Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Controllo log hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Controllo log hijackthis

Postdi tetoxd » 31/07/08 12:26

Salve, nelle ultime settimane ho riscontrato rallentamenti e problemi con il mio computer..Ho trovato diversi virus con Kaspersky 7.0 e Ad-Aware 2008...ora il computer non va nemmeno nella mod.provvisoria..
Virus:
Trojan-Downloader.Win32.Bagle.vf
Rootkit.Win32.Agent.ajn
Trojan-Downloader.Win32.Bagle.mm
e altri con Ad-aware ma non ricordo i nomi.
Controllatemi il log please! :aaah :aaah :aaah Grazie
Log hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.20.29, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dimeadozen.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [\\pc01\EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\DOCUME~1\Maurizio\IMPOST~1\Temp\E_SB6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Automatico EPSON Stylus Photo R265 Series su pc01] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6088 bytes
tetoxd
Utente Senior
 
Post: 138
Iscritto il: 28/06/06 19:28
Località: Modena

Sponsor
 

Re: Controllo log hijackthis

Postdi Luke57 » 31/07/08 13:30

Ciao, scarica combofix da qui sul destop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Poi clicca su start>esegui, nel box bianco copia e incolla questo comando:
"%userprofile%\desktop\combofix.exe" /killall
Premi ok, se tutto va bene parte il programma che potrebbe impiegare molto, non fare altre manovre durante la scansione, finito, riavvia il pc normalmente, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , allegalo a un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Controllo log hijackthis

Postdi tetoxd » 31/07/08 19:12

Questo è il log del programma che mi hai consigliato:

ComboFix 08-07-30.02 - Maurizio 2008-07-31 19.44.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1651 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Maurizio\desktop\combofix.exe
Command switches used :: /killall
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Maurizio\Dati applicazioni\inst.exe
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((( Files Creati Da 2008-06-28 al 2008-07-31 )))))))))))))))))))))))))))))))))))
.

2008-07-30 23:10 . 2008-07-30 23:10 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-07-29 22:06 . 2008-07-29 22:06 <DIR> d-------- C:\Programmi\Retrospect
2008-07-29 22:06 . 2008-07-29 22:06 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\Leadertech
2008-07-29 22:05 . 2008-07-29 22:05 <DIR> d-------- C:\Programmi\Iomega
2008-07-28 00:19 . 2008-07-28 00:19 <DIR> d-------- C:\Programmi\File comuni\AVSMedia
2008-07-28 00:19 . 2008-07-28 00:19 <DIR> d-------- C:\Programmi\AVS4YOU
2008-07-28 00:19 . 2008-07-28 00:19 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\AVS4YOU
2008-07-28 00:19 . 2008-07-28 00:19 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AVS4YOU
2008-07-28 00:19 . 2007-02-27 19:36 1,700,352 --a------ C:\WINDOWS\system32\GdiPlus.dll
2008-07-21 14:11 . 2008-07-21 14:11 24,392 --a------ C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2008-07-18 13:14 . 2008-07-18 13:14 99,648 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-07-16 21:59 . 2008-07-16 21:59 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\Publish Providers
2008-07-16 13:32 . 2008-07-16 13:32 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\Sony
2008-07-16 13:29 . 2008-07-16 13:29 <DIR> d-------- C:\Programmi\Vstplugins
2008-07-16 13:29 . 2008-07-16 13:31 <DIR> d-------- C:\Programmi\Sony
2008-07-16 13:21 . 2008-07-16 13:21 <DIR> d-------- C:\Programmi\Sony Setup
2008-07-16 13:21 . 2008-07-16 13:22 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\Sony Setup
2008-07-14 23:03 . 2008-05-19 00:06 456,704 --a------ C:\luna nuova.db
2008-07-02 22:38 . 2008-07-02 22:40 <DIR> d-------- C:\Programmi\maketorrent
2008-07-02 22:20 . 2008-07-08 13:23 <DIR> d-------- C:\springsteen-2008-06-25 Milano DVD 1 stage editions
2008-06-30 01:29 . 2008-06-30 02:14 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\U3
2008-06-26 13:06 . 2008-06-26 13:06 93,128 --a------ C:\WINDOWS\system32\ElbyCDIO.dll
2008-06-11 04:12 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 04:12 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 13:23 . 2008-06-09 13:23 <DIR> d-------- C:\Documents and Settings\Maurizio\Dati applicazioni\Cakewalk
2008-06-09 13:22 . 2006-11-30 15:49 368,640 --a------ C:\WINDOWS\system32\ReWire.dll
2008-06-09 13:21 . 2008-06-09 13:22 <DIR> d-------- C:\Programmi\Cakewalk

