risultati CWShredder
Inviato: sab ago 21, 2004 11:57 amdai risultati di CWShredder si capisce che c'è roba da rimuovere...ma dove la vado a scovare dentro il registro di configurazione? e quando dice che sono presenti tracce in System.ini, win.ini dove devo andare a guardare? Idem per il resto.
CWShredder v1.57.0 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:WINDOWS
Windows system dir: C:WINDOWSsystem
AppData folder: C:WINDOWSApplication Data
Hosts file not present
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:WINDOWSwin.ini (10283 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:WINDOWSsystem.ini (2353 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
allego anche risultati di HijackThis
Logfile of HijackThis v1.97.7
Scan saved at 12.54.54, on 21/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAMMIFILE COMUNISYSTEMMOSEARCHBINMOSEARCH.EXE
C:PROGRAMMIFILE COMUNIMICROSOFT SHAREDVS7DEBUGMDM.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSLOADQM.EXE
C:WINDOWSSYSTEMCTFMON.EXE
C:PROGRAMMISPYBOT - SEARCH & DESTROYTEATIMER.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:DOCUMENTISPYCOPIA DI HIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.it
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.google.it
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = www.google.it
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.google.it
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [DXM6Patch_981116] C:WINDOWSp_981116.exe /Q:A
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [MOSearch] C:PROGRA~1FILECO~1SYSTEMMOSEARCHBINMOSEARCH.EXE
O4 - HKLM..RunServices: [MDM7] "C:PROGRAMMIFILE COMUNIMICROSOFT SHAREDVS7DEBUGMDM.EXE"
O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:ProgrammiSpybot - Search & DestroyTeaTimer.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~1OFFICE10EXCEL.EXE/3000
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} -
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
CWShredder v1.57.0 scan only report
Please understand that a CWShredder 'Scan only' report
might not be sufficient to troubleshoot an infected system.
You can use HijackThis for that:
http://www.merijn.org/files/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
Windows 98 (4.10.2222 A)
Windows dir: C:WINDOWS
Windows system dir: C:WINDOWSsystem
AppData folder: C:WINDOWSApplication Data
Hosts file not present
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwebsearch.com [*] dword:4
CWS.Oslogo (if value is 2) Registry value: Domains: *.coolwwwsearch.com [*] dword:4
CWS.Googlems.2 (if value is 2) Registry value: Domains: *.xxxtoolbar.com [*] dword:4
CWS.Googlems.4 (if value is 2) Registry value: Domains: *.teensguru.com [*] dword:4
Registry value: DefaultPrefix (should be http://) [] http://
Registry value: WWW Prefix (should be http://) [www] http://
Registry value: Mosaic Prefix (should be http://) [mosaic] http://
Registry value: Home Prefix (should be http://) [home] http://
Found Win.ini file: C:WINDOWSwin.ini (10283 bytes, A)
Found line in Win.ini: load=
Found line in Win.ini: run=
Found System.ini file: C:WINDOWSsystem.ini (2353 bytes, A)
Found line in System.ini: shell=Explorer.exe
- END OF REPORT -
allego anche risultati di HijackThis
Logfile of HijackThis v1.97.7
Scan saved at 12.54.54, on 21/08/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMMSTASK.EXE
C:PROGRAMMIFILE COMUNISYSTEMMOSEARCHBINMOSEARCH.EXE
C:PROGRAMMIFILE COMUNIMICROSOFT SHAREDVS7DEBUGMDM.EXE
C:WINDOWSEXPLORER.EXE
C:WINDOWSSYSTEMPSTORES.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSLOADQM.EXE
C:WINDOWSSYSTEMCTFMON.EXE
C:PROGRAMMISPYBOT - SEARCH & DESTROYTEATIMER.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMRNAAPP.EXE
C:WINDOWSSYSTEMTAPISRV.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:WINDOWSSYSTEMSPOOL32.EXE
C:PROGRAMMIINTERNET EXPLORERIEXPLORE.EXE
C:DOCUMENTISPYCOPIA DI HIJACKTHIS.EXE
R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.it
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = www.google.it
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = www.google.it
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page = www.google.it
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page = http://www.google.it
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHELPER.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWS askmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [DXM6Patch_981116] C:WINDOWSp_981116.exe /Q:A
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM..RunServices: [MOSearch] C:PROGRA~1FILECO~1SYSTEMMOSEARCHBINMOSEARCH.EXE
O4 - HKLM..RunServices: [MDM7] "C:PROGRAMMIFILE COMUNIMICROSOFT SHAREDVS7DEBUGMDM.EXE"
O4 - HKCU..Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU..Run: [SpybotSD TeaTimer] C:ProgrammiSpybot - Search & DestroyTeaTimer.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:PROGRA~1MICROS~1OFFICE10EXCEL.EXE/3000
O9 - Extra button: ICQ Lite (HKLM)
O9 - Extra 'Tools' menuitem: ICQ Lite (HKLM)
O9 - Extra button: Real.com (HKLM)
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O10 - Unknown file in Winsock LSP: c:programmipanda softwarepanda titanium antivirus 2004pavlsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc ... wflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} -
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} -
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} -
![[^]](http://www.megalab.it/forum/images/smilies/Oh-yea.gif "Approvazione")