hIJACK log check - ho ancora cose strane - Sicurezza VIRUS

Benvenuto Ospite

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » hIJACK log check - ho ancora cose strane

hIJACK log check - ho ancora cose strane

Opzioni

Topic Precedente · Topic Sucessivo

frankie09

Inviato: Sunday, May 11, 2008 4:48:42 PM

Rank: Member

Iscritto dal : 2/6/2007
Posts: 12

Ciao

ho appena reinstallato il sistema operativo dopo aver perso il mio per causa di un virus.
Poiché ho importato i miei files di prima - qualcuno può dare un occhio al mio hijack log e dirmi
se vede qualcosa che non va? Grazie. Ciao. Francesca

Logfile of HijackThis v1.99.1
Scan saved at 16.37.10, on 11/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Programmi\Accessori\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Frankie\IMPOST~1\Temp\Rar$EX00.297\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\ACCESS~1\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Accessori\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B2EF7C0-D4C1-462B-9461-59C49BAD8638}: NameServer = 85.37.17.52 85.38.28.92
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Accessori\smc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

Torna in alto

Sponsor

Inviato: Sunday, May 11, 2008 4:48:42 PM

Torna in alto

r16

Inviato: Sunday, May 11, 2008 5:49:57 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao frankie09
Il log non presenta anomalie.
Hai provato a far girare Virit in Modalità Provvisoria?
Cosa intendi per "cose strane".
Sei sicura che i file che hai importato,fossero tutti puliti?

Torna in alto

frankie09

Inviato: Sunday, May 11, 2008 6:05:41 PM

Rank: Member

Iscritto dal : 2/6/2007
Posts: 12

r16 ha scritto:

Ciao frankie09
Il log non presenta anomalie.
Hai provato a far girare Virit in Modalità Provvisoria?
Cosa intendi per "cose strane".
Sei sicura che i file che hai importato,fossero tutti puliti?

Ciao H16 e grazie

dei files strani..dei programmi che avevo importato dal mio disco fisso di prima e che al riavvio del pc non ci sono più in programmi, etc
no non sono sicura..anzi..a questo punto penso proprio che il mio sistema operativo precedente (le chiavi di registro) sia stato fot..o proprio da un virus...e penso che sia ancora qui che gira...

il vir it l'ho fatto girare..ma c'è da fidarsi della versione gratuita? non rileva nulla..

Torna in alto

r16

Inviato: Sunday, May 11, 2008 6:15:07 PM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

OK,proviamo a vedere se rilevano qualcosa questi 2.
carica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner lo si fà girare in MODALITA PROVVISORIA.

Si avvia
si accetta la licenza
si clicca Start Scan
si attende la fine della scansione
Viene generato un log sul desktop, postalo qui.
In alcuni casi Norman Malware Cleaner potrebbe richiedere il riavvio del computer per rimuovere completamente l'infezione, in
questo caso è raccomandata una seconda esecuzione del programma dopo aver riavviato il PC per garantire la completa rimozione di tutti i files infetti.

Disabilita il tuo antivirus.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.

ComboFix non funziona in modalità provvisoria
Fai una scansione on-line con questo:
http://housecall.trendmicro.com/it/

Torna in alto

frankie09

Inviato: Wednesday, May 14, 2008 7:46:16 AM

Rank: Member

Iscritto dal : 2/6/2007
Posts: 12

OK GRAZIE.
Intanto ho fatto andare il combofix e questo è il log. Che dici?

ComboFix 08-05-12.1 - Frankie 2008-05-14 7.33.46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.70 [GMT 2:00]
Eseguito da: C:\Programmi\Accessori\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((( Files Creati Da 2008-04-14 al 2008-05-14 )))))))))))))))))))))))))))))))))))
.

2008-05-14 07:18 . 2008-05-14 07:18 488 --a------ C:\hpfr3420.xml
2008-05-14 07:14 . 2008-05-14 07:14 <DIR> d-------- C:\Programmi\Hewlett-Packard
2008-05-14 07:14 . 2008-05-14 07:14 82,380 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-05-14 07:11 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-14 07:11 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-14 07:10 . 2008-05-14 07:10 <DIR> d-------- C:\Programmi\File comuni\Hewlett-Packard
2008-05-14 07:08 . 2008-05-14 07:14 20,448 --a------ C:\WINDOWS\hpoins01.dat
2008-05-14 07:08 . 2003-04-05 14:33 16,622 --------- C:\WINDOWS\hpomdl01.dat
2008-05-14 07:06 . 2008-05-14 07:11 <DIR> d-------- C:\WINDOWS\LastGood
2008-05-14 07:05 . 2001-08-08 11:45 2,641,973 --a------ C:\WINDOWS\system32\opapi11.dll
2008-05-14 07:05 . 2001-08-07 13:54 74,665 --a------ C:\WINDOWS\system32\openpage.msg
2008-05-14 07:05 . 2008-05-14 07:05 0 --a------ C:\WINDOWS\OPPRIN~1.INI
2008-05-14 07:04 . 2008-05-14 07:07 <DIR> d-------- C:\Programmi\Canon
2008-05-14 07:02 . 2008-05-14 07:02 <DIR> d-------- C:\Documents and Settings\Frankie\WINDOWS
2008-05-11 20:48 . 2008-05-11 20:48 <DIR> d-------- C:\Documents and Settings\Frankie\Dati applicazioni\Hewlett-Packard
2008-05-11 17:50 . 2008-05-11 17:50 <DIR> dr------- C:\Documents and Settings\NetworkService\Preferiti
2008-05-11 17:50 . 2008-05-11 17:50 0 --a------ C:\WINDOWS\nsreg.dat
2008-05-11 17:02 . 2008-05-11 17:02 <DIR> d-------- C:\Programmi\Lavasoft
2008-05-11 16:26 . 2004-10-15 18:32 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2008-05-11 16:26 . 2004-10-15 18:17 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2008-05-11 16:26 . 2004-10-15 18:18 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2008-05-11 16:26 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2008-05-11 16:26 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2008-05-11 16:26 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2008-05-11 16:26 . 2004-10-15 18:32 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2008-05-11 16:25 . 2008-05-11 16:54 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-05-10 07:59 . 2005-06-28 09:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-05-10 06:46 . 2008-05-11 20:06 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-05-09 07:21 . 2008-05-09 07:21 <DIR> d-------- C:\Documents and Settings\Frankie\Dati applicazioni\Logitech
2008-05-09 07:18 . 2008-05-09 07:18 <DIR> d-------- C:\Programmi\File comuni\Logitech
2008-05-09 07:18 . 2005-05-25 02:40 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-05-09 07:18 . 2005-05-25 02:40 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-05-09 07:18 . 2005-05-25 02:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-05-09 07:18 . 2005-05-25 02:40 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-05-09 07:18 . 2005-05-25 02:40 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-05-09 07:18 . 2005-05-25 02:40 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-05-09 07:16 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-05-09 07:16 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-05-09 07:16 . 2004-08-19 15:39 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-09 07:16 . 2004-08-19 15:39 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-05-09 07:16 . 2004-08-19 15:30 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-05-09 07:16 . 2004-08-19 15:30 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-05-09 07:16 . 2001-08-30 20:41 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-05-09 07:16 . 2001-08-30 20:41 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-05-09 07:16 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-09 07:16 . 2001-08-17 22:02 9,600 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-08 16:30 . 2008-05-08 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-05-08 16:27 . 2008-05-11 17:02 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-05-08 16:26 . 2008-05-08 19:17 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-08 16:25 . 2008-05-11 17:48 <DIR> d-------- C:\VEXPLITE
2008-05-08 16:25 . 2008-05-08 16:25 <DIR> d-------- C:\Programmi\VirIT eXplorer Lite
2008-05-08 15:12 . 2008-05-08 15:12 <DIR> d-------- C:\Programmi\ADOBE Acrobat 5 ITA full version (Reader, Writer, Distiller)
2008-05-08 15:10 . 2008-05-08 15:10 <DIR> d-------- C:\Documents and Settings\Frankie\Dati applicazioni\Leadertech
2008-05-08 15:08 . 2008-05-08 15:08 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-05-08 15:08 . 1993-07-23 00:00 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-05-08 15:08 . 2001-04-27 14:02 101,200 --a------ C:\WINDOWS\system32\pdfshell.dll
2008-05-08 15:08 . 2001-03-15 08:18 65,536 --a------ C:\WINDOWS\system32\adistres.dll
2008-05-08 15:08 . 2001-03-15 08:18 20,584 --a------ C:\WINDOWS\system32\PdfPorts.dll
2008-05-08 15:08 . 2001-05-18 02:08 12,288 --a------ C:\WINDOWS\system32\PDFShell.ITA
2008-05-08 15:05 . 2008-05-08 15:05 <DIR> d-------- C:\Documents and Settings\Frankie\Dati applicazioni\InterTrust
2008-05-08 14:47 . 2008-05-08 14:47 <DIR> d-------- C:\WINDOWS\system32\dla
2008-05-08 14:47 . 2008-05-08 14:47 <DIR> d-------- C:\Programmi\File comuni\Sonic
2008-05-08 14:47 . 2003-08-06 01:04 98,352 --a------ C:\WINDOWS\dla.exe
2008-05-08 14:47 . 2003-07-31 03:21 84,576 --a------ C:\WINDOWS\system32\drivers\drvmcdb.sys
2008-05-08 14:47 . 2003-08-06 01:04 61,492 --a------ C:\WINDOWS\system32\tfswapi.dll
2008-05-08 14:47 . 2003-06-20 02:56 40,448 --a------ C:\WINDOWS\system32\drivers\drvnddm.sys
2008-05-08 14:47 . 2003-07-14 11:28 23,219 --a------ C:\WINDOWS\system32\drivers\ssrtln.sys
2008-05-08 14:47 . 2003-07-14 11:28 5,621 --a------ C:\WINDOWS\system32\drivers\sscdbhk5.sys
2008-05-08 14:47 . 2008-05-08 14:47 138 --a------ C:\WINDOWS\wininit.ini
2008-05-08 14:46 . 2008-05-08 14:46 <DIR> d-------- C:\Programmi\File comuni\SureThing Shared
2008-05-08 13:01 . 2005-05-20 15:01 68,352 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2008-05-08 13:01 . 2005-05-20 15:00 54,528 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2008-05-08 13:01 . 2005-05-20 14:46 28,160 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-05-08 13:01 . 2005-05-20 15:01 25,600 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2008-05-08 13:01 . 2005-05-20 15:00 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-05-08 13:00 . 2008-05-14 07:32 <DIR> d-------- C:\Programmi\Accessori
2008-05-08 12:34 . 2008-05-08 12:34 5,831,808 --a------ C:\Programmi\Firefox Setup 2.0.0.14.exe
2008-05-08 11:52 . 2008-05-08 11:52 <DIR> d-------- C:\WINDOWS\system32\InsFiles
2008-05-08 11:52 . 2003-04-02 13:25 538,925 -ra------ C:\WINDOWS\system32\drivers\torususb.sys
2008-05-08 11:52 . 2003-07-25 10:09 286,720 -ra------ C:\WINDOWS\system32\stmadsl.cpl
2008-05-08 11:52 . 2003-03-27 14:11 86,019 -ra------ C:\WINDOWS\stmtrace.exe
2008-05-08 11:52 . 2003-03-27 14:11 59,466 -ra------ C:\WINDOWS\system32\drivers\stmatm.sys
2008-05-08 11:50 . 2008-05-08 11:50 <DIR> d-------- C:\WINDOWS\Motive
2008-05-08 11:50 . 2008-05-08 11:50 <DIR> d-------- C:\Programmi\Motive
2008-05-08 11:50 . 2008-05-08 11:50 <DIR> d-------- C:\Programmi\HELPExpress
2008-05-08 11:50 . 2008-05-08 11:50 <DIR> d-------- C:\Programmi\Common Files
2008-05-08 11:05 . 2008-05-08 11:05 <DIR> d-------- C:\WINDOWS\Provisioning
2008-05-08 11:05 . 2008-05-08 11:11 <DIR> d-------- C:\WINDOWS\PeerNet
2008-05-08 11:05 . 2008-05-08 11:12 <DIR> d-------- C:\WINDOWS\ehome
2008-05-08 10:45 . 2008-05-08 10:45 <DIR> d-------- C:\Programmi\Broadcom
2008-05-08 10:45 . 2002-12-17 11:41 42,368 -ra------ C:\WINDOWS\system32\drivers\bcm4sbxp.sys
2008-05-08 10:41 . 1998-11-13 12:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-05-08 10:39 . 2008-05-08 15:08 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-05-08 10:38 . 2008-05-08 10:38 8,407 --a------ C:\WINDOWS\system32\nvModes.dat
2008-05-08 10:38 . 2008-05-14 06:32 8,407 --a------ C:\WINDOWS\system32\nvModes.001
2008-05-08 10:36 . 2008-05-08 10:36 <DIR> d-------- C:\Programmi\Broadcom Advanced Control Suite
2008-05-08 10:34 . 2008-05-08 10:34 <DIR> d-------- C:\Programmi\Intel
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Softwin
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Sleep Manager