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-31 17:52 19,771,168 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-31 17:51 726,816 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-31 17:50 74,360 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-31 17:50 276,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-31 11:19 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-07-31 06:15 --------- d-----w C:\Documents and Settings\Maurizio\Dati applicazioni\uTorrent
2008-07-30 21:10 --------- d-----w C:\Programmi\Lavasoft
2008-07-30 21:09 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-30 21:01 --------- d-----w C:\Programmi\Google
2008-07-30 19:03 --------- d-----w C:\Programmi\AusLogics Disk Defrag
2008-07-29 20:05 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-07-28 17:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-28 17:16 --------- d-----w C:\Programmi\Java
2008-07-28 11:23 --------- d-----w C:\Programmi\eMule
2008-07-27 11:34 --------- d-----w C:\Programmi\PC Tools Firewall Plus
2008-07-27 11:28 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-26 22:59 --------- d-----w C:\Documents and Settings\Maurizio\Dati applicazioni\Vso
2008-07-24 22:16 --------- d-----w C:\Programmi\lg_fwupdate
2008-07-23 22:47 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-07-23 20:52 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-23 20:52 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-09 18:05 --------- d-----w C:\Documents and Settings\Maurizio\Dati applicazioni\dvdcss
2008-06-08 14:04 --------- d-----w C:\Programmi\File comuni\Adobe
2008-06-08 14:03 --------- d-----w C:\Documents and Settings\Maurizio\Dati applicazioni\AdobeUM
2008-06-02 17:25 --------- d-----w C:\Programmi\ImTOO
2008-05-28 13:30 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2007-10-17 22:11 47,360 ----a-w C:\Documents and Settings\Maurizio\Dati applicazioni\pcouffin.sys
2006-06-23 06:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
2004-10-01 14:00 40,960 ----a-w C:\Programmi\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"AnyDVD"="C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-07-21 14:15 2157504]
"\\pc01\EPSON Stylus Photo R265 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE" [2006-05-19 06:00 139264]
"Automatico EPSON Stylus Photo R265 Series su pc01"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE" [2006-05-19 06:00 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Programmi\Analog Devices\Core\smax4pnp.exe" [2006-05-01 12:07 843776]
"JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-06-02 10:45 385024]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 11:22 7618560]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 11:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"nwiz"="nwiz.exe" [2006-06-01 11:22 1519616 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wscsvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\ABC\\abc.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Retrospect\\Retrospect 7.5\\Retrospect.exe"=
"C:\\Programmi\\Iomega\\Discovery Tool Pro\\Iomega NAS Discovery.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41564:TCP"= 41564:TCP:Porta Utorrent

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-01-05 16:03]
R2 vnccom;vnccom;C:\WINDOWS\system32\Drivers\vnccom.SYS [2004-06-26 14:22]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 15:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cc54a71a-4628-11dd-b03d-0018f3086fab}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a
.
Contenuto della cartella 'Scheduled Tasks'

2008-07-29 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORFÇOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Maurizio\Dati applicazioni\Mozilla\Firefox\Profiles\kfqzrpkt.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.dimeadozen.org/
FF -: plugin - C:\Programmi\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Programmi\iTunes\Mozilla Plugins\npitunes.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-31 19:52:25
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"\\\\pc01\\EPSON Stylus Photo R265 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIBNE.EXE /FU \"C:\\DOCUME~1\\Maurizio\\IMPOST~1\\Temp\\E_SB6.tmp\" /EF \"HKCU\""
.
--------------------- DLLs Carregadas Sob os Processos em Execu‡Æo ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-31 19:58:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-31 17:58:41

Pre-Run: 5,300,105,216 byte disponibili
Post-Run: 5,358,673,920 byte disponibili

167 --- E O F --- 2008-07-09 18:46:59
tetoxd
Utente Senior
 
Post: 138
Iscritto il: 28/06/06 19:28
Località: Modena

Re: Controllo log hijackthis

Postdi Luke57 » 01/08/08 11:12

Ciao,,come va adesso?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: Controllo log hijackthis

Postdi tetoxd » 01/08/08 14:06

Luke57 ha scritto:Ciao,,come va adesso?

Un po' meglio diciamo...i browser sono ancora un po' lentini (uso IE & Firefox 3.0) e ho notato che usando il programma uTorrent contemporaneamente ad ABC ( entrambi programmi per scaricare) rallenta un po' il computer...non sono sicuro che sia del tutto pulito da virus...il log di hijackthis è ok ora? cmq quando avviavo combofix Kaspersky mi rilevava diversi virus, forse sono falso positivi non saprei...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:05, on 2008-08-01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Programmi\ABC\abc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dimeadozen.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Programmi\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [\\pc01\EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\DOCUME~1\Maurizio\IMPOST~1\Temp\E_SB6.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Automatico EPSON Stylus Photo R265 Series su pc01] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S3.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O17 - HKLM\System\CS1\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O17 - HKLM\System\CS2\Services\Tcpip\..\{1561DC99-3D19-45FF-8B4F-264ACEDAFC79}: NameServer = 212.216.172.162
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5945 bytes
tetoxd
Utente Senior
 
Post: 138
Iscritto il: 28/06/06 19:28
Località: Modena


Torna a Sicurezza e Privacy


Topic correlati a "Controllo log hijackthis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti