programma HiJackThis

[KillR]

Salve ragazzi, granzie a questo fantastico programma sono riuscito a cancellare una stringa che nonostante gli scan con Ad-aware e Spy-bot non veniva trovata e mi causava il malfunzionamento nello spegnimento..

Volevo sapere se magari postandovi la configurazione del mio HiJackThis qualcuno trovava altre chiavi da cancellare (siccome io non sono molto esperto non so come individuarle)
Eccola:

Logfile of HijackThis v1.97.7
Scan saved at 14.17.43, on 08/02/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Norton Utilities\SYSDOC32.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Utilities\NPROTECT.EXE
C:\Programmi\Speed Disk\nopdb.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claudione\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.sports.yahoo.com/foot/ital/t/juve/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.whazit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Technologies\main\launchpd.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Programmi\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Programmi\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {023E7FE4-3784-45A4-BC50-3DFE9B9A04E5} (Pro_Web.ProWeb) - http://216.147.198.39/ProWeb4.CAB
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - http://www.ultimatearena.com/UAClientControl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

[RNicoletto]

Se non hai problemi con la lingua inglese puoi provare a postare il log anche sul forum ufficiale di HijackThis! : http://forums.net-integration.net/in...p?showforum=32

Io purtroppo non ti so aiutare...


SALUDOS Y BESOS !!!

ne approfitto x postar anche il mio log... secondo Voi e' tutto ok?

ciao

Logfile of HijackThis v1.97.7
Scan saved at 19.44.45, on 30/05/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Daniele\Documenti\framxpro\FreeRAM XP Pro 1.40.exe
C:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE
C:\Documents and Settings\Daniele\Documenti\hijackthis1977\HijackTh is.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\Daniele\Documenti\framxpro\FreeRAM XP Pro 1.40.exe" -win

[Lionsquid]

Quota:

Originariamente inviato da KillR
)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Sygate\SPF\Smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Norton Utilities\SYSDOC32.EXE
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton Utilities\NPROTECT.EXE
C:\Programmi\Speed Disk\nopdb.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Claudione\Documenti\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = C:\Programmi\Copernic Agent\Web\SearchBar.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.sports.yahoo.com/foot/ital/t/juve/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://home.whazit.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Programmi\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Technologies\main\launchpd.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton System Doctor.lnk = C:\Programmi\Norton Utilities\SYSDOC32.EXE
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - C:\Programmi\Copernic Agent\Web\SearchExt.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: {023E7FE4-3784-45A4-BC50-3DFE9B9A04E5} (Pro_Web.ProWeb) - http://216.147.198.39/ProWeb4.CAB
O16 - DPF: {1DB3B8DD-5801-443F-B2D5-9BF8912B980E} (dmgrax2Ctrl Class) - http://www.lxsystems.com/downloads/Install.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...45/yacscom.cab
O16 - DPF: {3BB4FE3B-7A37-11D3-A41E-0060080C03B3} (Entire Screen Builder Web Viewer) - http://vblu.uni-bocconi.it/vblu/NWWClientFull.cab
O16 - DPF: {4E330863-6A11-11D0-BFD8-006097237877} (InstallFromTheWeb ActiveX Control) - http://tw.msi.com.tw/autobios/client/iftwclix.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemp...veSecurity.cab
O16 - DPF: {BD9B72E4-DC9C-4922-80E9-2D3315E3AADC} (UAClientControl Control) - http://www.ultimatearena.com/UAClientControl.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...sh/swflash.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab

Il Copernic non lo utilizzerei proprio, ho esperienze di pc infestati dalle "ricerche" perfette di Copernic

Norton Utilities, disattiverei dal programma stesso l'avvio dei moduli che ho marchiato in rosso (oppure usando Msconfig)lasciando solo NPROTECT

lo stesso dicasi per l'OSA, pressochè inutile

unico dubbio.. non so cosa sia questo > http://home.whazit.com

e' uscita una nuova versione...


questo e' il mio log ora...


non capisco cosa sono le voci contrassegnate con F0 ed F2

ciao

Logfile of HijackThis v1.98.0
Scan saved at 0.06.32, on 30/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVPersonal\AVGUARD.EXE
C:\Programmi\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Documents and Settings\Danielsan\Documenti\scarico\dclean151buil d190_all\dclean.exe
C:\Documents and Settings\Danielsan\Documenti\scarico\hijackthis\Hi jackThis.exe

F0 - system.ini: Shell=
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,
O4 - HKLM\..\Run: [AVGCtrl] C:\Programmi\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

[Giorgius]

Ocio alla "1.98x", su alcuni Sistemi è ancora leggermente instabile con Firewall Software e Utility AntiSpyware installati.

Continuate ad usare la versione precedente.

ho rimesso la 1.97.7 e quelle voci non le vedo +

Grazie Giorgius

[Giorgius]