Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Aiuto log hijackthis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Aiuto log hijackthis

Postdi fepin » 16/01/10 23:07

Salve,
sto cercando di eliminare il file csrcs.exe. Ho provato con ComboFix, me lo cancella, ma poi dopo un pò riappare. Adesso ho appena fatto una scansione sempre con ComboFix e poi un'altra con Hijackthis; vi allego il file... c'è qualche volenteroso che può aiutarmi?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:43 PM, on 1/16/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\HP_Proprietario\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O3 - Toolbar: Vista HP - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Programmi\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD06] c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG] C:\Programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Programmi\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [swg] "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\Wcescomm.exe"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\WINDOWS\system32\hasplms.exe (file missing)
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\AAWService.exe
fepin
Newbie
 
Post: 3
Iscritto il: 16/01/10 22:55

Sponsor
 

Re: Aiuto log hijackthis

Postdi shel » 16/01/10 23:39

CIAO

scusa ma non vedo nessun csrcs.exe nel log- prova ad aprire hijackthis e premi su wiew the list of back e vedi se e' li' nella lista

puoi postare il log di combofix?
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Aiuto log hijackthis

Postdi fepin » 16/01/10 23:54

Ciao,
il file csrcs.exe me lo ha eliminato combofix, che ho usato appena prima di fare la scansione con hijackthis. Credi che non ci sia nulla di strano nel log che ho inviato?
Griazie.
fepin
Newbie
 
Post: 3
Iscritto il: 16/01/10 22:55

Re: Aiuto log hijackthis

Postdi shel » 17/01/10 00:05

nel log di hijackthis non appare, forse lo hai fixato gia'

puoi postare il log di combofix?
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56

Re: Aiuto log hijackthis

Postdi fepin » 17/01/10 00:19

Te lo allego. ComboFix mi elimina il file, ma dopo un pò mi ricompare...

ComboFix 10-01-16.02 - HP_Proprietario 01/16/2010 22:34:54.8.1 - x86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1535.1195 [GMT 1:00]
Eseguito da: c:\documents and settings\HP_Proprietario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\csrcs.exe

.
((((((((((((((((((((((((( Files Creati Da 2009-12-16 al 2010-01-16 )))))))))))))))))))))))))))))))))))
.

2010-01-12 18:58 . 2005-10-21 01:47 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2010-01-12 18:58 . 2005-10-21 01:47 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2010-01-12 18:57 . 2010-01-12 18:57 -------- d-----w- c:\programmi\Microsoft ActiveSync
2010-01-12 13:46 . 2010-01-12 13:46 33340 ----a-w- c:\windows\system32\drivers\OldUsbkey.sys
2010-01-12 13:46 . 2010-01-12 13:46 7440 ----a-w- c:\windows\system32\ppmon.dll
2010-01-12 13:46 . 2010-01-12 13:46 131072 ----a-w- c:\windows\system32\NWKL2_32.DLL
2010-01-12 13:46 . 2010-01-12 13:46 12480 ----a-w- c:\windows\system32\KL2N.DLL
2010-01-12 13:46 . 2010-01-12 13:46 8968 ----a-w- c:\windows\system32\KL2DLL.DLL
2010-01-12 13:46 . 2010-01-12 13:46 -------- d-----w- c:\programmi\RST Instruments
2010-01-12 11:59 . 2010-01-12 11:59 0 ----a-w- C:\backupfile.dat
2010-01-12 11:59 . 2010-01-12 11:59 46368 ----a-w- C:\gradarra2.dat
2010-01-03 11:26 . 2010-01-03 11:26 -------- d-----w- C:\Software_Reflex

