|
|||||||
|
|
|
 |
|
|
Strumenti |
13-03-2005, 12:45
|
#1 |
|
Senior Member
Iscritto dal: Jun 2001
Città: Limbiate-Milano e Lombardia
Messaggi: 105
|
help con hijack log
Ciao a tutti
dopo alcune leggere anomalie (pagina iniziale sostituita e presenza di collegamento diretto con pagina di sfondi) causate da figlia smanettona  ho provveduto ad effettuare controllo con ad-aware spybot (logicamente aggiornati). non hanno rilevato niente a parte qualche cookie (ma quelli ci sono sempre  ) dopo di che ho lanciato Hijack ed ho avuto il primo log dal quale ho eliminato 4 voci che erano palesamente inutili se non dannose.il pc sembra funzionare alla perfezione ma vorrei un consiglio da voi massimi esperti  quindi vi rimetto 1 log:Logfile of HijackThis v1.99.0 Scan saved at 11:15:33, on 13/03/2005 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAMMI\NIKON\NKVIEW6\NKVMON.EXE C:\PROGRAMMI\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\DOCUMENTI\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://networkgratis.cjb.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://networkgratis.cjb.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pippo.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Notebook Manager] C:\Programmi\Notebook Manager\nbm.exe -1 O4 - HKLM\..\Run: [SleepManager] C:\Programmi\Sleep Manager\SleepMgr.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe O4 - Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O15 - Trusted Zone: www.master69.biz O15 - Trusted Zone: www.sgrunt.biz O15 - Trusted Zone: www.yeak.net O16 - DPF: {3E149130-1B20-11D3-97A8-00A0CC2274C2} - http://www.burst.com/f/sales/demo/BurstWMP.cab O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/Shar.../bin/cabsa.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aliceadsl.it O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.74.228.227,151.99.125.1 da questo ho fixato le voci O15 e O16(relativa a norton in quanto sul pc non c'è) Quindi 2 log: Logfile of HijackThis v1.99.0 Scan saved at 12:14:16, on 13/03/2005 Platform: Windows 98 SE (Win9x 4.10.2222A) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE C:\WINDOWS\SYSTEM\RPCSS.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\TASKMON.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE C:\PROGRAMMI\NIKON\NKVIEW6\NKVMON.EXE C:\PROGRAMMI\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\DOCUMENTI\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://networkgratis.cjb.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://networkgratis.cjb.net R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pippo.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [IrMon] IrMon.exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [Notebook Manager] C:\Programmi\Notebook Manager\nbm.exe -1 O4 - HKLM\..\Run: [SleepManager] C:\Programmi\Sleep Manager\SleepMgr.exe O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe O4 - Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O16 - DPF: {3E149130-1B20-11D3-97A8-00A0CC2274C2} - http://www.burst.com/f/sales/demo/BurstWMP.cab O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aliceadsl.it O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.74.228.227,151.99.125.1 A questo punto massimi guru della rete ditemi voi se posso fare ulteriori pulizie o se posso stare tranquillo.Grazie in anticipo a tutti
__________________
Sorridi... Domani sara' peggio |
|
|
|
13-03-2005, 13:13
|
#2 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
sembra ok ......
forse si potrebbe rimuove: O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) |
|
|
|
|
13-03-2005, 13:18
|
#3 | |
|
Senior Member
Iscritto dal: Jun 2001
Città: Limbiate-Milano e Lombardia
Messaggi: 105
|
Quote:
ma se riporta "no file" non dovrebbe esserci niente collegato  quindi non dovrebbe influire o sto dicendo una ******
__________________
Sorridi... Domani sara' peggio |
|
|
|
|
|
13-03-2005, 13:23
|
#4 |
|
Senior Member
Iscritto dal: Dec 2004
Città: Magenta(MI)
Messaggi: 1513
|
infatti è inutile. Pulisce solo il registro di sistema e basta.
|
|
|
|
|
13-03-2005, 13:39
|
#5 |
|
Senior Member
Iscritto dal: Jun 2001
Città: Limbiate-Milano e Lombardia
Messaggi: 105
|
grazie del chiarimento
__________________
Sorridi... Domani sara' peggio |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:14.