2008-05-08 10:32 . 2008-05-11 08:44 <DIR> d-------- C:\Programmi\Rescue Disk
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\QuickTime
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\QMgr
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Plus!
2008-05-08 10:32 . 2008-05-10 06:47 <DIR> d-------- C:\Programmi\PCDR
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Opera
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\OfficeUpdate11
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Notebook Manager
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Navnt
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\MUSICMATCH
2008-05-08 10:32 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\MSN Messenger
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Trust
2008-05-08 10:31 . 2008-05-10 06:46 <DIR> d-------- C:\Programmi\Transfer MyPC
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Tin.it
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Synaptics
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Symantec
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Sygate
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-05-08 10:31 . 2008-05-08 10:31 <DIR> d-------- C:\Programmi\Speed Access USB
2008-05-08 10:31 . 2008-05-08 10:32 <DIR> d-------- C:\Programmi\Sonic
2008-05-08 10:24 . 2008-05-08 10:24 <DIR> d-------- C:\Programmi\Yahoo!
2008-05-08 10:24 . 2008-05-10 06:46 <DIR> d-------- C:\Programmi\Wisdom-soft ScreenHunter 5 Free
2008-05-08 10:24 . 2008-05-08 10:24 <DIR> d-------- C:\Programmi\WinMX
2008-05-08 10:24 . 2008-05-10 06:47 <DIR> d-------- C:\Programmi\vanBasco's Karaoke Player
2008-05-08 10:24 . 2005-01-29 14:31 9,228,440 --a------ C:\Programmi\spf.exe
2008-05-08 10:24 . 2005-02-12 11:18 7,683,569 --a------ C:\Programmi\nentitst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 07:11 17 ----a-w C:\Programmi\stinger.opt
2008-05-11 07:04 499 ----a-w C:\Programmi\Collegamento a WinRAR.lnk
2008-05-08 09:49 155,995 ----a-w C:\WINDOWS\java\Packages\HB5BRDZN.ZIP
2008-05-07 09:58 --------- d-----w C:\Programmi\Servizi in linea
2008-05-04 09:44 522 ----a-w C:\Programmi\hpfr3420.xml
2008-05-04 09:44 177,174 ----a-w C:\Programmi\hpfr3425.log
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:01 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2007-04-04 09:52 227 ----a-w C:\Programmi\gromozon_removal.log
2006-07-26 17:48 10,786 ----a-w C:\Programmi\release_notes.txt
2005-03-29 09:53 241 ----a-w C:\Programmi\stinger.txt
2005-02-23 13:27 56,320 ----a-w C:\Programmi\allegato.jhtml.doc
2005-01-29 20:56 8,263 ----a-w C:\Programmi\Uninst.isu
2004-05-02 21:28 15 ----a-w C:\Programmi\win2.log
2004-05-01 10:48 12 ----a-w C:\Programmi\win.log
2002-07-29 20:46 4,514 ----a-w C:\Programmi\SETUPXLG.TXT
2001-01-31 11:15 5,071 ----a-w C:\Programmi\Documento recuperato.txt
2000-11-21 16:02 70,008 ----a-w C:\Programmi\BOOTLOG.TXT
2000-04-24 11:40 225 ----a-w C:\Programmi\RESETLOG.TXT
2000-04-20 13:10 15,563 ----a-w C:\Programmi\NETLOG.TXT
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:00 15360]
"Sonic RecordNow!"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 05:59 122880 C:\WINDOWS\BCMSMMSG.exe]
"nwiz"="nwiz.exe" [2003-11-20 08:10 323584 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]
"VIRIT LITE MONITOR"="C:\VEXPLITE\MONLITE.EXE" [2008-05-11 16:05 245760]
"SmcService"="C:\PROGRA~1\ACCESS~1\smc.exe" [2004-10-15 19:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 14:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Acrobat Assistant.lnk - C:\Programmi\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2008-05-08 15:08:32 49254]
Logitech SetPoint.lnk - C:\Programmi\Accessori\SetPoint\SetPoint.exe [2008-05-08 13:01:57 450560]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\rundisabled]
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"dla"=C:\WINDOWS\system32\dla\tfswctrl.exe
"StorageGuard"="C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-05-08 19:17]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-11 16:05]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-03-27 14:11]
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-04-02 13:25]

*Newly Created Service* - CATCHME
*Newly Created Service* - PML_DRIVER_HPZ12
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-14 05:15:38 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1210742096.job"
- C:\Programmi\Accessori\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 07:36:40
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Ora fine scansione: 2008-05-14 7.38.53
ComboFix-quarantined-files.txt 2008-05-14 05:38:49

14 Directory 62,915,584,000 byte disponibili
16 Directory 62,919,958,528 byte disponibili

220 --- E O F --- 2008-05-11 18:07:51

Torna in alto

frankie09

Inviato: Sunday, May 18, 2008 11:13:32 AM

Rank: Member

Iscritto dal : 2/6/2007
Posts: 12

R16
HAI VISTO IL LOG DI COMBOFIX CHE TI HO POSTATO?
TI SEMBRA TUTTO OK?
CHE DICE?

GRAZIE - CIAO

Torna in alto

r16

Inviato: Sunday, May 18, 2008 11:29:36 AM

Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016

Ciao frankie09 .
Non cerco scuse,mi è sfuggito,ti chiedo scusa.
Combofix ti ha eliminato un Malware (C:\WINDOWS\system32\drivers\fad.sys).
Per il resto mi sembra tutto a posto.
Come và il pc?
Non ho visto il log di Norman.(fallo girare in Modalita Provvisoria.)
Altra cosa:aggiorna HijackThis ma non metterlo nel Desktop o sulla cartella Temp come è messo adesso. Ti dico questo, perche in caso di un'eliminizione errata,rischi di non poterla più ripristinare.
Dedicagli una cartella tutta sua in C:Programmi, o Documenti. Poi non lanciarlo mai dal Desktop (non creare un collegamento)ma lancialo da dove lo hai scaricato .(appunto da Programmi o Documenti.)
http://www.aiutaamici.com/software?ID=11175

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Torna in alto

Utenti presenti in questo topic

Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » hIJACK log check - ho ancora cose strane

Salta al Forum

Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Invia topic via Email

RSS Feed

Watch this topic

Stampa topic

Normale

Threaded