sto riesumando un portatile con w98
con un eufemismo lo definirei "leggermente" infetto ... partono connessioni ad internet ...
vorrei pulirlo per poi aggiornare iexplorer windows antivirus etc etc
mi controllate la log?
GRAZIE Fulvia
Logfile of HijackThis v1.99.1
Scan saved at 10.11.49, on 01/03/2007
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2614.3500)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\JDBGMRG.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\WINDFIND.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQINET.EXE
C:\CPQS\BWTOOLS\SCCENTER.EXE
C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE
C:\PROGRAMMI\FILE COMUNI\MICROSOFT SHARED\WORKS SHARED\WKCALREM.EXE
C:\PROGRAMMI\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAMMI\NIKON\NKVIEW5\NKVMON.EXE
C:\PROGRAMMI\FOTOSTATION EASY\FOTOSTATION EASY AUTOLAUNCH.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\BTTNSERV.EXE
C:\PROGRAMMI\COMPAQ\EASY ACCESS BUTTON SUPPORT\EAUSBKBD.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\HJT\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.tiscali.it/search/R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://intranet.inail.it/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://home.it.netscape.com/it/home/winsearch200.htmlR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://keyword.it.netscape.com/keyword/:s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proacs.inail.it:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *10;(local)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: andRadio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSAdmin] C:\WINDOWS\SYSTEM\JDBGMRG.EXE
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\cpqeadm.exe
O4 - HKLM\..\Run: [EACLEAN] C:\Programmi\Compaq\Easy Access Button Support\eaclean.exe
O4 - HKLM\..\Run: [CPQInet] c:\compaq\CPQInet\CpqInet.exe
O4 - HKLM\..\Run: [Service Connection] c:\cpqs\bwtools\sccenter.exe
O4 - HKLM\..\Run: [OEMCLEANUP] c:\windows\OPTIONS\oemreset.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCTRL.EXE /min
O4 - HKLM\..\RunServices: [MSAdmin] C:\WINDOWS\SYSTEM\JDBGMRG.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [atisrc2] C:\WINDOWS\SYSTEM\windfind.exe
O4 - Startup: Promemoria del Calendario di Microsoft Works.lnk = C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: Avvio Office.lnk = C:\Programmi\Microsoft Office\Office\OSA.EXE
O4 - Startup: NkvMon.exe.lnk = C:\Programmi\Nikon\NkView5\NkvMon.exe
O4 - Startup: FotoStation Easy AutoLaunch.lnk = C:\Programmi\FotoStation Easy\FotoStation Easy AutoLaunch.exe
O12 - Plugin for .swf: C:\PROGRAMMI\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\NPSWF32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
O14 - IERESET.INF: MS_START_PAGE_URL=http://www.microsoft.com/italy/start
O16 - DPF: {11111111-1111-1111-1111-111111111111} - file://c:\windows\temp\demo.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5/asinst.cab