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-15 17:57 . 2007-10-10 11:48 -------- d-----w- c:\programmi\SIMAclivo
2010-01-12 13:46 . 2003-12-18 14:27 24136 ----a-w- c:\windows\system32\ppmon.exe
2010-01-12 13:46 . 2003-12-18 14:27 118784 ----a-w- c:\windows\system32\KL2DLL32.DLL
2010-01-06 15:24 . 2008-05-14 10:31 -------- d-----w- c:\programmi\REFLEX
2009-12-20 21:16 . 2007-10-24 17:04 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\NRG
2009-12-20 12:08 . 2009-06-20 07:22 862040 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-12-20 12:08 . 2009-06-20 07:22 206944 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-12-20 12:08 . 2009-06-20 07:22 390288 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-12-20 12:08 . 2009-12-12 19:00 537576 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\aawapi.dll
2009-12-20 12:08 . 2009-06-20 07:22 370744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-12-20 12:08 . 2009-06-20 07:22 194104 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2009-12-20 12:07 . 2009-06-20 07:22 6296864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Resources.dll
2009-12-20 12:07 . 2009-06-20 07:22 933120 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-12-20 12:07 . 2009-06-20 07:22 816272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-12-20 12:07 . 2009-06-20 07:22 822904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-12-20 12:07 . 2009-06-20 07:22 1643272 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-12-20 12:07 . 2009-06-20 07:22 788880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-12-20 12:07 . 2009-06-20 07:22 1181328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-12-15 18:05 . 2009-12-15 18:05 87552 --sha-w- C:\msrpc01.exe
2009-12-15 18:05 . 2009-12-15 18:05 12136 --sh--w- c:\windows\system32\drivers\krndrv32.sys
2009-12-15 18:04 . 2009-12-15 18:05 225280 --sh--r- c:\windows\system32\wmisqty.exe
2009-12-13 18:30 . 2009-12-13 18:30 -------- d-----w- c:\documents and settings\HP_Proprietario\Dati applicazioni\magpick
2009-12-13 18:30 . 2009-12-13 18:30 -------- d-----w- c:\programmi\MagPick
2009-12-13 18:24 . 2009-12-13 18:24 -------- d-----w- c:\programmi\MagMap2000
2009-12-12 19:00 . 2009-06-07 07:57 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-12-12 19:00 . 2009-06-07 07:46 15880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-12-12 19:00 . 2009-06-07 07:46 163728 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-12-12 18:59 . 2009-06-07 07:46 327000 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-12-12 18:59 . 2009-06-07 07:45 87496 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-12-12 18:59 . 2009-11-29 10:31 641632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2009-11-29 10:42 . 2009-11-29 10:42 -------- dc-h--w- c:\documents and settings\All Users\Dati applicazioni\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-11-29 10:31 . 2009-11-29 10:31 17632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-11-29 10:31 . 2009-11-29 10:31 68640 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\lbd.sys
2009-11-29 10:31 . 2009-11-29 10:31 303976 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\Drivers\64\AAWDriverTool.exe
2009-11-29 10:31 . 2009-06-20 07:22 640760 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-10-25 10:38 . 2004-01-01 18:45 83682 ----a-w- c:\windows\system32\perfc010.dat
2009-10-25 10:38 . 2004-01-01 18:45 487448 ----a-w- c:\windows\system32\perfh010.dat
2007-01-22 14:34 . 2007-01-22 14:34 0 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-22_22.04.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-09-23 00:16 . 2005-09-23 00:16 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80u.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfcm80.dll
+ 2005-02-10 10:05 . 2005-02-10 10:05 36864 c:\windows\system32\smiehlp.dll
+ 2000-05-19 13:24 . 2000-05-19 13:24 49152 c:\windows\system32\POINT32.dll
+ 2004-02-26 23:00 . 2004-02-26 23:00 61493 c:\windows\system32\MFCN42D.DLL
+ 2004-01-03 17:36 . 2005-10-21 01:47 12800 c:\windows\system32\drivers\usb8023.sys
+ 2004-01-03 17:35 . 2005-10-21 01:47 30592 c:\windows\system32\drivers\rndismp.sys
+ 2004-01-03 17:36 . 2005-10-21 01:47 12800 c:\windows\system32\dllcache\usb8023.sys
+ 2004-01-03 17:35 . 2005-10-21 01:47 30592 c:\windows\system32\dllcache\rndismp.sys
