Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

HIJACK.LOG Opzioni
taurus25
Inviato: Thursday, November 25, 2004 12:03:41 PM
Rank: Member

Iscritto dal : 10/15/2004
Posts: 0
Ho problemi con internet...mi si aggiorna sempre la pagina web...non si vedono le immagini jpeg e gif questo e' il log chi puo' controllarlo...grazie
Logfile of HijackThis v1.98.2
Scan saved at 12.05.29, on 25/11/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_WATCHDOG.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_SERVICE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMMI\FILEZILLA SERVER\FILEZILLA SERVER.EXE
C:\PROGRAMMI\FILEZILLA SERVER\FILEZILLA SERVER INTERFACE.EXE
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_GUI.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PTW525\PT525.EXE
C:\PTW525\PT525.EXE
C:\DOCUMENTI\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.35.2.30:8000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Remote Access] rnaapp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FileZilla Server] "C:\Programmi\FileZilla Server\FileZilla Server.exe" /compat /start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programmi\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Programmi\Verbatim Store N Go
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\TIGHTVNC\WINVNC.EXE" -service
O4 - HKLM\..\RunServices: [SR_Service] C:\Programmi\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O4 - HKLM\..\RunServices: [PersFw] C:\Programmi\Tiny Personal Firewall\persfw.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DpeInstaller.lnk = C:\Programmi\DpeInstaller\DpeInstaller.exe
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {48C20DEE-B00A-11D4-9B2F-0060975D990E} (Hi2Lobby Class) - http://62.27.8.33/lobby/atlclient.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.125.3
O18 - Filter: text/html - {FB1210A0-0EA8-11D9-83FD-545543445200} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT

Sponsor
Inviato: Thursday, November 25, 2004 12:03:41 PM

 
alfonso
Inviato: Thursday, November 25, 2004 2:26:32 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao taurus,
esegui queste operazioni

riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, se le righe non compaiono in modalità provvisoria, eliminale dalla modalità normale

==================================
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=10.35.2.30:8000
-
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Programmi\Verbatim Store N Go
-
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\TIGHTVNC\WINVNC.EXE" -service
-
O4 - Startup: DpeInstaller.lnk = C:\Programmi\DpeInstaller\DpeInstaller.exe
-
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
O10 - Unknown file in Winsock LSP: c:\windows\system\pws2dnet.wsp
-
O16 - DPF: {48C20DEE-B00A-11D4-9B2F-0060975D990E} (Hi2Lobby Class) - http://62.27.8.33/lobby/atlclient.cab
-
O18 - Filter: text/html - {FB1210A0-0EA8-11D9-83FD-545543445200} - C:\WINDOWS\APPLICATION DATA\MICROSOFT\INTERNET EXPLORER\V0.26.DAT
==================================

con la funzione TROVA di windows, cerca ed elimina i seguenti file

==================================
verbatim store 'n' go.exe
WINVNC.EXE
DpeInstaller.exe
pws2dnet.wsp
V0.26.DAT
==================================

al termine utilizza i programma AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

fai una scansione antivirus sempre in modalità provvisoria.

Collaboratore Aiutamici
taurus25
Inviato: Tuesday, December 07, 2004 9:06:18 AM
Rank: Member

Iscritto dal : 10/15/2004
Posts: 0
Grazie Alfonso ho lasciato le voci riconosciute( verbatim-winvnc-dpeinstaller)
ma internet mi da sempre errori...puoi controllare questo nuovo log??? grazie ciao
Logfile of HijackThis v1.98.2
Scan saved at 8.10.04, on 07/12/04
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\TIGHTVNC\WINVNC.EXE
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_WATCHDOG.EXE
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_SERVICE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\CHECKPOINT\SECUREMOTE\BIN\SR_GUI.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\KHOOKER.EXE
C:\WINDOWS\MIXER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAMMI\FILEZILLA SERVER\FILEZILLA SERVER.EXE
C:\PROGRAMMI\FILEZILLA SERVER\FILEZILLA SERVER INTERFACE.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\PTW525\PT525.EXE
C:\PTW525\PT525.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAMMI\OUTLOOK EXPRESS\MSIMN.EXE
C:\DOCUMENTI\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\SYSTEM\khooker.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [Remote Access] rnaapp.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [FileZilla Server] "C:\Programmi\FileZilla Server\FileZilla Server.exe" /compat /start
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Programmi\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\Run: [VERBATIM STORE 'N' G] c:\programmi\verbatim store n go\verbatim store 'n' go.exe sys_auto_run C:\Programmi\Verbatim Store N Go
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [WinVNC] "C:\PROGRAMMI\TIGHTVNC\WINVNC.EXE" -service
O4 - HKLM\..\RunServices: [SR_Service] C:\Programmi\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAMMI\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: DpeInstaller.lnk = C:\Programmi\DpeInstaller\DpeInstaller.exe
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INETREPL.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Broken Internet access because of LSP provider 'c:\windows\system\pws2dnet.wsp' missing
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://sc.communities.msn.com/controls/chat/msnchat45.cab
O16 - DPF: ChatSpace Full Java Client 3.1.0.229 - http://surechat.com:9000/Java/cfs31229.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = tin.it
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 151.99.125.2,151.99.125.3

alfonso
Inviato: Tuesday, December 07, 2004 1:02:24 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Esattamente quali sono i problemi?

In che senso si aggiorna sempre la pagina web?

Se non si vedono le immagini, vai nel menu di Internet Explorer - STRUMENTI - OPZIONI INTERNET - AVANZATE - e qui spunta la voce MOSTRA IMMAGINI altrimenti prova a svuotare la cartella dei file temporanei e dei cookies.

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.