Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

controllo Log HiJackThis

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

controllo Log HiJackThis

Messaggioda cro » sab mar 21, 2009 6:09 pm

aiuuuto! ho provato di vedere da sola, ma non sono sicura di cosa cancellare
grazie mile!

Logfile of HijackThis v1.99.1
Scan saved at 2:06:52 PM, on 3/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Protector Suite quello\psqltray.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\services.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\reader_s.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\KRO\Desktop\hackThis!\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite quello\launcher.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: psfus - C:\WINDOWS\system32\psqlpwd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HoudiniLicenseServer - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm

Re: controllo Log HiJackThis

Messaggioda Amantide » sab mar 21, 2009 6:16 pm

Si vedono varie schifezze nel log ed è inutile cercare di rimuoverli manualmente una ad una.
Scarica ComboFix , salvandolo sul desktop con un nome di fantasia, ed esegui la scansione seguendo queste istruzioni (giù in fondo). Al termine della scansione verrà creato il file di report C:\combofix.txt, copia qui il suo contenuto inserendolo tra i tag LOG, in questo modo:
Codice: Seleziona tutto
[LOG]qui va inserito il log[/LOG]
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: controllo Log HiJackThis

Messaggioda cro » sab mar 21, 2009 6:58 pm

ComboFix 09-03-19.02 - KRO 2009-03-21 14:37:08.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2766 [GMT -3:00]
Running from: c:\documents and settings\KRO\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated)
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KRO\reader_s.exe
c:\windows\services.exe
c:\windows\system32\drivers\ntndis.sys
c:\windows\system32\reader_s.exe

c:\windows\system32\userinit.exe . . . is infected!!

