help con hijack log

[Toscanello]

Ciao a tutti
dopo alcune leggere anomalie (pagina iniziale sostituita e presenza di collegamento diretto con pagina di sfondi) causate da figlia smanettona ho provveduto ad effettuare controllo con ad-aware spybot (logicamente aggiornati). non hanno rilevato niente a parte qualche cookie (ma quelli ci sono sempre ) dopo di che ho lanciato Hijack ed ho avuto il primo log dal quale ho eliminato 4 voci che erano palesamente inutili se non dannose.
il pc sembra funzionare alla perfezione ma vorrei un consiglio da voi massimi esperti quindi vi rimetto 1 log:

Logfile of HijackThis v1.99.0
Scan saved at 11:15:33, on 13/03/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAMMI\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\DOCUMENTI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://networkgratis.cjb.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://networkgratis.cjb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pippo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Notebook Manager] C:\Programmi\Notebook Manager\nbm.exe -1
O4 - HKLM\..\Run: [SleepManager] C:\Programmi\Sleep Manager\SleepMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O15 - Trusted Zone: www.master69.biz
O15 - Trusted Zone: www.sgrunt.biz
O15 - Trusted Zone: www.yeak.net
O16 - DPF: {3E149130-1B20-11D3-97A8-00A0CC2274C2} - http://www.burst.com/f/sales/demo/BurstWMP.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/Shar.../bin/cabsa.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aliceadsl.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.74.228.227,151.99.125.1


da questo ho fixato le voci O15 e O16(relativa a norton in quanto sul pc non c'è)

Quindi 2 log:

Logfile of HijackThis v1.99.0
Scan saved at 12:14:16, on 13/03/2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\SLEEP MANAGER\SLEEPMGR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAMMI\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\NIKON\NKVIEW6\NKVMON.EXE
C:\PROGRAMMI\U.S. ROBOTICS 802.11G WLAN\USRWLANG.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\DOCUMENTI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://networkgratis.cjb.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://networkgratis.cjb.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pippo.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Notebook Manager] C:\Programmi\Notebook Manager\nbm.exe -1
O4 - HKLM\..\Run: [SleepManager] C:\Programmi\Sleep Manager\SleepMgr.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = C:\Programmi\U.S. Robotics 802.11g WLAN\USRWLANG.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {3E149130-1B20-11D3-97A8-00A0CC2274C2} - http://www.burst.com/f/sales/demo/BurstWMP.cab
O16 - DPF: {1C854D5E-66D9-11D3-81DD-00A0C9B62983} (TestX Class) - http://209.1.231.142/Plugin/3DGreetings/PlayerX.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/pro...tor/WebAAS.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = aliceadsl.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 81.74.228.227,151.99.125.1

A questo punto massimi guru della rete ditemi voi se posso fare ulteriori pulizie o se posso stare tranquillo.

Grazie in anticipo a tutti

[bluepix]

sembra ok ......

forse si potrebbe rimuove:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

[Toscanello]

Quote:

Originariamente inviato da bluepix
sembra ok ......

forse si potrebbe rimuove:

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

ma se riporta "no file" non dovrebbe esserci niente collegato
quindi non dovrebbe influire
o sto dicendo una ******

[bluepix]

infatti è inutile. Pulisce solo il registro di sistema e basta.

[Toscanello]

grazie del chiarimento