Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Mi controllate il log di hijackthis?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Mi controllate il log di hijackthis?

Messaggioda torch » mar gen 04, 2011 4:12 pm

Salve a tutti.

Da un paio di giorni, se provo ad aprire firefox, ogni tot minuti mi sia apre un nuovo tab con aperta sempre la stessa pagina (l'indirizzo al momento non lo ricordo, ma è una cosa del tipo mp3zound.com..)

Ecco il log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:53, on 04/01/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
E:\Scanner\abbyy\NetworkLicenseServer.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\hasplms.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\cebas\ip-clamp\ipclamp.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
C:\WINDOWS\system32\MNSFramework.exe
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Manutenzione\PerfectDisk\PDAgent.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Programmi\Dell\QuickSet\Quickset.exe
C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Logitech\SetPointP\SetPoint.exe
E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\Programmi\File comuni\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer.exe
C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe
C:\Programmi\I8kfanGUI\I8kfanGUI.exe
C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\WINDOWS\system32\ctfmon.exe
E:\Internet\freepops\freepopsd.exe
E:\Internet\Firefox\firefox.exe
E:\Internet\Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
E:\Sicurezza\Hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - E:\Architettura\DIALux\DLXShellExtension.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Sistema\Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Programmi\IDM\QUICKfind\PlugIns\IEHelp.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Programmi\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [EvtMgr6] C:\Programmi\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Internet Security] "E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Programmi\File comuni\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MobileBroadband] C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe /silent
O4 - HKCU\..\Run: [i8kfangui] C:\Programmi\I8kfanGUI\I8kfanGUI.exe /startup
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: setup_9.0.0.722_17.11.2010_22-14.lnk = C:\Documents and Settings\TRH\Desktop\Virus Removal Tool\setup_9.0.0.722_17.11.2010_22-14\startup.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Widget Contatori.lnk = C:\Programmi\Widget Contatori\Widget Contatori.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: setup_9.0.0.722_17.11.2010_22-14.lnk = C:\Documents and Settings\TRH\Desktop\Virus Removal Tool\setup_9.0.0.722_17.11.2010_22-14\startup.exe (User 'Default user')
O4 - .DEFAULT Startup: Widget Contatori.lnk = C:\Programmi\Widget Contatori\Widget Contatori.exe (User 'Default user')
O4 - .DEFAULT Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe (User 'Default user')
O4 - Startup: setup_9.0.0.722_17.11.2010_22-14.lnk = C:\Documents and Settings\TRH\Desktop\Virus Removal Tool\setup_9.0.0.722_17.11.2010_22-14\startup.exe
O4 - Startup: Widget Contatori.lnk = C:\Programmi\Widget Contatori\Widget Contatori.exe
O4 - Startup: Widget vodafone.lnk = C:\Programmi\Widget vodafone.it\Widget vodafone.it.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download with - C:\Programmi\Xilisoft\Download YouTube Video\upod_link.HTM
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Sistema\Office\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Sistema\Office\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DC5B5F88-336E-45FF-B8D7-5B150CF97E36}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Sistema\Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 3d-io License Server v2.0 - 3d-io GmbH - C:\Programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe
O23 - Service: ABBYY FineReader 9.0 - Servizio Gestione licenze (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - E:\Scanner\abbyy\NetworkLicenseServer.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ArcGIS License Manager - Acresso Software Inc. - C:\PROGRA~1\ESRI\License\arcgis9x\lmgrd.exe
O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Programmi\File comuni\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - E:\Sicurezza\Comodo\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc. (IPClampService) - Unknown owner - C:\Programmi\cebas\ip-clamp\ipclamp.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LTService 7.0.0.1 (LTService) - Optical Research Associates - C:\Programmi\File comuni\Optical Research Associates\LightTools\ltService.exe
O23 - Service: mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit (mi-raysat_3dsmax2010_32) - Unknown owner - E:\Architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe
O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - E:\Architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
O23 - Service: MNS Framework (MNSFramework) - Unknown owner - C:\WINDOWS\system32\MNSFramework.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NICCONFIGSVC - Unknown owner - C:\Programmi\Dell\QuickSet\NICCONFIGSVC.exe (file missing)
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\system32\nlssrv32.exe
O23 - Service: Provider supporto protezione LM NT (NtLmSsp) - Unknown owner - (no file)
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - C:\Programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PDAgent - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - E:\Manutenzione\PerfectDisk\PDEngine.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Sentinel Security Runtime (SentinelSecurityRuntime) - SafeNet, Inc. - C:\Programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
O23 - Service: ServiceLayer - Nokia - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Servizio Vodafone Mobile Broadband (VmbService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 15769 bytes



Grazie!
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mar gen 04, 2011 4:52 pm

A parte i programmi che non ho mai sentito nominare, ma che comunque facendo ricerche in Google risultano sicuri, il log è pulito.
Certo, si potrebbe velocizzare il sistema, ma lo faremo dopo.
Prova ad effettuare una scansione completa con Malwarebytes, dopo averlo aggiornato, e posta il log, almeno escludiamo malware in modo definitivo
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda hieinji » mar gen 04, 2011 5:08 pm

Hai controllato fra gli add-ons e i plug-in di FF? Se qualcuno di essi è sospetto fallo sparire.
AcerPower M8 - AMD Sempron 3200+ 1.8GHz @2.25GHz - AMD Radeon HD5450 - RAM DDR2 1Gb 200MHz - HDD Hitachi 80Gb - Win XP Pro 32-bit SP3
Avatar utente
hieinji
Senior Member
Senior Member
 
Messaggi: 385
Iscritto il: sab nov 27, 2010 4:55 pm


Re: Mi controllate il log di hijackthis?

Messaggioda torch » mar gen 04, 2011 5:16 pm

Salve,

grazie per i consigli. Ho lanciato una scansione completa di malwarebytes.
Ora controllo pure gli addons/plugins di firefox.

Appena finisce posto il log.
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mar gen 04, 2011 5:40 pm

Firefox non ha nulla di strano fra gli add-ons. Continuo con la scansione di malwarebytes.
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mar gen 04, 2011 5:56 pm

Per ora malwarebytes ha trovato questo:

c:\documents and settings\TRH\dati applicazioni\csrss.exe (Worm.Autorun)
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mar gen 04, 2011 5:58 pm

torch ha scritto:Per ora malwarebytes ha trovato questo:

c:\documents and settings\TRH\dati applicazioni\csrss.exe (Worm.Autorun)

Bene, quindi sicuramente hai qualcosa, vai avanti e posta il log quando ha finito
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 9:37 am

Salve,

dopo più di 3 ore di scansione, malwarebytes ha trovato solo il file infetto che vi ho riportato prima.
Ho fatto la pulizia del file, riavviato i lpc, rilanciato malwarebytes (altre 3 ore di scansione) ed ora non viene più rilevato alcun file infetto.

I tab che si aprivano automaticamente su firefox sono scomparsi.

Consigli su come prodecedere ora?

Grazie
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda frash » mer gen 05, 2011 10:42 am

fanne anche una con EmsisoftEmergencyKit (è portable)
Avatar utente
frash
Aficionado
Aficionado
 
Messaggi: 72
Iscritto il: lun set 20, 2010 5:07 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mer gen 05, 2011 11:12 am

frash ha scritto:fanne anche una con EmsisoftEmergencyKit (è portable)

Beh, aspettiamo di vedere il log di Malwarebytes, poi decidiamo cosa usare, almeno non creiamo confusione [;)]
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 11:23 am

Ho malauguratamente cancellato il log :-(

Comunque riportava:

_____________________
Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1


Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\documents and settings\TRH\dati applicazioni\csrss.exe (Worm.Autorun)
Rimozione avvenuta con successo
________

O comunque qualcosa di molto simile.

Una sola voce "infetta", nel solo gruppo "file infetti"
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mer gen 05, 2011 11:30 am

Ok, quindi qualcosa hai, ma dubito che sia solo quello. Passiamo a Combofix, allora. Scaricalo, salvalo sul desktop col nome di pippo.exe, avvialo, non installare la console di emergenza, fagli fare la scansione, e quando ha finito, posta il log col tag MEMO qui sul forum.
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 11:38 am

Ok. eseguo il tutto e poi posto. Grazie
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 1:58 pm

Ecco il log di Combofix

ComboFix 11-01-04.04 - TRH 05/01/2011 12:49:14.13.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.3326.2443 [GMT 1:00]
Eseguito da: c:\documents and settings\TRH\Desktop\pippo.exe
AV: AntiVir Desktop *Disabled/Outdated* {003F0060-0000-0000-88F9-130000000000}
AV: AntiVir Desktop *Disabled/Updated* {00000000-0000-0100-B4F2-120000000043}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023C00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *Enabled/Updated* {00000040-0000-0000-0000-0000E8013D00}
AV: AntiVir Desktop *Enabled/Updated* {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: AntiVir Desktop *Enabled/Updated* {0012EF40-0002-0000-8843-927C00F0FF7F}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {006E0069-0053-0078-5300-5C0000004100}
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
ADS - WINDOWS: deleted 0 bytes in 2 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\TRH\Preferiti\Thumbs.db
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Creati Da 2010-12-05 al 2011-01-05 )))))))))))))))))))))))))))))))))))
.

2011-01-04 15:41 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-04 15:41 . 2011-01-04 16:58 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2011-01-04 15:41 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-04 15:09 . 2011-01-04 15:09 388096 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\AnvSoft
2010-12-30 18:09 . 2010-12-30 18:09 -------- d-----w- c:\programmi\AnvSoft
2010-12-30 15:23 . 2010-12-30 15:23 -------- d-----w- c:\programmi\PDF Password Remover v2.5
2010-12-30 15:20 . 2010-12-30 15:22 -------- d-----w- c:\programmi\Password Unlocker Bundle
2010-12-29 22:36 . 2010-12-29 22:40 -------- d-----w- c:\programmi\Total Video Converter
2010-12-26 10:55 . 2010-12-26 10:55 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\COMODO
2010-12-21 20:18 . 2010-12-21 20:18 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\it.vodafone.counterswidget.75C5D0AC8E830B80BD4FBC0B32A23F0123E8C097.1
2010-12-21 19:58 . 2010-12-21 19:58 -------- d-----w- c:\programmi\uTorrent
2010-12-21 17:14 . 2010-12-21 17:14 -------- d-----w- c:\programmi\Widget Contatori
2010-12-21 16:48 . 2010-12-21 16:48 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\FLEXnet
2010-12-21 16:36 . 2010-12-21 16:36 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Vodafone
2010-12-21 16:35 . 2010-12-21 16:35 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Vodafone
2010-12-21 16:35 . 2010-12-21 16:35 -------- d-----w- c:\programmi\Vodafone
2010-12-21 16:35 . 2010-12-21 16:35 -------- d-----w- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\{9D64DBC2-83C5-4CE0-B1AF-E18E0536C633}
2010-12-20 13:30 . 2010-12-20 13:30 -------- d-----w- c:\programmi\Next Limit
2010-12-19 13:47 . 2010-12-19 13:48 -------- d-----w- c:\documents and settings\NetworkService\Dati applicazioni\onOne Software
2010-12-19 13:47 . 2010-12-19 13:47 -------- d-----w- c:\documents and settings\LocalService\Dati applicazioni\onOne Software
2010-12-19 13:46 . 2010-12-19 13:47 -------- d-----w- c:\documents and settings\Default User\Dati applicazioni\onOne Software
2010-12-19 13:41 . 2010-12-19 13:41 -------- d-----w- c:\documents and settings\Administrator\Dati applicazioni\onOne Software
2010-12-19 13:39 . 2010-12-07 09:48 227840 ----a-w- c:\windows\system32\Deco_32.dll
2010-12-19 13:33 . 2010-12-19 13:58 -------- d-----w- c:\programmi\onOne Software
2010-12-15 17:41 . 2009-10-21 08:00 356352 ----a-w- c:\windows\system32\WibuXpm4J32.dll
2010-12-15 17:41 . 2009-09-08 11:46 54336 ----a-w- c:\windows\system\WkWin.dll
2010-12-15 13:08 . 2010-12-15 13:08 -------- d-----w- c:\programmi\Moleskinsoft Clone Remover 3.8
2010-12-15 12:15 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 12:14 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 10:27 . 2008-10-05 04:16 3789728 ----a-w- c:\windows\system32\Flash10a.ocx
2010-12-13 10:27 . 2010-12-13 10:27 -------- d-----w- c:\programmi\Drawing4Kids
2010-12-13 10:23 . 2010-12-13 10:24 -------- d-----w- c:\programmi\Drawing for Children
2010-12-10 12:27 . 2010-12-15 13:19 -------- d-----w- c:\programmi\FLAC
2010-12-06 12:56 . 2010-12-06 12:56 -------- d-----w- c:\documents and settings\TRH\Dati applicazioni\Quest3D
2010-12-06 12:53 . 2010-12-06 12:53 -------- d-----w- c:\programmi\SafeNet Sentinel
2010-12-06 12:53 . 2010-12-06 12:53 -------- d-----w- c:\programmi\File comuni\SafeNet Sentinel

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-07 09:51 . 2010-10-04 12:13 66560 ----a-w- c:\windows\system32\nlssrv32.exe
2010-11-21 18:16 . 2010-11-21 18:16 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-21 18:16 . 2010-05-17 12:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-21 17:51 . 2010-06-20 14:06 304096 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1040\ResourceCache.dll
2010-11-21 17:51 . 2010-06-20 14:06 302848 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Microsoft\VSTAHost\Architecture2011\9.0\1033\ResourceCache.dll
2010-11-18 18:12 . 2008-12-11 10:56 86016 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 12:57 . 2010-11-12 20:22 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-11-17 12:28 . 2010-11-11 20:42 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-11-17 12:00 . 2010-11-01 13:04 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-11-14 20:47 . 2010-11-14 20:43 53248 ----a-w- c:\windows\system32\drivers\rk_remover.sys
2010-11-06 00:21 . 2006-03-04 03:34 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:21 . 2004-08-19 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-04 17:29 . 2009-01-14 20:46 57344 ----a-r- c:\documents and settings\TRH\Dati applicazioni\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-11-03 12:26 . 2004-08-19 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-19 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-19 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 14:05 . 2004-08-19 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-16 21:52 . 2010-08-10 08:41 3072 ----a-w- c:\windows\system32\Viveza2FC32.dll
2009-11-19 19:08 . 2009-11-19 19:08 3749224 ----a-w- c:\programmi\File comuni\adlmint_libFNP.dll
2009-11-19 19:08 . 2009-11-19 19:08 2941288 ----a-w- c:\programmi\File comuni\adlmint.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"i8kfangui"="c:\programmi\I8kfanGUI\I8kfanGUI.exe" [2007-02-16 856064]
"Gadwin PrintScreen Pro"="c:\programmi\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe" [2009-02-28 516096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programmi\File comuni\Nokia\MPlatform\NokiaMServer" [X]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"Dell QuickSet"="c:\programmi\Dell\QuickSet\Quickset.exe" [2006-08-03 1032192]
"LVCOMS"="c:\programmi\File comuni\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"EvtMgr6"="c:\programmi\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-02-13 7700480]
"COMODO Internet Security"="e:\sicurezza\Comodo\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-21 47904]
"MobileBroadband"="c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\MobileBroadband.exe" [2010-09-08 272384]
"Malwarebytes' Anti-Malware"="c:\programmi\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\TRH\Menu Avvio\Programmi\Esecuzione automatica\
setup_9.0.0.722_17.11.2010_22-14.lnk - c:\documents and settings\TRH\Desktop\Virus Removal Tool\setup_9.0.0.722_17.11.2010_22-14\startup.exe [N/A]
Widget Contatori.lnk - c:\programmi\Widget Contatori\Widget Contatori.exe [2010-12-21 142336]
Widget vodafone.lnk - c:\programmi\Widget vodafone.it\Widget vodafone.it.exe [2010-4-18 95232]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Logitech SetPoint.lnk - c:\programmi\Logitech\SetPoint\SetPoint.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\programmi\File comuni\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^TRH^Menu Avvio^Programmi^Esecuzione automatica^Widget vodafone.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- e:\sistema\Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- e:\audio\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- e:\players\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- e:\players\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- e:\internet\Skype\Phone\Skype.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\\Sistema\\Office\\Office12\\OUTLOOK.EXE"=
"e:\\Sistema\\Office\\Office12\\GROOVE.EXE"=
"e:\\Sistema\\Office\\Office12\\ONENOTE.EXE"=
"e:\\Internet\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Mirc\\mirc.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Internet\\eMule\\emule.exe"=
"e:\\Internet\\Firefox\\firefox.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\3dsMax2010\\3dsmax.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"d:\\3dsMax2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"e:\\Architettura\\3dMax2010Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"e:\\Architettura\\3dMax2010Design\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"e:\\Internet\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\Architettura\\3dMax2011\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\3dMax2011\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\3dsmax.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32.exe"=
"e:\\Architettura\\3dMax2011Design\\mentalimages\\satellite\\raysat_3dsmax2011_32server.exe"=
"e:\\Architettura\\Backburner\\monitor.exe"=
"e:\\Architettura\\Backburner\\manager.exe"=
"e:\\Architettura\\Backburner\\server.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"e:\\Audio\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Spotify\\spotify.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"e:\\Architettura\\Artlantis Studio 3\\ArtlantisStudio.exe"=
"c:\\Programmi\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Programmi\\File comuni\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Programmi\\Next Limit\\Maxwell 2\\maxwell.exe"=
"c:\\Programmi\\Next Limit\\Maxwell 2\\mxnetwork.exe"=
"e:\\Architettura\\SketchUp8PRO\\SketchUp.exe"=
"c:\\Programmi\\uTorrent\\uTorrent.exe"=
"e:\\Internet\\Skype\\Phone\\Skype.exe"=
"c:\\Programmi\\Google\\Google Earth\\plugin\\geplugin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
"3140:TCP"= 3140:TCP:IP-Clamp Licensing Service
"5985:TCP"= 5985:TCP:*:Disabled:Gestione remota Windows

R0 10145712;10145712 Boot Guard Driver;c:\windows\system32\drivers\10145712.sys [12/11/2010 13:08 37392]
R0 42142092;42142092 Boot Guard Driver;c:\windows\system32\drivers\42142092.sys [12/11/2010 10:40 37392]
R0 58084562;58084562 Boot Guard Driver;c:\windows\system32\drivers\58084562.sys [17/11/2010 21:34 37392]
R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [27/10/2010 10:24 40560]
R1 42142091;42142091;c:\windows\system32\drivers\42142091.sys [12/11/2010 10:40 128016]
R1 58084561;58084561;c:\windows\system32\drivers\58084561.sys [17/11/2010 21:34 128016]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/09/2010 23:40 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]
R1 fanio;FanIO driver;c:\windows\system32\drivers\fanio.sys [16/06/2009 23:57 14464]
R1 setup_9.0.0.722_12.11.2010_10-13drv;setup_9.0.0.722_12.11.2010_10-13drv;c:\windows\system32\drivers\1014571.sys [12/11/2010 13:08 315408]
R2 3d-io License Server v2.0;3d-io License Server v2.0;c:\programmi\3d-io plugins\licensing_v2\ActiveLockServerV2.exe [28/01/2009 17:49 45056]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 - Servizio Gestione licenze;e:\scanner\abbyy\NetworkLicenseServer.exe -service --> e:\scanner\abbyy\NetworkLicenseServer.exe -service [?]
R2 ArcGIS License Manager;ArcGIS License Manager;c:\progra~1\ESRI\License\arcgis9x\lmgrd.exe [04/02/2010 18:06 1431440]
R2 ArchVision Content Manager Service;ArchVision Content Manager Service;c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path "c:\programmi\ArchVision\ArchVision Content Manager" --> c:\programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe --service --path c:\programmi\ArchVision\ArchVision Content Manager [?]
R2 CAMTHWDM;CAMTHWDM;c:\windows\system32\drivers\CAMTHWDM.sys [06/10/2007 09:38 941784]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [01/11/2010 14:04 10448]
R2 LTService;LTService 7.0.0.1;c:\programmi\File comuni\Optical Research Associates\LightTools\ltService.exe [08/02/2010 13:55 761856]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [04/01/2011 16:41 363344]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\programmi\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11/12/2008 07:08 3575808]
R2 SentinelKeysServer;Sentinel Keys Server;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [17/09/2009 01:03 369952]
R2 SentinelSecurityRuntime;Sentinel Security Runtime;c:\programmi\File comuni\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [17/09/2009 01:00 292128]
R2 VmbService;Servizio Vodafone Mobile Broadband;c:\programmi\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe [08/09/2010 16:44 8704]
R2 WDDMService;WD SmartWare Drive Manager;c:\programmi\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [05/11/2009 08:44 110592]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\programmi\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [16/06/2009 08:58 20480]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [04/01/2011 16:41 20952]
R3 vodafone_K3805-z_dc_enum;Vodafone K3805-z DC Enumerator (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_dc_enum.sys [01/09/2010 14:33 80000]
S0 CFRMD;CFRMD;c:\windows\system32\drivers\CFRMD.sys --> c:\windows\system32\drivers\CFRMD.sys [?]
S1 10145711;10145711;c:\windows\system32\DRIVERS\10145711.sys --> c:\windows\system32\DRIVERS\10145711.sys [?]
S1 EterlogicVirtualSerialDriver;EterlogicVirtualSerialDriver;\??\c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys --> c:\docume~1\TRH\IMPOST~1\Temp\VSPE.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 cpwnt;cpwnt;c:\windows\system32\drivers\cpwnt.sys [16/01/2009 22:52 21824]
S2 gupdate;Google Update Service (gupdate);c:\programmi\Google\Update\GoogleUpdate.exe [05/10/2009 14:34 133104]
S2 IPClampService;IP-Clamp Licensing by cebas VISUAL TECHNOLOGY Inc.;c:\programmi\cebas\ip-clamp\ipclamp.exe [20/11/2007 10:52 45700]
S2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;e:\architettura\3dMax2010Design\mentalray\satellite\raysat_3dsmax2010_32server.exe [12/03/2009 17:36 86016]
S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;e:\architettura\3dMax2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [10/03/2010 01:10 86016]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [04/10/2010 13:13 66560]
S3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [29/07/2009 18:14 94720]
S3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\drivers\hpx9g2k.sys [06/01/2009 10:24 12658]
S3 hxctlflt;hxctlflt;c:\windows\system32\drivers\hxctlflt.sys [04/05/2010 13:47 99968]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys --> c:\windows\system32\DRIVERS\ivusb.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\11.tmp --> c:\windows\system32\11.tmp [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [20/08/2010 18:09 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [20/08/2010 18:09 8320]
S3 rk_remover-boot;rk_remover-boot;c:\windows\system32\drivers\rk_remover.sys [14/11/2010 21:43 53248]
S3 SwitchBoard;SwitchBoard;c:\programmi\File comuni\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 vodafone_K3805-z_cdc_acm;Vodafone K3805-z CDC-ACM driver (ZTE);c:\windows\system32\drivers\vodafone_K3805-z_cdc_acm.sys [01/09/2010 14:33 85888]
S3 vodafone_K3805-z_cdc_ecm;vodafone_K3805-z_cdc_ecm;c:\windows\system32\drivers\vodafone_K3805-z_cdc_ecm.sys [01/09/2010 14:33 50304]
S3 vodafone_K3805-z_cpo;Vodafone K3805-z Install;c:\windows\system32\drivers\vodafone_K3805-z_cpo.sys [01/09/2010 14:33 9728]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/03/2010 18:50 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [19/08/2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
S4 MSSQLServerADHelper100;Servizio SQL Server Active Directory Helper;c:\programmi\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 01:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\programmi\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contenuto della cartella 'Scheduled Tasks'

2010-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2011-01-05 c:\windows\Tasks\GlaryInitialize.job
- c:\programmi\Glary Utilities\initialize.exe [2010-11-17 09:47]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programmi\Google\Update\GoogleUpdate.exe [2009-10-05 13:34]

2011-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003Core.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1482476501-1383384898-839522115-1003UA.job
- c:\documents and settings\TRH\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-09-06 16:54]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Append Link Target to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Download with - c:\programmi\Xilisoft\Download YouTube Video\upod_link.HTM
TCP: {DC5B5F88-336E-45FF-B8D7-5B150CF97E36} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\TRH\Dati applicazioni\Mozilla\Firefox\Profiles\wyk38ngl.default\
FF - prefs.js: browser.search.selectedEngine - De Mauro - Sinonimi e contrari
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - e:\internet\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Autodesk Seek Viewer: seek3d@autodesk.com - %profile%\extensions\seek3d@autodesk.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: FireFTP button: {9BAE5926-8513-417d-8E47-774955A7C60D} - %profile%\extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
FF - Ext: Page Speed: {e3f6c2cc-d8db-498c-af6c-499fb211db97} - %profile%\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
SafeBoot-klmdb.sys
AddRemove-V-Ray for 3dsmax 2011 for x86 - c:\programmi\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\wininstaller.exe-uninstall=c:\programmi\Chaos Group\V-Ray\3dsmax 2011 for x86\uninstall\install.log



**************************************************************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\11.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\e:\players\PowerDVD\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(1176)
c:\programmi\file comuni\logishrd\bluetooth\LBTWlgn.dll

- - - - - - - > 'lsass.exe'(1364)
c:\windows\system32\guard32.dll
.
Ora fine scansione: 2011-01-05 13:43:47
ComboFix-quarantined-files.txt 2011-01-05 12:43
ComboFix2.txt 2010-11-14 11:26

Pre-Run: 803.545.088 byte disponibili
Post-Run: 782.155.776 byte disponibili

- - End Of File - - D61A440525B3DEF2D11C292DEB03F7FE


Appena avviato combofix, comodo internet security (che pensavo di aver disattivato), ha rimosso il file hidec.exe, che credo
fosse un file creato ad hoc da Combofix stesso.
Al riavvio di sistema, combofix ha rilevato, appunto, la mancanza di tale file.

Rilancio il tutto disattivando Comodo?

Grazie
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 2:01 pm

Mi sbaglio 'sta chiave "puzza" un po?

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mer gen 05, 2011 2:06 pm

Combofix sembra aver litigato con Avira... ma quante volte l'ha segnalato?!
E poi, da li deduco che hai due antivirus installati (Comodo e Avira), quindi rimuovine uno.
Prima però fai una scansione con Avira e dimmi che cosa trova, dopo averlo aggiornato.
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda torch » mer gen 05, 2011 2:18 pm

Ciao Ale,

Avira in realtà l'ho disinstallato parecchio tempo fa... non capisco a cosa si riferiscano questi errori:

--
AV: AntiVir Desktop *Disabled/Outdated* {003F0060-0000-0000-88F9-130000000000}
AV: AntiVir Desktop *Disabled/Updated* {00000000-0000-0100-B4F2-120000000043}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-0000-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000DCFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000ECFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000000-0000-0000-1200-140000FCFD7F}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-6C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000002-0002-0000-7C25-9E7C08000A00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023C00}
AV: AntiVir Desktop *Enabled/Updated* {00000010-0000-0000-0000-0000D8023D00}
AV: AntiVir Desktop *Enabled/Updated* {00000040-0000-0000-0000-0000E8013D00}
AV: AntiVir Desktop *Enabled/Updated* {0012EE84-FFFC-FFFF-0200-00004FBCC4F1}
AV: AntiVir Desktop *Enabled/Updated* {0012EF40-0002-0000-8843-927C00F0FF7F}
AV: AntiVir Desktop *Enabled/Updated* {0012F2B4-5CE9-7C92-0300-000000000000}
AV: AntiVir Desktop *Enabled/Updated* {006E0069-0053-0078-5300-5C0000004100}
--

Io ho lanciato Combofix, poi mi sono messo a fare altro e quando sono tornato ho trovato il log...
Avatar utente
torch
Senior Member
Senior Member
 
Messaggi: 343
Iscritto il: ven feb 08, 2008 9:12 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mer gen 05, 2011 2:21 pm

Ok, allora c'era solo qualche rimasuglio nel registro che ha sballato Combofix, nulla di grave.
Allora, facciamo un controllino, perché ho letto un caso simile da un altra parte e voglio essere sicuro di una cosa. Scarica questo programma, che scansiona l'MBR (Master Boot Record), avvialo e postaci il log (che dovrebbe trovarsi o nella directory dove hai posizionato il file, oppure in C:)
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: Mi controllate il log di hijackthis?

Messaggioda Berga95 » mer gen 05, 2011 2:25 pm

Ehm, salvalo in C:/, poi apri il prompt dei comandi (start -> esegui -> cmd) digita
Codice: Seleziona tutto
C:\mbr.exe

e premi invio [^]
Poi postaci il log.
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm

Re: Mi controllate il log di hijackthis?

Messaggioda Ale2695 » mer gen 05, 2011 2:26 pm

Berga95 ha scritto:Ehm, salvalo in C:/, poi apri il prompt dei comandi (start -> esegui -> cmd) digita
Codice: Seleziona tutto
C:\mbr.exe

e premi invio [^]
Poi postaci il log.

[grazie] , piccolo errore mio [fischio]
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 9 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising