Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

log NoVirusThanks Anti-Rootkit

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Rispondi al messaggio

log NoVirusThanks Anti-Rootkit

Messaggioda monte83 » mer feb 16, 2011 11:43 am

Ciao,
qualcuno potrebbe analizzare il mio log con l'Antirootkit in titolo per verificare se ho qualcosa di anomalo?

Grazie in anticipo
Fabio

==========================================================================================================================
NoVirusThanks Anti-Rootkit v1.2 (FREE EDITION)
Microsoft Windows Version 5.1 Build: 2600 Service Pack: 3
Detected CPUs: (2)
Scanning Commenced... 16/02/2011 11.40.19
==========================================================================================================================
>>>SSDT<<<
==========================================================================================================================

#41 NtCreateKey
Real Address: 0x8057791D
Hook Address: 0xF8BD78CE [<empty>]

#53 NtCreateThread
Real Address: 0x80586C45
Hook Address: 0xF8BD78C4 [<empty>]

#63 NtDeleteKey
Real Address: 0x80593334
Hook Address: 0xF8BD78D3 [<empty>]

#65 NtDeleteValueKey
Real Address: 0x80591F8B
Hook Address: 0xF8BD78DD [<empty>]

#98 NtLoadKey
Real Address: 0x805CE7E5
Hook Address: 0xF8BD78E2 [<empty>]

#122 NtOpenProcess
Real Address: 0x80581702
Hook Address: 0xF8BD78B0 [<empty>]

#128 NtOpenThread
Real Address: 0x805E1939
Hook Address: 0xF8BD78B5 [<empty>]

#193 NtReplaceKey
Real Address: 0x806564D8
Hook Address: 0xF8BD78EC [<empty>]

#204 NtRestoreKey
Real Address: 0x8065606D
Hook Address: 0xF8BD78E7 [<empty>]

#247 NtSetValueKey
Real Address: 0x8058228C
Hook Address: 0xF8BD78D8 [<empty>]

#257 NtTerminateProcess
Real Address: 0x8058E695
Hook Address: 0xF8BD78BF [<empty>]

==========================================================================================================================
>>>Shadow SDT<<<
==========================================================================================================================

==========================================================================================================================
>>>Kernel Notify Routines<<<
==========================================================================================================================

CreateProcess: Address 0xEFB87CA4 [C:\WINDOWS\system32\DRIVERS\InCDFs.sys]
Hidden Loaded Driver: False

CreateProcess: Address 0xEF91F836 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False

LoadImage: Address 0xEF91F6E8 [C:\WINDOWS\system32\DRIVERS\avipbb.sys]
Hidden Loaded Driver: False

==========================================================================================================================
>>>Processes<<<
==========================================================================================================================

0x823C8A00 [4]SYSTEM
Suspicious: False
Hidden: False

0x81FA57E8 [652]C:\WINDOWS\system32\csrss.exe
Suspicious: False
Hidden: False

0x822BDA80 [2040]C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
Suspicious: False
Hidden: False

0x82246840 [580]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x82257030 [184]C:\WINDOWS\system32\ctfmon.exe
Suspicious: False
Hidden: False

0x81E252C8 [144]C:\Programmi\D-Link\DWA-140 revB\AirNCFG.exe
Suspicious: False
Hidden: False

0x81E2C3D0 [2032]C:\Programmi\Sagem Photo Easy\AzAgent.exe
Suspicious: False
Hidden: False

0x820F45F0 [1988]C:\WINDOWS\SOUNDMAN.EXE
Suspicious: True
Hidden: False

0x82015AD8 [196]C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
Suspicious: False
Hidden: False

0x81EAC7E8 [720]C:\WINDOWS\system32\services.exe
Suspicious: False
Hidden: False

0x81EF22C8 [1496]C:\WINDOWS\system32\spoolsv.exe
Suspicious: False
Hidden: False

0x81E9B980 [1176]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x81E383D0 [2012]C:\Programmi\Avira\AntiVir Desktop\avgnt.exe
Suspicious: False
Hidden: False

0x822B2C10 [1088]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x8205F030 [2004]C:\WINDOWS\system32\hkcmd.exe
Suspicious: True
Hidden: False

0x81F95980 [676]C:\WINDOWS\system32\winlogon.exe
Suspicious: False
Hidden: False

0x81E5FA78 [1608]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x81E80A78 [496]C:\WINDOWS\system32\ANIWConnService.exe
Suspicious: True
Hidden: False

0x81E29468 [508]C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
Suspicious: False
Hidden: False

0x81D21030 [520]C:\Programmi\Avira\AntiVir Desktop\avguard.exe
Suspicious: False
Hidden: False

0x81FA53C0 [600]C:\WINDOWS\system32\smss.exe
Suspicious: False
Hidden: False

0x822B7C10 [732]C:\WINDOWS\system32\lsass.exe
Suspicious: False
Hidden: False

0x81EF0DA0 [696]C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
Suspicious: False
Hidden: False

0x81E917E8 [992]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x8202F7E8 [924]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x822B06F0 [1128]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x81EE3718 [1116]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x8201EAE8 [1892]C:\WINDOWS\explorer.exe
Suspicious: False
Hidden: False

0x81E63DA0 [1252]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x81EC9228 [1284]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x822C0AB8 [1544]C:\Programmi\Avira\AntiVir Desktop\sched.exe
Suspicious: False
Hidden: False

0x820744D0 [1640]C:\WINDOWS\system32\svchost.exe
Suspicious: False
Hidden: False

0x81EBCCB0 [1996]C:\WINDOWS\system32\igfxtray.exe
Suspicious: True
Hidden: False

0x822C17E8 [2024]C:\Programmi\HP\HP Software Update\hpwuSchd2.exe
Suspicious: False
Hidden: False

0x81F92658 [2280]C:\WINDOWS\system32\wbem\wmiprvse.exe
Suspicious: False
Hidden: False

0x81EFEC10 [2564]C:\WINDOWS\system32\alg.exe
Suspicious: False
Hidden: False

0x81E7E800 [2936]C:\Programmi\HP\Digital Imaging\bin\hpqste08.exe
Suspicious: False
Hidden: False

0x822A1030 [3076]C:\WINDOWS\system32\wuauclt.exe
Suspicious: False
Hidden: False

0x82121030 [3208]C:\Programmi\NoVirusThanks\Anti-Rootkit (Free Edition)\NVTArk.exe
Suspicious: False
Hidden: False

==========================================================================================================================
>>>SYSENTER<<<
==========================================================================================================================

CPU #0 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False

CPU #1 Hook Address: 0x804DD89F[C:\WINDOWS\system32\ntoskrnl.exe]
Hooked: False

==========================================================================================================================
>>>Drivers<<<
==========================================================================================================================

==========================================================================================================================
>>>IDT<<<
==========================================================================================================================

==========================================================================================================================
>>>Windows Message Hooks<<<
==========================================================================================================================

Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 2016
Hook Module: mfc90u.dll

Process: [2032]AzAgent.exe
Type: WH_CBT
Address: 0x0041E909
TID: 2036
Hook Module: AzAgent.exe

Process: [2032]AzAgent.exe
Type: WH_MSGFILTER
Address: 0x0042203F
TID: 2036
Hook Module: AzAgent.exe

Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 204
Hook Module: msctf.dll

Process: [184]ctfmon.exe
Type: WH_SHELL
Address: 0x746C12B6
TID: 164
Hook Module: msctf.dll

Process: [184]ctfmon.exe
Type: WH_GETMESSAGE
Address: 0x746C1351
TID: 164
Hook Module: msctf.dll

Process: [184]ctfmon.exe
Type: WH_CBT
Address: 0x746C0E2E
TID: 164
Hook Module: msctf.dll

Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 2016
Hook Module: mfc90u.dll

Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2016
Hook Module: msctf.dll

Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2016
Hook Module: msctf.dll

Process: [2012]avgnt.exe
Type: WH_CBT
Address: 0x78A3E6BB
TID: 332
Hook Module: mfc90u.dll

Process: [2032]AzAgent.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2036
Hook Module: msctf.dll

Process: [2032]AzAgent.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2036
Hook Module: msctf.dll

Process: [144]AirNCFG.exe
Type: WH_MSGFILTER
Address: 0x00478487
TID: 168
Hook Module: AirNCFG.exe

Process: [144]AirNCFG.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 168
Hook Module: msctf.dll

Process: [144]AirNCFG.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 168
Hook Module: msctf.dll

Process: [2004]hkcmd.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2008
Hook Module: msctf.dll

Process: [2004]hkcmd.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2008
Hook Module: msctf.dll

Process: [1996]igfxtray.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2000
Hook Module: msctf.dll

Process: [1996]igfxtray.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2000
Hook Module: msctf.dll

Process: [144]AirNCFG.exe
Type: WH_CBT
Address: 0x004746A6
TID: 168
Hook Module: AirNCFG.exe

Process: [184]ctfmon.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 164
Hook Module: msctf.dll

Process: [184]ctfmon.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 164
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1948
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1948
Hook Module: msctf.dll

Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 204
Hook Module: msctf.dll

Process: [2012]avgnt.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 332
Hook Module: msctf.dll

Process: [2012]avgnt.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 332
Hook Module: msctf.dll

Process: [508]ANIWZCSdS.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 1040
Hook Module: mfc42.dll

Process: [2012]avgnt.exe
Type: WH_MSGFILTER
Address: 0x78A7EBF9
TID: 344
Hook Module: mfc90u.dll

Process: [2040]WZCSLDR2.exe
Type: WH_CBT
Address: 0x73D44EAA
TID: 384
Hook Module: mfc42.dll

Process: [2040]WZCSLDR2.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 384
Hook Module: msctf.dll

Process: [2040]WZCSLDR2.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 384
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1212
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1212
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1896
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1208
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 1208
Hook Module: msctf.dll

Process: [2936]hpqste08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 2940
Hook Module: msctf.dll

Process: [2936]hpqste08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 2940
Hook Module: msctf.dll

Process: [1892]explorer.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 1896
Hook Module: msctf.dll

Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3008
Hook Module: msctf.dll

Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3004
Hook Module: msctf.dll

Process: [196]hpqtra08.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3004
Hook Module: msctf.dll

Process: [196]hpqtra08.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3008
Hook Module: msctf.dll

Process: [3208]NVTArk.exe
Type: WH_KEYBOARD
Address: 0x746C07C3
TID: 3212
Hook Module: msctf.dll

Process: [3208]NVTArk.exe
Type: WH_MOUSE
Address: 0x746C04CD
TID: 3212
Hook Module: msctf.dll

==========================================================================================================================
>>>BHOs<<<
==========================================================================================================================

Key Name: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Module: C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe PDF Helper for Internet Explorer)

Key Name: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Module: C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (WindowsLiveLogin.dll)

Key Name: {AE7CD045-E861-484f-8273-0445EE161910}
Module: C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe PDF Toolbar for Internet Explorer)

==========================================================================================================================
>>>AppInit_DLLs<<<
==========================================================================================================================

==========================================================================================================================
>>>IRP Hooks<<<
==========================================================================================================================

==========================================================================================================================
>>>Ring0 Export Hooks<<<
==========================================================================================================================

==========================================================================================================================
>>>Ring3 Export Hooks<<<
==========================================================================================================================


==========================================================================================================================
>>>Locked System Files<<<
==========================================================================================================================

==========================================================================================================================
>>>Locked Generic Files<<<
==========================================================================================================================

==========================================================================================================================
>>>Master Boot Record (MBR)<<<
==========================================================================================================================

Master Boot Record (MBR) appears to be Ok...

==========================================================================================================================
Scan Complete... 16/02/2011 11.41.26
==========================================================================================================================
Avatar utente
monte83
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: gio mag 24, 2007 11:51 am
Top

Re: log NoVirusThanks Anti-Rootkit

Messaggioda Uomo_Senza_Sonno » mer feb 16, 2011 1:19 pm

Nel log non si vede nulla di anomalo, anche il controllo dell'mbr, che è il punto più importante, è ok. Noti problemi con il tuo pc?
Grazie per tutto Zane

conosciamo l'1% delle leggi che governano l'universo, le altre non le abbiamo ancora comprese a fondo o addirittura nemmeno intuite
Avatar utente
Uomo_Senza_Sonno
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3255
Iscritto il: gio feb 07, 2008 9:00 am
Località: http://turbolab.it
Top

Re: log NoVirusThanks Anti-Rootkit

Messaggioda monte83 » mer feb 16, 2011 1:59 pm

al momento non noto niente di particolare, solo che nel giro di due settimane il pc ha preso due virus, quindi pensavo che fossero collegati e ci fosse ancora qualcosa. A dire il vero non so nemmeno come siano riusciti ad entrare, dato che il PC non è il mio.
Quindi mi sono chiesto se dipende da una cattiva navigazione dell'amico oppure se effettivamente non ero riuscito a togliere completamente il virus la prima volta.
Dato che anche tu non noti nulla di strano, penso che la cosa non dipenda dal primo virus, ma solo aver avuto la sfortuna di aversi preso due virus nel giro di poco.

Grazie mille
Avatar utente
monte83
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: gio mag 24, 2007 11:51 am
Top
Rispondi al messaggio

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising