[quote]
Problemi con la pagina iniziale di IE.
Si apre sempre con: about:blank
inoltre o 4 pagine nei prefiti che non riesco ad eliminare.
Premetto che Norton Internet security mi ha avvertito di due tentativi di intrusione ed ha rilevato 2 porte aperte qiundi vulnerabili ad intrusioni!: ping icmp e porta 80 http.Possibile che si sia inserito qualcosa come faccio a chiuderle.Qualche aiuto sarebbe molto efficace grazie. Di seguito riporto il log file di hijackthis
Logfile of HijackThis v1.99.1
Scan saved at 9.12.21, on 09/05/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Norton Internet Security\NISUM.EXE
C:\WINNT\Explorer.exe
C:\WINNT\system32\ipio.exe
C:\WINNT\system32\ati2evxx.exe
C:\Programmi\Norton Internet Security\ccPxySvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Programmi\SSH Communications Security\SSH Sentinel\sshipm.exe
C:\Programmi\SSH Communications Security\SSH Sentinel\sshmonitor.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINNT\system32\Atiptaxx.exe
C:\WINNT\addlh32.exe
C:\WINNT\system32\internat.exe
C:\Programmi\SSH Communications Security\SSH Sentinel\Accession\ssh_accession.exe
C:\Programmi\SSH Communications Security\SSH Sentinel\sshtray.exe
C:\WINNT\NTSecurity.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\temp\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\bqkpr.dll/sp.html#83556
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe NTSecurity.exe
F3 - REG:win.ini: run=NTSecurity.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BFBD4826-B9A4-7AE8-94EB-30CF27D770B7} - C:\WINNT\mfcyb32.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Programmi\File comuni\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Programmi\File comuni\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [NTSecurity] NTSecurity.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [IEXPLORE.EXE] C:\Programmi\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [addlh32.exe] C:\WINNT\addlh32.exe
O4 - HKLM\..\RunServices: [NTSecurity] NTSecurity.exe
O4 - HKLM\..\RunServices: [] NTSecurity.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: canlog.bat
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: SSH Accession.lnk = C:\Programmi\SSH Communications Security\SSH Sentinel\Accession\ssh_accession.exe
O4 - Global Startup: SSH Sentinel Agent.lnk = C:\Programmi\SSH Communications Security\SSH Sentinel\sshtray.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) -
http://www.drivershq.com/DD_v4.CABO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cabO16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) -
http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BA3040FB-80EF-4E85-B990-A4879166ED08}: NameServer = 151.99.125.2,151.99.125.3
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\system32\ipio.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Programmi\Norton Internet Security\ccPxySvc.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Programmi\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe (file missing)
O23 - Service: SSH Sentinel (SSHIPM) - Unknown owner - C:\Programmi\SSH Communications Security\SSH Sentinel\sshipm.exe" -d (file missing)
O23 - Service: SSH Sentinel Monitor (SSHMONITOR) - Unknown owner - C:\Programmi\SSH Communications Security\SSH Sentinel\sshmonitor.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
Se elimino le stringhe 023 e 04 del ssh sentinel il programma(sentinel) continua a funzionare normalmente.
IL firewall è attivo ed è stato proprio il check della symantec lo stesso del sito che mi hai inviato a dirmi delle due porte aperte.
Ad un mio controllo delle impostazioni del firewall sembra tutto ok.
Grazie