Allego log Hijackthis ma chiedo altri test
Inviato: mer giu 17, 2009 8:36 pm
da Pacopas
Ciao ragazzi mia sorella mi ha portato il suo portatile, dicendo di avere qualcosa di strano.
In effetti avira era aggiornato a gennaio 2008, ho detto tutto.
Ho ripulito il sistema che aveva discreti problemi, ancora mi è rimasto da risolvere la "dissociazione" nel menù contestuale dei drive con il comando esplora...
Ma è un altro discorso.
Ho fatto un po' di pulizie varie; ma è tanto che non ho a che fare con pc infetti; di solito applico molta prevenzione e non sono aggiornato sulle tecniche nuove.
Allego il log Hijackthis ma se potete consigliarmi qualche altro test per scovare eventuali minacce.
Io di solito agisco alla vecchia maniera, cerco ciò che sembra insolito tra i processi faccio ricerche, ma credo che i virus siano moolto più aggiornati di me.
Vi ringrazio
In effetti avira era aggiornato a gennaio 2008, ho detto tutto.
Ho ripulito il sistema che aveva discreti problemi, ancora mi è rimasto da risolvere la "dissociazione" nel menù contestuale dei drive con il comando esplora...
Ma è un altro discorso.
Ho fatto un po' di pulizie varie; ma è tanto che non ho a che fare con pc infetti; di solito applico molta prevenzione e non sono aggiornato sulle tecniche nuove.
Allego il log Hijackthis ma se potete consigliarmi qualche altro test per scovare eventuali minacce.
Io di solito agisco alla vecchia maniera, cerco ciò che sembra insolito tra i processi faccio ricerche, ma credo che i virus siano moolto più aggiornati di me.
Vi ringrazio
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.30.28, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir Desktop\sched.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
D:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
D:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Avira\AntiVir Desktop\avgnt.exe
D:\Programmi\RocketDock\RocketDock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\Intel\Wireless\Bin\EvtEng.exe
D:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
D:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Programmi\MozillaFirefox\firefox.exe
d:\Windows\explorer.exe
D:\Documents and Settings\Emi\Documenti\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IAAnotif] "D:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "D:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Point&&Go - D:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6954 bytes
Scan saved at 21.30.28, on 17/06/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20733)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir Desktop\sched.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe
D:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe
D:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
D:\Programmi\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
D:\Programmi\Avira\AntiVir Desktop\avgnt.exe
D:\Programmi\RocketDock\RocketDock.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Avira\AntiVir Desktop\avguard.exe
D:\Programmi\Intel\Wireless\Bin\EvtEng.exe
D:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
D:\Programmi\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
D:\Programmi\MozillaFirefox\firefox.exe
d:\Windows\explorer.exe
D:\Documents and Settings\Emi\Documenti\Download\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Programmi\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Programmi\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IAAnotif] "D:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] D:\Programmi\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [RocketDock] "D:\Programmi\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: &Point&&Go - D:\Programmi\File comuni\Expert System\PGPlatform\PGPlatform.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - D:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - D:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - D:\Programmi\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 6954 bytes