Condividi:        

ANALISI LOG.ROOTKITREVEALER

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

ANALISI LOG.ROOTKITREVEALER

Postdi thethunder » 15/01/08 22:08

Ciao Andorra..ne approfitto per augurare a te a tutto lo staff e a tutti gli iscritti sereno 2008.
Puoi controllarmi il logo di HijackThis ed in particolare quello di RootkitRevealer?
Grazie.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.05.36, on 15/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\MMaestro\BWheel35.exe
C:\Programmi\KMaestro\KMaestro.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
I:\PRG.TOOLS\rootkivelar\RootkitRevealer.exe
C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\KO.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\HjackThis\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [LWBMOUSE] C:\MMaestro\BWheel35.exe
O4 - HKLM\..\Run: [EPSON Stylus C64 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C64 Series" /O6 "USB001" /M "Stylus C64"
O4 - HKLM\..\Run: [BtcMaestro] C:\Programmi\KMaestro\KMaestro.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Pareto_Update] C:\Programmi\File comuni\ParetoLogic\UUS\Pareto_Update.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINDOWS\system32\E_S64.tmp"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Programmi\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [SkypeMate] NULL
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5850067890
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/MsnMe ... loader.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: KO - Sysinternals - http://www.sysinternals.com - C:\DOCUME~1\ALESSA~1\IMPOST~1\Temp\KO.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe

--
End of file - 5113 bytes



HKLM\SOFTWARE\Eset\Nod\CurrentVersion\Modules\Update\Settings\LastUpdateAttempt 15/01/08 21.29 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Eset\Nod\CurrentVersion\Scheduler\Timestamp 15/01/08 21.33 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Eset\Nod\CurrentVersion\Scheduler\1827917953\LastExec 15/01/08 20.34 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Eset\Nod\CurrentVersion\Scheduler\1827918962\LastExec 15/01/08 20.34 4 bytes Data mismatch between Windows API and raw hive data.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 15/01/08 21.33 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 15/01/08 21.36 67 bytes Hidden from Windows API.
thethunder
Utente Senior
 
Post: 104
Iscritto il: 12/08/06 10:13

Sponsor
 

Torna a Sicurezza e Privacy


Topic correlati a "ANALISI LOG.ROOTKITREVEALER":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 38 ospiti