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-21 14:47 . 2009-03-21 14:47 0 --a------ c:\windows\system32\E.tmp
2009-03-21 14:46 . 2009-03-21 14:46 124 --a------ c:\windows\system32\7.tmp
2009-03-21 14:34 . 2009-03-21 14:34 124 --a------ c:\windows\system32\EA9.tmp
2009-03-21 14:29 . 2009-03-21 14:32 <DIR> d-------- C:\32788R22FWJFW
2009-03-21 12:31 . 2009-03-21 12:31 29,696 --a------ c:\windows\system32\11.tmp
2009-03-21 12:31 . 2009-03-21 12:31 124 --a------ c:\windows\system32\F.tmp
2009-03-21 11:49 . 2009-03-21 11:49 124 --a------ c:\windows\system32\E2.tmp
2009-03-21 11:26 . 2009-03-21 11:26 0 --a------ c:\windows\system32\CA.tmp
2009-03-21 11:25 . 2009-03-21 11:25 124 --a------ c:\windows\system32\74.tmp
2009-03-21 10:45 . 2009-03-21 10:45 28,672 --a------ c:\windows\system32\27.tmp
2009-03-21 10:45 . 2009-03-21 10:45 124 --a------ c:\windows\system32\25.tmp
2009-03-21 10:18 . 2009-03-21 07:41 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-21 07:42 . 2009-03-21 07:41 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-03-21 07:40 . 2009-03-21 07:40 <DIR> d-------- c:\program files\Lavasoft
2009-03-21 07:40 . 2009-03-21 07:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-21 07:40 . 2009-03-21 07:40 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-21 06:26 . 2009-03-21 12:22 128 --a------ c:\windows\adobe.bat
2009-03-21 06:26 . 2009-03-21 06:26 124 --a------ c:\windows\system32\34C.tmp
2009-03-21 06:26 . 2009-03-21 06:26 6 --a------ c:\windows\_id.dat
2009-03-20 14:23 . 2009-03-20 14:23 244 --ah----- C:\sqmnoopt05.sqm
2009-03-20 14:23 . 2009-03-20 14:23 232 --ah----- C:\sqmdata05.sqm
2009-03-20 14:22 . 2009-03-20 14:22 244 --ah----- C:\sqmnoopt04.sqm
2009-03-20 14:22 . 2009-03-20 14:22 232 --ah----- C:\sqmdata04.sqm
2009-03-20 14:20 . 2009-03-20 14:20 244 --ah----- C:\sqmnoopt03.sqm
2009-03-20 14:20 . 2009-03-20 14:20 232 --ah----- C:\sqmdata03.sqm
2009-03-20 14:16 . 2009-03-20 14:17 <DIR> d-------- c:\program files\FormatFactory
2009-03-20 14:16 . 2009-03-20 14:16 182,656 --a--c--- c:\windows\system32\dllcache\ndis.sys
2009-03-20 13:30 . 2009-03-20 13:30 <DIR> d-------- c:\documents and settings\KRO\Application Data\dvdcss
2009-03-20 13:30 . 2009-03-20 13:31 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-20 13:29 . 2009-03-20 13:31 <DIR> d-------- c:\documents and settings\KRO\Application Data\Any DVD Converter Professional
2009-03-20 12:33 . 2009-03-20 12:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-03-20 12:25 . 2009-03-20 12:25 <DIR> d-------- c:\temp\Snapshot
2009-03-20 12:25 . 2009-03-20 12:25 <DIR> d-------- C:\temp
2009-03-20 12:25 . 2005-08-24 15:28 119,296 --a------ c:\windows\system32\WNASPI32.DLL
2009-03-20 12:25 . 1999-09-10 12:06 25,244 --a------ c:\windows\system32\drivers\ASPI32.SYS
2009-03-20 12:25 . 1999-09-10 12:06 5,600 --a------ c:\windows\system\WINASPI.DLL
2009-03-20 12:25 . 1999-09-10 12:06 4,672 --a------ c:\windows\system\WOWPOST.EXE
2009-03-18 20:11 . 2009-03-19 21:39 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-18 20:11 . 2009-03-18 20:11 1,409 --a------ c:\windows\QTFont.for
2009-03-13 07:46 . 2009-03-17 10:08 <DIR> d-------- c:\program files\Mocolo3
2009-03-11 09:49 . 2009-03-11 09:49 614,416 --ah---t- c:\documents and settings\KRO\xOx0.dat
2009-03-06 16:06 . 2009-03-06 16:06 <DIR> d-------- c:\documents and settings\KRO\Application Data\GRETECH
2009-03-06 16:05 . 2009-03-06 16:05 <DIR> d-------- c:\program files\GRETECH
2009-03-06 15:53 . 2004-05-25 17:06 417,792 --a------ c:\windows\system32\ac3filter.ax
2009-03-06 15:53 . 2005-02-27 21:48 356,352 --a------ c:\windows\system32\RealMediaSplitter.ax
2009-03-06 15:53 . 2004-01-10 17:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax
2009-03-06 07:03 . 2009-03-06 07:03 <DIR> d-------- c:\windows\system32\drivers\umdf
2009-03-06 07:02 . 2009-01-28 19:49 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-03-06 07:02 . 2009-01-28 19:49 974,848 --a------ c:\windows\system32\mfc70.dll
2009-03-04 16:43 . 2006-05-22 11:54 186,880 --a------ c:\windows\system32\IAT_YUV.ax
2009-03-04 16:43 . 2007-05-30 18:17 59,520 --a------ c:\windows\system32\drivers\vid21394_4012.sys
2009-03-04 16:43 . 2007-05-08 17:35 5,632 --a------ c:\windows\system32\drvcoinst1.dll
2009-02-28 12:43 . 2007-10-12 15:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2009-02-27 08:40 . 2009-02-27 08:40 <DIR> d-------- c:\documents and settings\KRO\Application Data\tmp
2009-02-27 08:40 . 2009-02-27 08:40 <DIR> d-------- c:\documents and settings\KRO\Application Data\Reallusion
2009-02-21 18:45 . 2009-02-21 18:45 942,407 --a------ C:\QT-img sonidoCD112K_Stream.wmv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-21 09:11 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-20 22:09 --------- d-----w c:\program files\ESET
2009-03-20 17:17 --------- d-----w c:\program files\Common Files\AVSMedia
2009-03-20 17:17 --------- d-----w c:\program files\AVS4YOU
2009-03-20 17:16 182,656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-03-20 17:09 --------- d-----w c:\program files\eMule
2009-03-19 00:16 --------- d-----w c:\documents and settings\KRO\Application Data\Skype
2009-03-19 00:14 --------- d-----w c:\documents and settings\KRO\Application Data\skypePM
2009-03-06 10:06 --------- d-----w c:\documents and settings\KRO\Application Data\AVS4YOU
2009-03-04 19:52 --------- d-----w c:\program files\Mocolo
2009-02-28 16:32 --------- d-----w c:\documents and settings\KRO\Application Data\Autodesk
2009-02-28 15:55 --------- d-----w c:\program files\Common Files\Autodesk Shared
2009-02-28 15:55 --------- d-----w c:\program files\Common Files\Alias Shared
2009-02-28 15:51 --------- d-----w c:\program files\Autodesk
2009-02-14 01:57 --------- d-----w c:\documents and settings\KRO\Application Data\Derivative
2009-02-14 01:56 --------- d-----w c:\program files\Derivative
2009-02-12 16:29 --------- d-----w c:\program files\Common Files\Adobe
2009-02-10 15:24 --------- d-----w c:\program files\Side Effects Software
2009-02-02 21:49 --------- d-----w c:\program files\ATnotes
2009-02-02 11:06 --------- d-----w c:\program files\Common Files\PACE Anti-Piracy
2009-02-02 11:06 --------- d-----w c:\documents and settings\KRO\Application Data\PACE Anti-Piracy
2009-02-02 11:06 --------- d-----w c:\documents and settings\KRO\Application Data\Cycling '74
2009-02-02 11:06 --------- d-----w c:\documents and settings\All Users\Application Data\PACE Anti-Piracy
2009-02-02 11:00 54,256 ----a-w c:\windows\system32\drivers\iLokDrvr.sys
2009-02-02 10:59 --------- d-----w c:\program files\Cycling '74
2009-01-22 16:26 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-12 09:26 74 --sh--r c:\windows\CT4CET.bin
.

------- Sigcheck -------

2004-08-04 09:00 182912 1df7f42665c94b825322fae71721130d c:\windows\$NtServicePackUninstall$\ndis.sys
2008-04-13 16:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys
2009-03-20 14:16 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\dllcache\ndis.sys
2009-03-20 14:16 213120 1df7f42665c94b825322fae71721130d c:\windows\system32\drivers\ndis.sys

2008-04-13 21:12 1051648 b6cdded62267453392a82267e6dc724c c:\windows\explorer.exe
2004-08-04 09:00 1050112 5909761f5c805b7b6cb7417815eb74fc c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-13 21:12 1051648 5b1da43862294f496b3f1ff9914c6490 c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-04 09:00 33280 07f918faa59b78f9eac1373d635db851 c:\windows\$NtServicePackUninstall$\ctfmon.exe
2008-04-13 21:12 33280 f8a620e95be303d0f72718cc70fbccf8 c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-13 21:12 33280 611ec27cb4d17bb7dfedfcfa5749420c c:\windows\system32\ctfmon.exe

2004-08-04 09:00 75776 678ace4329dac4907a4c431e8c6b9bfa c:\windows\$NtServicePackUninstall$\spoolsv.exe
2008-04-13 21:12 75776 ca229739fd5884a7ff39c1f9d7cbdadf c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-13 21:12 75776 d44c9f996a211c1c361eba486bee13dc c:\windows\system32\spoolsv.exe

