Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi controllate il log di Hijack ?

Per favore mi controllate il log di Hijack ? Opzioni
Topic Precedente · Topic Sucessivo
modifica
Inviato: Friday, May 09, 2008 5:05:02 PM
Rank: Member

Iscritto dal : 5/4/2005
Posts: 0
Credo di avere una malware ma non riesco a toglierlo, si aprono continuamente finestre sia di explorer che di mozzilla.


Logfile of HijackThis v1.99.1
Scan saved at 14.09.08, on 09/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Documenti\Download\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Programmi\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Programmi\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Programmi\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programmi\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Administrator\Dati applicazioni\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070828\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Administrator\Dati applicazioni\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070828\Setup.exe" "/REALUPREBOOT /temp /patched"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164368473710
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{84EFFD2B-18D0-416A-BDF5-64CCB6D2D14B}: NameServer = 151.99.125.1,192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{84EFFD2B-18D0-416A-BDF5-64CCB6D2D14B}: NameServer = 151.99.125.1,192.168.1.1
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FILECO~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe





Grazie.
Torna in alto
 
Sponsor
Inviato: Friday, May 09, 2008 5:05:02 PM

 
Torna in alto
 
r16
Inviato: Friday, May 09, 2008 8:55:09 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao modifica .
Il log non presenta anomalie.
Disabilita temporaneamente il tuo antivirus.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
ComboFix non funziona in modalità provvisoria.

Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.
Dovresti essere a posto.
Torna in alto
 
modifica
Inviato: Saturday, May 10, 2008 3:15:03 PM
Rank: Member

Iscritto dal : 5/4/2005
Posts: 0
Ok r16, ho seguito alla lettera le tue indicazioni.
Qui il log di ComboFix:

08-05-08.1 - Administrator 2008-05-10 13.25.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1322 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle.dat
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle.exe
c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle_nav.dat
c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-04-10 al 2008-05-10 )))))))))))))))))))))))))))))))))))
.

2008-05-08 15:47 . 2008-05-08 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\AntiVir PersonalEdition Classic
2008-05-08 12:58 . 2008-05-08 12:58 <DIR> d-------- C:\Programmi\Windows Sidebar
2008-05-08 12:58 . 2008-05-08 13:17 <DIR> d-------- C:\Programmi\Norton AntiVirus
2008-05-08 12:58 . 2008-05-08 13:14 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-05-08 12:58 . 2008-05-08 13:14 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-08 12:58 . 2008-05-08 13:14 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-05-08 12:58 . 2008-05-08 13:14 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-05-08 12:38 . 2008-05-08 12:38 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-05-08 12:27 . 2008-05-08 12:29 65 --a------ C:\WINDOWS\system32\BD8860DN.DAT
2008-05-08 12:03 . 2008-05-08 12:03 <DIR> d-------- C:\Programmi\ScanSoft
2008-05-07 14:18 . 2008-05-07 14:18 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-05-07 14:02 . 2008-05-07 14:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avg8
2008-05-07 09:07 . 2008-05-07 09:37 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Talkback
2008-05-06 10:33 . 2008-05-06 10:33 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-06 10:33 . 2008-05-06 10:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-03 11:58 . 2008-05-03 16:09 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\AVGTOOLBAR
2008-04-23 07:15 . 2008-04-24 19:00 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-21 07:00 . 2007-09-24 09:05 378,152 --a------ C:\WINDOWS\system32\ImageDrive.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-09 14:35 --------- d-----w C:\Programmi\eMule
2008-05-08 11:27 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-08 11:14 --------- d-----w C:\Programmi\Symantec
2008-05-08 11:12 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Symantec
2008-05-07 16:49 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-07 16:32 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\AdobeUM
2008-05-07 12:23 --------- d-----w C:\Programmi\QuickTime
2008-03-27 08:11 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\3M
2008-03-19 07:23 --------- d-----w C:\Documents and Settings\Administrator\Dati applicazioni\CDBurnerXP_Soft
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-05-08 13:15 116088 --a------ C:\PROGRA~1\FILECO~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-09-20 15:35 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-13 14:05 16239616 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22 155648]
"ControlCenter2.0"="C:\Programmi\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 19:30 995328]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 11:30 262401]
"LogMeIn GUI"="C:\Programmi\LogMeIn\x86\LogMeInSystray.exe" [ ]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 18:35 32768]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-05-13 11:02 185784]
"PaperPort PTD"="C:\Programmi\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-11 01:01 57393]
"IndexSearch"="C:\Programmi\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-11 01:28 40960]
"SetDefPrt"="C:\Programmi\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-26 18:02 49152]
"ccApp"="C:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2008-02-14 11:01 51048]
"osCheck"="C:\Programmi\Norton AntiVirus\osCheck.exe" [2007-08-24 22:53 714608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="C:\Documents and Settings\Administrator\Dati applicazioni\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-26 18:04 687976]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-05-25 15:22 63040 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=

