Home News Guide Hardware Download Forum Glossario

Condividi:        

usato hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

usato hijackthis

Postdi ETMS51 » 15/03/05 22:46

Salve a tutti ho un po di problemini di virus e adware mi potete più o meno dire cosa cancellare?

Logfile of HijackThis v1.99.1
Scan saved at 22.36.21, on 15/03/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\PDESK.EXE
C:\PROGRAMMI\NETROPA\TOUCH MANAGER\TOUCHMGR.EXE
C:\PROGRAMMI\MOUSE\AWMMAIN.EXE
C:\PROGRAMMI\SCANNER\PRECISIONSCANLT\HPPWRSAV.EXE
C:\WINDOWS\SYSTEM\GSICON.EXE
C:\WINDOWS\SYSTEM\DSLAGENT.EXE
C:\PROGRAMMI\PCI AUDIO APPLICATIONS\MIXER.EXE
C:\PROGRAMMI\WINAMP\WINAMPA.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAMMI\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\PROGRAMMI\BABYLON\BABYLON.EXE
C:\PROGRAM FILES\NETEX\NETEX.EXE
C:\PROGRAMMI\NETROPA\TOUCH MANAGER\MEDIACTR.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAMMI\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\NETROPA\TOUCH MANAGER\MMUSBKB2.EXE
C:\PROGRAMMI\BABYLON\utils\shlhook.exe
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\BSMOIP.EXE
C:\WINDOWS\PACKAGER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAMMI\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://kokntn.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.virgilio.it/alice01.home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://searchbar.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://kokntn.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://kokntn.t.muxa.cc/s.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://kokntn.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://kokntn.t.muxa.cc/h.php?aid=586 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da VirgilioTin
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: FiltURL Class - {5038FED1-CEFE-11D2-9E74-00A0C945A948} - C:\PROGRA~2\NETEX\URLSEA~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAMMI\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Internet Explorer Web Content Guard - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\SYSTEM\IEGUARD.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\CERBMOD.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL (file missing)
O2 - BHO: CeresObj Class - {00000049-8F91-4D9C-9573-F016E7626484} - C:\WINDOWS\CERES.DLL
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\SASETUP.DLL
O3 - Toolbar: Rapido - {D3403F20-7D39-435F-A8CB-45016C29E48E} - C:\PROGRAMMI\RAPIDO\RAPIDO.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\SYSTEM\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [MGA_CD_Install] E:\MGASETUP.EXE /NO_WELCOME /LANG:ITALIANO
O4 - HKLM\..\Run: [Touch Manager] C:\Programmi\Netropa\Touch Manager\TouchMgr.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Programmi\Mouse\AWMMAIN.EXE
O4 - HKLM\..\Run: [hppwrsav] C:\PROGRAMMI\SCANNER\PrecisionScanLT\hppwrsav.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [C-Media Mixer] C:\Programmi\PCI Audio Applications\Mixer.exe /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAMMI\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Documenti\Riccardo\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [sys] regedit -s sys.reg
O4 - HKLM\..\Run: [ETAPI32N] C:\WINDOWS\SYSTEM\ETAPI32N.exe
O4 - HKLM\..\Run: [WinInit] Win86.exe
O4 - HKLM\..\Run: [WinLogin] win32x.exe
O4 - HKLM\..\Run: [okcjplzl] C:\WINDOWS\SYSTEM\bsmoip.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [avast!] C:\Programmi\Alwil Software\Avast4\ashServ.exe
O4 - HKCU\..\Run: [Babylon Translator] C:\Programmi\Babylon\Babylon.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Startup: NetEx.LNK = C:\Program Files\NetEx\netex.exe
O8 - Extra context menu item: &Google Search - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Pagine simili - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Collegamenti a ritroso - res://C:\PROGRAMMI\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programmi\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documenti\Riccardo\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Documenti\Riccardo\ICQ\ICQ.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\SYSTEM\MSJAVA.DLL
O9 - Extra button: Umail - {CBEFF060-3ADA-11D7-B07E-F44391A3051B} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/alice01.home
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://ww3.atlanteitaliano.it/ecwplugins/ncs.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall-beta.trendmicro.com/ho ... scan60.cab
O18 - Filter: text/html - {4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} - C:\WINDOWS\SYSTEM\XPLUGIN.DLL


Grazie per l'aiuto. Ho bisogno di una pulità a fondo del computer.
ETMS51
Newbie
 
Post: 1
Iscritto il: 15/03/05 22:42
Top
Sponsor
 

Postdi Kobe » 15/03/05 22:53

c'è una pagina qui che il computer ti aiuta a fare una analisi su quali sono sospettatti o no.
Mi piacciono i Rockets, ma sto con i L.A. Lakers.
-------------------------------------------------------
Admin http://kobemaster.altervista.org
Kobe
Utente Senior
 
Post: 296
Iscritto il: 07/01/05 19:22
Località: davanti computer
Top

Postdi *~Hayabusa~* » 15/03/05 22:56

Come viene spiegato nella guida a hijackthis he si trova a http://www.pc-facile.com/guida_hijackthis_t148946/
devi incollare il tuo log alla pagina http://hijackthis.de/index.php e poi cancellare tutti gli elementi che vengono considerati dannosi; dando una rapidissima occhiata al tuo log ci ho visto che ci sono almeno 3 cosette da eliminare più altre cose superflue.

Prova ad eseguire la pulizia, se hai problemi facci sapere.

HTH :)
..ed e' cibo per la mente,
acqua dalla sorgente,
luce fosforescente
laddove il buio e' costante ..
*~Hayabusa~*
Hardware Admin
 
Post: 1386
Iscritto il: 12/05/02 22:44
Località: Davanti al monitor..
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "usato hijackthis":

HiJackThis è ancora un programma valido?
Autore: nippon 		Forum: Software Windows
Risposte: 4
Opinione su PC usato
Autore: FlorioVian 		Forum: Consigli per gli acquisti
Risposte: 6
reindirizzo su pagina hijackthis.de
Autore: CLAUDIO_PA 		Forum: Sicurezza e Privacy
Risposte: 2
Hard disk acquistato nuovo ma usato..
Autore: Skank261 		Forum: Assistenza Hardware
Risposte: 5
Consiglio acquisto PC usato x gaming
Autore: newrail 		Forum: Consigli per gli acquisti
Risposte: 12

Chi c’è in linea

Visitano il forum: Nessuno e 30 ospiti