2004-08-04 09:00 42496 509621e34814918c51f20e13c01a91ca c:\windows\$NtServicePackUninstall$\userinit.exe
2008-04-13 21:12 44032 c88845833a777dfac464598929f06134 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-13 21:12 44032 1642c8750e39152c04599089f8e82438 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite quello\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 19:59 2953216 --a------ c:\program files\Protector Suite quello\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2278400]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2003-11-13 236544]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1036288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1265664]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-11 8523776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-11 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 425984]
"PSQLLauncher"="c:\program files\Protector Suite quello\launcher.exe" [2007-03-28 49168]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 180224]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-10 57344]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2203648]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 139264]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2008-05-20 204800]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-11-12 949376]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 434176]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3760128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-16 136600]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-21 515416]
"nwiz"="nwiz.exe" [2007-11-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlackICE Utility.lnk - c:\program files\ISS\BlackICE\blackice.exe [2008-11-12 724992]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 568176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 19:46 90112 c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= myokent.dll
"SENTINEL"= snti386.dll
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag\\UDefrag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Sorenson Media\\Sorenson Squeeze\\Squeeze.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Luxology\\modo 302\\modo.exe"=
"c:\\Program Files\\Mocolo\\Mocolo.exe"=
"c:\\Program Files\\Side Effects Software\\Houdini 9.5.230\\bin\\hmaster.exe"=
"c:\\Program Files\\Mocolo\\MocoloTestClient.exe"=
"c:\\Program Files\\processing-1.0.1\\java\\bin\\java.exe"=
"c:\\Program Files\\Derivative\\TouchDesignerFTE.077\\bin\\TouchDesigner.exe"=
"c:\\Program Files\\Cycling '74\\Max 5.0\\Max.exe"=
"c:\\Program Files\\Mocolo3\\Mocolo.exe"=
"c:\\Program Files\\Mocolo3\\MickeyMocolo.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-21 64160]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-12 15424]
R1 RapDrv;RapDrv;c:\windows\system32\drivers\RapDrv.sys [2008-11-12 85228]
R1 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2008-11-12 21748]
R1 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2008-11-12 9296]
R3 OEM02Afx;Provides a software interface to control audio effects of OEM002 camera.;c:\windows\system32\drivers\OEM02Afx.sys [2008-11-12 141376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2008-11-12 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2008-11-12 7424]
S2 BlackICE;BlackICE;c:\program files\ISS\BlackICE\blackd.exe [2008-11-12 688128]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 86016]
S3 iLokDrvr;iLok;c:\windows\system32\drivers\iLokDrvr.sys [2008-06-05 54256]
S3 VDNG;Video to 1394, WDM Video Capture;c:\windows\system32\drivers\vid21394_4012.sys [2009-03-04 59520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ed43600-fc17-11dd-a6fa-001fe2df1004}]
\Shell\AutoRun\command - f:\.\run\autorun.exe
\Shell\open\Command - f:\.\run\autorun.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-services - c:\windows\services.exe
HKLM-Run-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
HKU-Default-Run-reader_s - c:\documents and settings\KRO\reader_s.exe
HKU-Default-Run-services - c:\windows\services.exe
HKLM-Explorer_Run-services - c:\windows\services.exe
HKCU-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\KRO\Application Data\Mozilla\Firefox\Profiles\num5zsnz.default\
FF - prefs.js: browser.startup.homepage - www.goog1e.it
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 14:49:28
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\myokent.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
c:\program files\Protector Suite quello\homepass.dll
c:\program files\Protector Suite quello\bio.dll
c:\program files\Protector Suite quello\remote.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\imon.dll
c:\program files\Protector Suite quello\crypto.dll

- - - - - - - > 'lsass.exe'(1016)
c:\windows\system32\myokent.dll
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite quello\homefus2.dll
c:\program files\Protector Suite quello\infra.dll
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\sesinetd.exe
c:\windows\system32\hserver.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
c:\windows\system32\rundll32.exe
c:\program files\Protector Suite quello\psqltray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2009-03-21 14:52:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-21 17:52:43

Pre-Run: 67,143,974,912 bytes free
Post-Run: 67,020,947,456 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

314 --- E O F --- 2009-03-17 09:05:00
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm


Re: controllo Log HiJackThis

Messaggioda cro » sab mar 21, 2009 7:02 pm

ancora mi da due warning del NOD32, un worm joleee.NF e poi un trojan SpamToolAgent.... ma ho passato il nod spybot ed ad aware, e niente ha funzionato
grazie in avanti per l aiuto!!
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm

Re: controllo Log HiJackThis

Messaggioda lorenaino » sab mar 21, 2009 8:19 pm

ciao,hai provato con malwarebytes anti malware?
http://www.malwarebytes.org/mbam.php

[^]
Avatar utente
lorenaino
Aficionado
Aficionado
 
Messaggi: 138
Iscritto il: mar feb 17, 2009 3:43 pm
Località: Sasso Marconi

Re: controllo Log HiJackThis

Messaggioda Amantide » sab mar 21, 2009 10:38 pm

Segui il consiglio di lorenaino e fai anche la scansione con Malwarebytes.
...per volare alto, bisogna saper cadere...
Avatar utente
Amantide
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 8126
Iscritto il: lun feb 06, 2006 4:13 pm
Località: Abruzzo

Re: controllo Log HiJackThis

Messaggioda cro » dom mar 22, 2009 4:36 am

grazie mile!! non sono ancora riuscita a soluzionarlo, malwarebytes mi trova tanti trojans, cancello tutti, ma quando fa il restart e collego a internet appareno ancora questo joleee.NF e l' altro che e SpamToolAgent
non so che fare!! devo formatear per forza??
grazie ancora!
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm

Re: controllo Log HiJackThis

Messaggioda lorenaino » dom mar 22, 2009 8:32 am

buongiorno,prima di fare le scansioni hai disattivato il ripristino configurazione del sistema?
In attesa degli esperti potresti fare una scansione completa con super antispyware free
http://www.superantispyware.com/superan ... vspro.html

prima di fare la scansione lo aggiorni.
ciao
[:)]
Avatar utente
lorenaino
Aficionado
Aficionado
 
Messaggi: 138
Iscritto il: mar feb 17, 2009 3:43 pm
Località: Sasso Marconi

Re: controllo Log HiJackThis

Messaggioda crazy.cat » dom mar 22, 2009 8:33 am

cro ha scritto:appareno ancora questo joleee.NF e l' altro che e SpamToolAgent

In quali file vengono trovati questi virus?

Aggiorna anche hijackthis visto che hai una versione vecchi
http://www.trendsecure.com/portal/en-US ... ckThis.exe
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: controllo Log HiJackThis

Messaggioda cro » dom mar 22, 2009 4:35 pm

i files vengono trovati cosi
windows/file.bat
win32/joleee.NF worm

iliketay.con/dll/em.txt o 14/temp
win32/SpamToolAgent.NAJ trojan


poi ecco il log di jihackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:13 PM, on 3/22/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\sesinetd.exe
C:\WINDOWS\system32\hserver.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\OEM02Mon.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Protector Suite quello\psqltray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\services.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\KRO\reader_s.exe
C:\Documents and Settings\KRO\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite quello\launcher.exe" /startup
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [services] C:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\KRO\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - Global Startup: BlackICE Utility.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HoudiniLicenseServer - Side Effects Software Inc. - C:\WINDOWS\system32\sesinetd.exe
O23 - Service: HoudiniServer - Side Effects Software Inc. - C:\WINDOWS\system32\hserver.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\STacSV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 9222 bytes
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm

Re: controllo Log HiJackThis

Messaggioda crazy.cat » dom mar 22, 2009 5:01 pm

cro ha scritto:i files vengono trovati cosi
windows/file.bat
win32/joleee.NF worm

iliketay.con/dll/em.txt o 14/temp
win32/SpamToolAgent.NAJ trojan

Non si capisce il percorso reale dei file.

Controlla se nel tuo pc c'è questo file C:\WINDOWS\services.exe
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: controllo Log HiJackThis

Messaggioda cro » dom mar 22, 2009 5:16 pm

si c'e ma mi sa che e stato duplicato, perche c' e l'ho due volte, ma non posso fermarlo perche dice che e critico per il funzionamento
Avatar utente
cro
Neo Iscritto
Neo Iscritto
 
Messaggi: 6
Iscritto il: sab mar 21, 2009 5:52 pm

Re: controllo Log HiJackThis

Messaggioda crazy.cat » dom mar 22, 2009 6:01 pm

Scrivi i percorsi completi dei file che avevi segnalato, il service.exe è un virus.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Bing [Bot] e 5 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising