS ROG STRIX Z390-E GAMING - Ram: 32GB DDR4 G.Skill Trident Z RGB F4-3200 - VGA: MSI GeForce RTX 3090 Ventus 3X OC 24GB - SSD: YUCUN SATA III 1TB - Video: LG OLED 55B6V 4K HDR- Alimentatore: Enermax Revolution 87 Plus 1000W - Cooler: Corsair CW-9060015-WW raffreddamento acqua e freon |
|
|
|
|
25-10-2004, 21:02
|
#3 |
|
Senior Member
Iscritto dal: May 2003
Messaggi: 1953
|
Ok, proverò.
Norton 2003, Spybot, Adaware e a2 non hanno comunque rilevato niente |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 22:41.
