Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo LOG

controllo LOG Opzioni
Topic Precedente · Topic Sucessivo
reartu46
Inviato: Sunday, June 25, 2006 2:50:15 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Ciao Alfonso
Credo di avere degli ospiti sgraditi. Mi aiuti a sfrattarli
Grazie

Logfile of HijackThis v1.99.1
Scan saved at 14.48.49, on 25/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SAMSUNG\COMSMMGR\SSMMGR.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAMMI\SPAMIHILATOR\SPAMIHILATOR.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\LOTUS\SMARTCTR\SUITEST.EXE
C:\PROGRAMMI\ARESCOM\MODEM TELINDUS ARESCOM ND220B\DSLMON.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\- PROGRAMMI AIUTAMICI\HIJACKTHIS - TUTTO PER IL LOG\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99andlc=0410&s=search&i=ita
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&lc=0410&s=search&i=ita
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=search&query=:s&i=enu
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmi\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmi\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: LOTUS smartcenter 97 .lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: DSLMON.lnk = C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
Torna in alto
 
Sponsor
Inviato: Sunday, June 25, 2006 2:50:15 PM

 
Torna in alto
 
steven75
Inviato: Sunday, June 25, 2006 8:48:14 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Ciao ,
metti la sounta alle voci che andro ad elencarti e premi su <b>fix checked</b>
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99andl c=0410&s=search&i=ita
ult) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=s earch&query=:s&i=enu
1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.presario.net/scripts/redirectors/presario/srchredir.dll?c=2c99&s=s earch&query=:s&i=enu
O4 - HKLM\..\Run: [autoclk] autoclk.exe
O14 - IERESET.INF: START_PAGE_URL=
O14 - IERESET.INF: SEARCH_PAGE_URL=

Dai una ripulita ai files inutili , temporanei etc ... e al limite effettua uno scan online:
http://steven.altervista.org/files/scan.html
Torna in alto
 
reartu46
Inviato: Monday, June 26, 2006 9:50:31 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Ciao Steven
seguiro' senz'altro i tuoi consigli perche' nel log quelle voci sono evidenziate in rosso - volevo conferma.
Poiche' e' da piu' di quindici giorni che non visito il FORUM ho visto che non e' piu' Alfonso a rispondere
E' andato in ferie ?
Ciao Reartu
Torna in alto
 
steven75
Inviato: Monday, June 26, 2006 10:00:52 PM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Non preoccuparti vai tranquillo ... Alfonso non puo occuparsi di tutto ,quindi e cerco di dargli una mano <img src=icon_smile_wink.gif border=0 align=middle>

PS__Per il log sappi che a volte le voci segnalate in rosso non sono infette , e altre volte (fortunatamente poche) i verdi sono da eliminare...quindi il log và interpretato bene da chi lo analizza...
Torna in alto
 
reartu46
Inviato: Monday, June 26, 2006 10:46:45 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
non mi riesce di eliminare le due righe finali
014 IERESET.INF.....
come fare

Logfile of HijackThis v1.99.1
Scan saved at 22.40.02, on 26/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WEBSCANX.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSSTAT.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\INTERNET\CISRVR.EXE
C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\AVCONSOL.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\WINDOWS\SAMSUNG\COMSMMGR\SSMMGR.EXE
C:\PROGRAMMI\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\PROGRAMMI\SPAMIHILATOR\SPAMIHILATOR.EXE
C:\LOTUS\SMARTCTR\SMARTCTR.EXE
C:\PROGRAMMI\ARESCOM\MODEM TELINDUS ARESCOM ND220B\DSLMON.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\- PROGRAMMI AIUTAMICI\HIJACKTHIS - TUTTO PER IL LOG\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmi\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CISrvr Program] C:\COMPAQ\INTERNET\CISRVR.EXE
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmi\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [VsecomrEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [Vshwin32EXE] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [McAfeeWebScanX] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [Samsung Common SM] "C:\WINDOWS\Samsung\ComSMMgr\ssmmgr.exe" /autorun
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [McAfeeWebScanX] C:\PROGRAMMI\NETWORK ASSOCIATES\MCAFEE VIRUSSCAN\WebScanX.Exe /RUNSERVICES
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAMMI\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView6\NkvMon.exe
O4 - Startup: LOTUS smartcenter 97 .lnk = C:\lotus\smartctr\smartctr.exe
O4 - Startup: Lotus SuiteStart 97.lnk = C:\lotus\smartctr\suitest.exe
O4 - Startup: DSLMON.lnk = C:\Programmi\ARESCOM\Modem Telindus Arescom ND220b\dslmon.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=

Grazie reartu
Torna in alto
 
steven75
Inviato: Tuesday, June 27, 2006 12:12:44 AM
Rank: Member

Iscritto dal : 5/8/2006
Posts: 0
Non é un gran problema , anche perché il redirect é privo di URL ,comunque fai cosi:
Pannello di controllo | Opzioni Internet | Programmi e seleziona "ripristina impostazioni web" per il resto se non riscontri problemi direi che é tutto ok
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo LOG


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.