PcPrimiPassi.it FORUM: SICUREZZA INFORMATICA: Infezioni informatiche e Sicurezza informatica in generale
Topic: Post n° 9.166 - Postato: 23/Marzo/2005 alle 11:27Come non detto: Uno dei miei agenti mi ha portato indietro un portatile che ha una serie infinita di problemi: master69.biz, elite, una pagina iniziale che non mi fa ricercare nulla (ora sono in modalità provvisoria). Premetto che ho controllato sia con spybot e ad-aware e molte cose sono state eliminate, ma ma queste tre cose proprio non ci riesco. Immagino che ogni log sia diverso da un'altro, quindi vi posto il mio che è immensamente lungo.
Vi ringrazio fin d'ora e se potete dargli un'occhiatina a breve mi fareste un gran regalo perchè mi serve per lavoro questo portatile.
Logfile of HijackThis v1.99.1
Scan saved at 17.29.44, on 23/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\rundll32.exe
C:\Programmi\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com.tw
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com.tw/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - (no file)
O2 - BHO: (no name) - {0148BEB0-48A2-4D9F-B911-5FE4A8DF0CC1} - C:\WINDOWS\System32\nnfl.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file)
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norton Personal Firewall] lah.exe
O4 - HKLM\..\Run: [System driver] Messenger.exe
O4 - HKLM\..\Run: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\Run: [Windows Domain Name Drivers] windns.exe
O4 - HKLM\..\Run: [IP Configre] winipcfg.exe
O4 - HKLM\..\Run: [TkBellExe] C:\WINDOWS\realsched.exe /i
O4 - HKLM\..\Run: [MsnExplorer] C:\WINDOWS\msexploren.exe /i
O4 - HKLM\..\Run: [Microsoft Service] winbd32.exe
O4 - HKLM\..\Run: [etbrun] C:\windows\system32\elitefpm32.exe
O4 - HKLM\..\Run: [MSN Messenger] IEXPLORE.exe
O4 - HKLM\..\Run: [Website Administrator Info] webadmin.exe
O4 - HKLM\..\Run: [System Administrator Windows] sadmin.exe
O4 - HKLM\..\Run: [msnsched] msnsched.exe
O4 - HKLM\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\Run: [Quicktime] C:\WINDOWS\nerocheck.exe /i
O4 - HKLM\..\Run: [gaSrv] C:\WINDOWS\gaSrv.exe
O4 - HKLM\..\Run: [Windows 32 Rescue] win32resc.exe
O4 - HKLM\..\Run: [Qtime] C:\WINDOWS\qtsks.exe /i
O4 - HKLM\..\Run: [CPU Windows Status] cpustats.exe
O4 - HKLM\..\Run: [MS service] msservice.exe
O4 - HKLM\..\Run: [sixtysix] C:\WINDOWS\sixtypopsix.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll,DllInstall
O4 - HKLM\..\RunServices: [Norton Personal Firewall] lah.exe
O4 - HKLM\..\RunServices: [System driver] Messenger.exe
O4 - HKLM\..\RunServices: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\RunServices: [Windows Domain Name Drivers] windns.exe
O4 - HKLM\..\RunServices: [IP Configre] winipcfg.exe
O4 - HKLM\..\RunServices: [Microsoft Service] winbd32.exe
O4 - HKLM\..\RunServices: [MSN Messenger] IEXPLORE.exe
O4 - HKLM\..\RunServices: [Website Administrator Info] webadmin.exe
O4 - HKLM\..\RunServices: [System Administrator Windows] sadmin.exe
O4 - HKLM\..\RunServices: [msnsched] msnsched.exe
O4 - HKLM\..\RunServices: [NDIS Adapter] servenxpp.exe
O4 - HKLM\..\RunServices: [Windows 32 Rescue] win32resc.exe
O4 - HKLM\..\RunServices: [CPU Windows Status] cpustats.exe
O4 - HKLM\..\RunServices: [MS service] msservice.exe
O4 - HKLM\..\RunOnce: [System Administrator Windows] sadmin.exe
O4 - HKLM\..\RunOnce: [MSN Messenger] IEXPLORE.exe
O4 - HKLM\..\RunOnce: [Windows 32 Rescue] win32resc.exe
O4 - HKLM\..\RunOnce: [Windows Domain Name Drivers] windns.exe
O4 - HKLM\..\RunOnce: [System driver] Messenger.exe
O4 - HKLM\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe
O4 - HKLM\..\RunOnce: [IP Configre] winipcfg.exe
O4 - HKLM\..\RunOnce: [Website Administrator Info] webadmin.exe
O4 - HKLM\..\RunOnce: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [IP Configre] winipcfg.exe
O4 - HKCU\..\Run: [MSN Messenger] IEXPLORE.exe
O4 - HKCU\..\Run: [System Administrator Windows] sadmin.exe
O4 - HKCU\..\Run: [System driver] Messenger.exe
O4 - HKCU\..\Run: [Website Administrator Info] webadmin.exe
O4 - HKCU\..\Run: [Windows 32 Rescue] win32resc.exe
O4 - HKCU\..\Run: [Windows 32Bit Fixer] bilankara.exe
O4 - HKCU\..\Run: [Windows Domain Name Drivers] windns.exe
O4 - HKCU\..\Run: [NDIS Adapter] servenxpp.exe
O4 - HKCU\..\RunOnce: [IP Configre] winipcfg.exe
O4 - HKCU\..\RunOnce: [MSN Messenger] IEXPLORE.exe
O4 - HKCU\..\RunOnce: [System Administrator Windows] sadmin.exe
O4 - HKCU\..\RunOnce: [System driver] Messenger.exe
O4 - HKCU\..\RunOnce: [Website Administrator Info] webadmin.exe
O4 - HKCU\..\RunOnce: [Windows 32 Rescue] win32resc.exe
O4 - HKCU\..\RunOnce: [Windows 32Bit Fixer] bilankara.exe
O4 - HKCU\..\RunOnce: [Windows Domain Name Drivers] windns.exe
O4 - HKCU\..\RunOnce: [NDIS Adapter] servenxpp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\Belkin\Software Bluetooth\btsendto_ie.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com.tw
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.ca b31267.cab
O16 - DPF: {91433D86-9F27-402C-B5E3-DEBDD122C339} - http://www.netvenda.com/sites/gamdr-it/itd/games3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloade r.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0A93729E-BB31-4D2C-8CEA-F 8AF88CDB563}: NameServer = 213.140.2.43,213.140.2.49
O17 - HKLM\System\CS1\Services\Tcpip\..\{0A93729E-BB31-4D2C-8CEA-F 8AF88CDB563}: NameServer = 213.140.2.43,213.140.2.49
O18 - Filter: text/html - {EA241840-EA6A-4345-8B4B-8DBB26D5C0E9} - C:\WINDOWS\System32\nnfl.dll
O18 - Filter: text/plain - {EA241840-EA6A-4345-8B4B-8DBB26D5C0E9} - C:\WINDOWS\System32\nnfl.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\Belkin\Software Bluetooth\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
Topic: Post n° 9.167 - Postato: 23/Marzo/2005 alle 12:16R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\se.dll/spage.html
intanto da queste voci si vede che c'è l'SE.DLL...
Kuma controllerà meglio il log....ma per ora inizia a togliere quelle..usa prima un tool come Spybot search and destroy....vedi cosa rimane dopo la sua pulizia...l'SE.DLL si toglie male...ma qui sul forum ci sono diversi post in merito...
Topic: Post n° 9.200 - Postato: 24/Marzo/2005 alle 04:12 Topic: Post n° 9.204 - Postato: 24/Marzo/2005 alle 07:26a proposito... come si formatta un portatile 
? e' un notebook della Asus
Grazie per la futura risposta
Colei che di portatili non capisce niente
Fatto! mi sono arrangiata :-)
Topic Attivi
Lista Membri
Calendario
Cerca
Aiuto
Registrati
Login