R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 04:24]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 05:28]
R3 CnxTgR;Conexant AccessRunner PCI ADSL Interface Device Driver;C:\WINDOWS\system32\DRIVERS\CnxTgR.sys [2002-03-11 10:51]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Programmi\LogMeIn\x86\RaInfo.sys []
S2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;"C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2007-08-23 14:35]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 STUSB2Ir;SigmaTel USB 2.0 IrDA Bridge;C:\WINDOWS\system32\DRIVERS\stusb2ir.sys [2004-05-28 07:22]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b44df21a-81f5-11dc-b8b0-00173189a07c}]
\Shell\AutoRun\command - J:\setupSNK.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-23 06:53:49 C:\WINDOWS\Tasks\backup.job"
- C:\WINDOWS\system32\ntbackup.exeöbackup
"2008-05-08 11:10:31 C:\WINDOWS\Tasks\Norton AntiVirus - Scansione completa sistema - Administrator.job"
- C:\Programmi\Norton AntiVirus\Navw32.exei/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-10 13:30:53
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-10 13:34:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-10 11:34:40

8 Directory 120,553,992,192 byte disponibili
11 Directory 120,716,783,616 byte disponibili

141 --- E O F --- 2008-04-12 05:18:49





Qui il log di norman Malware:



Norman Malware Cleaner
Copyright © 1990 - 2008, Norman ASA. Built 2008/05/06 19:09:25

Norman Scanner Engine Version: 5.92.04
Nvcbin.def Version: 5.92.00, Date: 2008/05/06 19:09:25, Variants: 1618141

Running pre-scan cleanup routine:
Operating System: Microsoft Windows XP Professional 5.1.2600(Safe mode) Service Pack 2
Logged on user: PC2\Administrator

Removed registry value: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -> DisableRegistryTools = 0x00000000

Scan started: 10/05/2008 13:57:26


Scanning running processes and process memory...

Number of processes/threads found: 539
Number of processes/threads scanned: 539
Number of processes/threads not scanned: 0
Number of infected processes/threads terminated: 0
Total scanning time: 15s


Scanning file system...

Scanning: C:\*.*

Scanning: X:\*.*


Running post-scan cleanup routine:

Number of files found: 129410
Number of archives unpacked: 6267
Number of files scanned: 129390
Number of files not scanned: 20
Number of files skipped due to exclude list: 0
Number of infected files found: 0
Number of infected files repaired/deleted: 0
Number of infections removed: 0
Total scanning time: 38m 19s


___________________________________


Spero vivamente di aver risolto il problema, ora navigo un po' giusto per provare.

Grazie 1000 x l'aiuto.
Torna in alto
 
r16
Inviato: Saturday, May 10, 2008 10:37:19 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Tranquillo, Combofix dovrebbe avertelo levato.
c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle.dat
C:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle.exe
c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle_nav.dat
c:\Documents and Settings\Administrator\Impostazioni locali\Dati applicazioni\jebonle_navps.dat

Ciao.
Torna in alto
 
modifica
Inviato: Tuesday, May 13, 2008 3:44:59 PM
Rank: Member

Iscritto dal : 5/4/2005
Posts: 0
Ok, provato, testato e controllato: ora va
Grazie r16 !!!
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi controllate il log di Hijack ?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.