+ 2004-01-01 11:00 . 2010-01-01 21:36 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2004-01-01 11:00 . 2009-12-20 12:08 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat
- 2004-01-01 11:00 . 2009-12-20 12:08 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2004-01-01 11:00 . 2010-01-01 21:36 32768 c:\windows\system32\config\systemprofile\Impostazioni locali\Cronologia\History.IE5\index.dat
+ 2006-01-20 11:34 . 2006-01-20 11:34 25088 c:\windows\system32\clxwin32.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 67072 c:\windows\system32\clnwin32.dll
+ 2006-11-13 13:38 . 2006-11-13 13:38 23336 c:\windows\system32\ceutil.dll
+ 2010-01-12 18:57 . 2010-01-12 18:57 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\WCESMgrIcon.exe
+ 2010-01-12 18:57 . 2010-01-12 18:57 22486 c:\windows\Installer\{99052DB7-9592-4522-A558-5417BBAD48EE}\ARPPRODUCTICON.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 45056 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\Inclinalysis.exe_F02D55519C744E639ACF325A75788967.exe
+ 2010-01-12 18:58 . 2005-10-21 01:47 12800 c:\windows\Driver Cache\i386\usb8023x.sys
+ 2010-01-12 18:58 . 2005-10-21 01:47 30592 c:\windows\Driver Cache\i386\rndismpx.sys
+ 2006-11-13 12:30 . 2006-11-13 12:30 4608 c:\windows\system32\HookDLL.DLL
+ 2010-01-12 13:46 . 2010-01-12 13:46 8854 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\UNINST_Uninstall_I_973004ED89BC4EA3A9993CB00C806CA0.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 8854 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\RST_Instruments_we_BA43A54EFDF642A383EDB90D4E154A5E.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 8854 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\license.rtf_80112B4EF5234FBCB2FA48592DEDC2D6.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 8854 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\Inclinalysis_Manua_4454F3A841334374A66C693F76F780D4.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 8854 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\Inclinalysis_Help._8B1446D4EC3D4ABB933678F4579AF2CF.exe
+ 2010-01-12 13:46 . 2010-01-12 13:46 4526 c:\windows\Installer\{2EF432D9-7DE7-49A8-80D3-55A20B49CC12}\ARPPRODUCTICON.exe
+ 2006-11-13 13:38 . 2006-11-13 13:38 138024 c:\windows\system32\rapi.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 245843 c:\windows\system32\nwshlxnt.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 839762 c:\windows\system32\novnpnt.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 275456 c:\windows\system32\netwin32.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 155136 c:\windows\system32\ncpwin32.dll
+ 2000-07-14 23:00 . 2000-07-14 23:00 434252 c:\windows\system32\MSVCRTD.DLL
+ 2000-07-14 23:00 . 2000-07-14 23:00 798773 c:\windows\system32\MFCO42D.DLL
+ 2000-07-14 23:00 . 2000-07-14 23:00 929844 c:\windows\system32\MFC42D.DLL
+ 2006-01-20 11:34 . 2006-01-20 11:34 116520 c:\windows\system32\MAPBASER.DLL
+ 2006-01-20 11:34 . 2006-01-20 11:34 233554 c:\windows\system32\mapbase.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 110080 c:\windows\system32\locwin32.dll
+ 2006-01-20 11:34 . 2006-01-20 11:34 158720 c:\windows\system32\calwin32.dll
+ 2005-03-05 17:28 . 2005-03-05 17:28 131072 c:\windows\system32\AcSignIcon.dll
+ 2010-01-12 18:57 . 2010-01-12 18:57 869376 c:\windows\Installer\11bdd14.msi
+ 2005-09-23 00:16 . 2005-09-23 00:16 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80u.dll
+ 2005-09-23 00:16 . 2005-09-23 00:16 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\mfc80.dll
+ 2010-01-12 13:46 . 2010-01-12 13:46 8124928 c:\windows\Installer\12e4c90.msi
+ 2010-01-12 13:44 . 2010-01-12 13:44 22700032 c:\windows\Downloaded Installations\{38FCF8D0-BA55-4FD9-9040-668E2CDAA65E}\Inclinalysis 2.29.msi
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-27 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2004-08-19 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"HPHUPD06"="c:\programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2004-05-07 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2004-05-20 249856]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-24 339968]
"AlcxMonitor"="ALCXMNTR.EXE" [2003-04-04 50176]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 151552]
"D-Link AirPlus XtremeG"="c:\programmi\D-Link\AirPlus XtremeG\AirPlusCFG.exe" [2006-07-07 1323008]
"ANIWZCS2Service"="c:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-01 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-25 1948440]
"Ad-Watch"="c:\programmi\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-20 788880]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-27 110592]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-29 241664]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-25 07:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\WINDOWS\\system32\\wmisqty.exe"=
"c:\programmi\Microsoft ActiveSync\rapimgr.exe"= c:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programmi\Microsoft ActiveSync\wcescomm.exe"= c:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programmi\Microsoft ActiveSync\WCESMgr.exe"= c:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14153:TCP"= 14153:TCP:NortonAV
"12926:TCP"= 12926:TCP:NortonAV
"16915:TCP"= 16915:TCP:NortonAV
"14660:TCP"= 14660:TCP:NortonAV
"17623:TCP"= 17623:TCP:NortonAV
"13414:TCP"= 13414:TCP:NortonAV
"13639:TCP"= 13639:TCP:NortonAV
"12311:TCP"= 12311:TCP:NortonAV
"14117:TCP"= 14117:TCP:NortonAV
"12194:TCP"= 12194:TCP:NortonAV
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/29/2009 11:43 AM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\programmi\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 12:17 PM 1181328]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2009 8:42 AM 327688]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/30/2009 8:42 AM 108552]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
S2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys [9/27/2009 4:13 PM 23552]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [10/29/2007 7:57 PM 347648]
S3 FTD2XX;PET Hardware drivers;c:\windows\system32\drivers\FTD2XX.sys [8/25/2007 9:57 AM 34639]
S3 krndrv32;Kernel Device Driver;c:\windows\system32\drivers\krndrv32.sys [12/15/2009 7:05 PM 12136]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\drivers\stmatm.sys [10/23/2005 10:23 PM 59338]
S3 TaurusUsb;ADSL Modem USB Service 1.09a;c:\windows\system32\drivers\torususb.sys [10/23/2005 10:23 PM 527980]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\Wibukey2.sys [5/27/2006 3:04 PM 16384]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - P1C1394
.
Contenuto della cartella 'Scheduled Tasks'

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:07]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:07]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:07]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:07]

2010-01-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\programmi\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 12:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\HP_Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\298deat0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-16 22:45
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_USERS\S-1-5-21-3483238777-1222112192-4008248173-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3483238777-1222112192-4008248173-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3483238777-1222112192-4008248173-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-3483238777-1222112192-4008248173-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:0000000b
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(224)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2010-01-16 22:51:39
ComboFix-quarantined-files.txt 2010-01-16 21:51
ComboFix2.txt 2010-01-10 15:36
ComboFix3.txt 2010-01-08 17:20
ComboFix4.txt 2010-01-02 22:13
ComboFix5.txt 2010-01-16 21:33

Pre-Run: 75,506,700,288 byte disponibili
Post-Run: 75,515,535,360 byte disponibili

- - End Of File - - 0290E0CFBA208BD5F23A18E91344AD1C
fepin
Newbie
 
Post: 3
Iscritto il: 16/01/10 22:55

Re: Aiuto log hijackthis

Postdi shel » 17/01/10 00:22

eccolo qui

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\csrcs.exe


devo finire di controllare il log per vedere se ci sono altre infezioni
shel
Utente Senior
 
Post: 1292
Iscritto il: 29/08/08 21:56


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto log hijackthis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 2

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti