Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » Computer & Internet » Problemi Informatici » mi controllate il log di hijack e mi dite cosa eliminare?

2 pages: 1 [2]
mi controllate il log di hijack e mi dite cosa eliminare? Opzioni
Topic Precedente · Topic Sucessivo
r16
Inviato: Sunday, September 07, 2008 5:06:08 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
Che tu non riesca a fare la scansione con Combofix,mi stà sul gozzo...Anxious (vuoi vedere che è colpa del Nod32 poco originale?)
Prova a rinominarlo (sempre in fase di installazione) cosi: COMBO-FIX.EXE (copia e incollalo)
Ti vorrei far notare, che aver software craccati,nel pc, è un reato. E quel "tecnico", potrebbe ritrovarsi a pelare patate da qualche parte.
Per l'antivirus, segui il consiglio del buon Monsee .
E' la migliore soluzione.
Torna in alto
 
marcy85
Inviato: Monday, September 08, 2008 7:00:26 PM
Rank: Newbie

Iscritto dal : 9/6/2008
Posts: 8
r 16 questo è il log di combofix
ComboFix 08-09-05.09 - user 2008-09-08 18.54.43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.665 [GMT 2:00]
Eseguito da: C:\Documents and Settings\user\Documenti\Download\ComboFix.exe
* Creato nuovo punto di ripristino
* Resident AV is active


ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-08-08 al 2008-09-08 )))))))))))))))))))))))))))))))))))
.

2008-09-07 02:37 . 2008-09-07 02:37 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-09-07 02:37 . 2008-09-07 02:37 <DIR> d-------- C:\Documents and Settings\user\Dati applicazioni\Malwarebytes
2008-09-07 02:37 . 2008-09-07 02:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-09-07 02:37 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 02:37 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-06 16:39 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-06 16:20 . 2008-09-06 16:20 114,688 --a------ C:\WINDOWS\~DFD4B8.tmp
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Administrator\Menu Avvio
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Administrator\Impostazioni locali
2008-09-06 16:19 . 2008-09-06 16:19 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-06 13:57 . 2008-09-06 13:57 <DIR> d-------- C:\Programmi\Trend Micro
2008-09-06 12:40 . 2008-09-06 13:08 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-08 16:54 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Skype
2008-09-08 14:53 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\skypePM
2008-09-08 14:44 --------- d-----w C:\Programmi\eMule
2008-09-07 15:04 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-09-06 11:08 --------- d-----w C:\Programmi\Google
2008-09-06 10:38 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-09-06 09:38 --------- d-----w C:\Programmi\Windows Media Connect 2
2008-08-07 17:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\PC Tools
2008-08-05 12:42 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\LimeWire
2008-07-29 14:34 --------- d-----w C:\Programmi\Windows Desktop Search
2008-07-29 09:46 --------- d-----w C:\Programmi\Java
2008-07-29 09:34 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-07-28 18:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-07-28 18:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-07-27 12:44 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-07-27 12:38 --------- d-----w C:\Programmi\Windows Live
2008-07-27 10:52 --------- d-----w C:\Programmi\MSECACHE
2008-07-25 11:27 --------- d-----w C:\Programmi\Winamp
2008-07-25 10:00 --------- d-----w C:\Documents and Settings\user\Dati applicazioni\Winamp
2008-07-25 09:43 --------- d-----w C:\Programmi\VideoLAN
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-30 21:13 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2008-06-30 21:07 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-10 18:39 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-06-30 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-11-16 949376]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 8491008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Exif Launcher S.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Exif Launcher S.lnk
backup=C:\WINDOWS\pss\Exif Launcher S.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 04:14 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a--c--- 2007-10-04 18:14 8491008 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a--c--- 2007-10-04 18:14 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a--c--- 2007-11-16 12:53 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a--c--- 2007-10-04 18:14 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a--c--- 2007-11-16 12:53 16384000 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a--c--- 2007-11-16 12:53 1826816 C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Alice Messenger\\alicemessenger.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule TCP
"4672:UDP"= 4672:UDP:eMule UDP

R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-05-14 508288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff3a1ca-9b55-11dc-9568-001921266060}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

Notify-WgaLogon - (no file)
MSConfigStartUp-MSMSGS - C:\Programmi\Messenger\msmsgs.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
O8 -: &Windows Live Search - C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: Aggiungi all'elenco di stampa Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 -: Anteprima Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 -: E&sporta in Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Stampa ad alta velocità Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 -: Stampa Easy-WebPrint - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O17 -: HKLM\CCS\Interface\{8E9BA84E-B3EB-406D-80A3-42A5B7802ACE}: NameServer = 85.37.17.39 85.38.28.71

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-08 18:55:55
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-09-08 18:56:41
ComboFix-quarantined-files.txt 2008-09-08 16:56:34

Pre-Run: 4,283,723,776 byte disponibili
Post-Run: 4,323,475,456 byte disponibili

160 --- E O F --- 2008-09-08 11:17:21



Attendo tue notizie
Torna in alto
 
r16
Inviato: Monday, September 08, 2008 9:13:13 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,017
E sono notizie buone marcy85.
Combofix (alla fine ce l'hai fatta a fare questa benedetta scansione,mi seccava non farla ) dice che il pc è pulito.
Se hai domande, o qualche problema, sono qui.
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: 1 [2]

Aiutamici Forum » Computer & Internet » Problemi Informatici » mi controllate il log di hijack e mi dite cosa eliminare?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.