Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log HIJACKTHIS,grazie

controllo log HIJACKTHIS,grazie Opzioni
Topic Precedente · Topic Sucessivo
mistermax
Inviato: Wednesday, December 22, 2004 3:45:54 PM
Rank: Member

Iscritto dal : 12/21/2004
Posts: 0
StartupList report, 21/12/2004, 18.13.56
StartupList version: 1.52.2
Started from : C:\Documents and Settings\CORTINOVIS MASSIMO\Desktop\PULIZIA PC\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\WINDOWS\System32\wltrysvc.exe
c:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\ewupdater.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\ltmoh\Ltmoh.exe
C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\PowerKey.exe
C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\OSDCtrl.exe
C:\Program Files\Launch Manager\Wbutton.exe
C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
C:\Programmi\IPM\Adsl\DataWay\dslstat.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Nokia\Services\ServiceLayer.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\INCRED~1\bin\IMAPP.EXE
C:\Programmi\eMule\emule.exe
C:\Programmi\eDonkey2000\edonkey2000.exe
C:\Documents and Settings\CORTINOVIS MASSIMO\Desktop\PULIZIA PC\HijackThis.exe


Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica]
HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ewupdater = C:\WINDOWS\ewupdater.exe
InCD = C:\Programmi\Ahead\InCD\InCD.exe
ccApp = "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
ATIModeChange = Ati2mdxx.exe
ATIPTA = C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
SynTPLpr = C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
SynTPEnh = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
AGRSMMSG = AGRSMMSG.exe
LtMoh = C:\Programmi\ltmoh\Ltmoh.exe
RemoteControl = C:\SYSINFO\CyberLink\PowerDVD\PDVDServ.exe
LaunchApp = LaunApp
SoundMan = SOUNDMAN.EXE
LaunchAp = C:\Program Files\Launch Manager\LaunchAp.exe
PowerKey = "C:\Program Files\Launch Manager\PowerKey.exe"
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe
LMgrOSD = C:\Program Files\Launch Manager\OSDCtrl.exe
Wbutton = "C:\Program Files\Launch Manager\Wbutton.exe"
Microsoft Update Machine = winupdt.exe
JA Cfg Util v2 = jacfg2.exe
regsrv = scvhost.exe
Micr Update = soundblaster.exe
DataLayer = C:\Programmi\Nokia\Nokia PC Suite 5\DataLayer.exe
Nokia Tray Application = C:\Programmi\File comuni\Nokia\NCLTools\NclTray.exe
DSLSTATEXE = C:\Programmi\IPM\Adsl\DataWay\dslstat.exe icon
CloneCDTray = "C:\Programmi\SlySoft\CloneCD\CloneCDTray.exe" /s
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
New.net Startup = rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup -s
HP Component Manager = "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
HP Software Update = "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"


Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

Microsoft Update Machine = winupdt.exe
JA Cfg Util v2 = jacfg2.exe
regsrv = scvhost.exe
Micr Update = soundblaster.exe


Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IncrediMail = C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
Microsoft Update Machine = winupdt.exe
JA Cfg Util v2 = jacfg2.exe
Micr Update = soundblaster.exe
Gadwin PrintScreen 2.6 = C:\Programmi\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\scrnsave.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*



Enumerating Browser Helper Objects:

(no name) - C:\Programmi\NewDotNet\newdotnet6_38.dll - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\PROGRA~1\FLASHGET\jccatch.dll - {A5366673-E8CA-11D3-9CD9-0090271D075B}
NAV Helper - C:\Programmi\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - (no file) - {CD4C3CF0-4B15-11D1-ABED-709549C10000}


Enumerating Task Scheduler jobs:

Symantec NetDetect.job
Norton AntiVirus - Scansione del computer - CORTINOVIS MASSIMO.job


Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\System32\macromed\Shockwave 10\Download.dll
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[Cult3D ActiveX Player]
InProcServer32 = C:\WINDOWS\system32\Cult3D\IECult.dll
CODEBASE = http://www.cult3d.com/download/cult.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[siawds-full-install]
InProcServer32 = C:\WINDOWS\system32\MSJAVA.DLL
CODEBASE = https://portal.actalis.it/CA/Environment/SIAwds/app/siawds-full-install.cab


Enumerating Winsock LSP files:

NameSpace #4: C:\Programmi\NewDotNet\newdotnet6_38.dll
Protocol #1: C:\Programmi\NewDotNet\newdotnet6_38.dll
Protocol #2: C:\Programmi\NewDotNet\newdotnet6_38.dll
Protocol #9: C:\Programmi\NewDotNet\newdotnet6_38.dll
Protocol #10: C:\Programmi\NewDotNet\newdotnet6_38.dll


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

End of report, 8.497 bytes
Report generated in 0,875 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
Torna in alto
 
Sponsor
Inviato: Wednesday, December 22, 2004 3:45:54 PM

 
Torna in alto
 
alfonso
Inviato: Wednesday, December 22, 2004 5:16:48 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Devi copiare il log dal file TXT senza apportare nessuna modifica, da questo log non ci capisco nulla, non e completo.
Collaboratore Aiutamici
Torna in alto
 
alfonso
Inviato: Thursday, December 23, 2004 12:38:54 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Mistermax se hai problemi a copiare il log, puoi anche inviarmelo a questo indirizzo alfonso.roselli@aiutamici.com


<img src="http://www.aiutamici.com/ftp/images/avvi1.gif" border=0><img src="http://www.aiutamici.com/ftp/images/avvi2.gif" border=0><img src="http://www.aiutamici.com/ftp/images/avvi3.gif" border=0><img src="http://www.aiutamici.com/ftp/images/avvi4.gif" border=0>
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log HIJACKTHIS,grazie


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.