Condividi:        

Logfile HijackThis

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Logfile HijackThis

Postdi prof2000 » 15/03/08 23:24

Ciao, per piacere, non aprire più di un post per lo stesso problema, è inutile e dispersivo. Inoltre, utilizza titoli con un minimo di significato, la frase "x favore aiuto", la riserverei per cose un poco più importanti

Scarica questo file:
http://www.trendsecure.com/portal/en-US ... ckThis.exe

salvalo in una cartella del disco fisso appositamente dedicata, no desktop né cartella temporanea, ad esempio C:\programmi\HJT.
Da quella posizione avvialo, premi l'opzione "do a system scan and save a log file", attendi che si apra un file di testo al cui interno sarà elaborato un file di testo. Copia e incolla il contenuto del file di testo in un nuovo post, continuando però questa discussione.

FILE LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.17.19, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Nuova cartella\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programmi\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMf7c125f6] Rundll32.exe "C:\WINDOWS\system32\fhpcgitf.dll",s
O4 - HKLM\..\Run: [f4f2166a] rundll32.exe "C:\WINDOWS\system32\niklipmg.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Dati applicazioni\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe

--
End of file - 5483 bytes
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Sponsor
 

Re: Logfile HijackThis

Postdi Luke57 » 17/03/08 09:58

Ciao, per piacere, continua la discussione cliccando su "Rispondi", non aprire più nuovi post ogni volta che intervieni, non mi sembra difficile.

scarica combofix sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus


Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione che è piuttosto lenta)
Segui le istruzioni e alla fine verrà generato un log (C:\combofix.txt).

Riavvia il pc, copia e incolla il contenuto del report.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Logfile HijackThis

Postdi Luke57 » 17/03/08 10:28

Ciao,copia questo codice:

file::
C:\WINDOWS\system32\gmpilkin.ini
C:\WINDOWS\17PHolmes572.exe
C:\Documents and Settings\User\Dati applicazioni\inst.exe

registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]


incollalo in un file di testo, salva il file di testo obbligatoriamente con il nome CFScript.txt, trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione ed eventuale riavvio.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Logfile HijackThis

Postdi Luke57 » 17/03/08 11:09

Ciao, questo forum sembra impazzito come la maionese, la mia risposta su cosa ancora fare è sopra il tuo report di combofix.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Logfile HijackThis

Postdi prof2000 » 17/03/08 12:20

ComboFix 08-03-14.4 - User 2008-03-17 12.04.18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.68 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMf7c125f6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aidtlpjw.dll
C:\WINDOWS\system32\awtss.dll
C:\WINDOWS\system32\byxutsr.dll
C:\WINDOWS\system32\efcayvt.dll
C:\WINDOWS\system32\fhpcgitf.dll
C:\WINDOWS\system32\gebyyax.dll
C:\WINDOWS\system32\iifggde.dll
C:\WINDOWS\system32\ljxnhmms.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\okxnpuvn.dll
C:\WINDOWS\system32\smmhnxjl.dll
C:\WINDOWS\system32\sstwa.ini
C:\WINDOWS\system32\sstwa.ini2
C:\WINDOWS\system32\ueultmng.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-02-17 al 2008-03-17 )))))))))))))))))))))))))))))))))))
.

2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella
2008-03-15 20:20 . 2008-03-16 20:20 1,367,035 ---hs---- C:\WINDOWS\system32\gmpilkin.ini
2008-03-14 15:22 . 2008-03-15 20:54 32,764 --a------ C:\WINDOWS\17PHolmes572.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-21 16:58 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Xi
2008-01-21 16:57 --------- d-----w C:\Programmi\Xi
2007-11-06 13:07 87,608 -c--a-w C:\Documents and Settings\User\Dati applicazioni\inst.exe
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\byxutsr]
byxutsr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 12:10:29
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Eset\nod32krn.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-03-17 12:13:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-17 11:13:04
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Logfile HijackThis

Postdi prof2000 » 17/03/08 14:02

ComboFix 08-03-14.4 - User 2008-03-17 16.15.20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.68 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\User\Dati applicazioni\inst.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\gmpilkin.ini
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Dati applicazioni\inst.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\gmpilkin.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-02-17 al 2008-03-17 )))))))))))))))))))))))))))))))))))
.

2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-21 16:58 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Xi
2008-01-21 16:57 --------- d-----w C:\Programmi\Xi
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 16:17:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-03-17 16.17.42
ComboFix-quarantined-files.txt 2008-03-17 15:17:34
ComboFix2.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48

Re: Logfile HijackThis

Postdi prof2000 » 18/03/08 14:11

Ho rifatto la scansione dopo aver copiato quello che mi hai detto, mi puoi dire com'è adesso la situazione perchè ho ancora dei problemi.

ComboFix 08-03-14.4 - User 2008-03-17 16.15.20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.68 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\User\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\User\Dati applicazioni\inst.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\gmpilkin.ini
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Dati applicazioni\inst.exe
C:\WINDOWS\17PHolmes572.exe
C:\WINDOWS\system32\gmpilkin.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-02-17 al 2008-03-17 )))))))))))))))))))))))))))))))))))
.

2008-03-15 23:16 . 2008-03-15 23:17 <DIR> d-------- C:\Programmi\Nuova cartella

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 14:22 --------- d-----w C:\Programmi\ESET
2008-03-07 10:24 --------- d-----w C:\Programmi\eMule
2008-02-11 22:25 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Azureus
2008-02-11 21:15 --------- d-----w C:\Programmi\Azureus
2008-02-11 21:15 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Azureus
2008-01-21 16:58 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Xi
2008-01-21 16:57 --------- d-----w C:\Programmi\Xi
2007-11-06 13:07 47,360 -c--a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

------- Sigcheck -------

2004-08-30 19:40 359040 7b11118b078b88f87183fe69eda43137 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Programmi\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Programmi\Winamp Toolbar\winamptb.dll" [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Programmi\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-07-19 11:14 57344]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-08-19 14:51 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 21:57 30208]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 10:09 49152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2007-10-25 17:25 949376]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Motive SmartBridge"="C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2007-11-14 23:43 286720]
"OM_Monitor"="C:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-07-19 11:06 40960]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\MAGIX\\Music_Manager\\MusicManager.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Internet Explorer\\iexplore.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=

R3 WDMCAPI;ISDN PCI CAPI;C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys [2001-05-24 16:26]
R3 WDMWANMP;NDIS WAN miniport;C:\WINDOWS\system32\DRIVERS\wdmwanmp.sys [2001-04-22 14:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c9f8fb7-fe44-11d5-86c4-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-08 12:47:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 16:17:08
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-03-17 16.17.42
ComboFix-quarantined-files.txt 2008-03-17 15:17:34
ComboFix2.txt 2008-03-17 11:13:09
prof2000
Utente Junior
 
Post: 72
Iscritto il: 26/04/07 11:48


Torna a Sicurezza e Privacy


Topic correlati a "Logfile HijackThis":

Analisi log HijackThis
Autore: Sanko
Forum: Sicurezza e Privacy
Risposte: 4
Pc lento e Hijackthis
Autore: Flopez
Forum: Assistenza Hardware
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 28 ospiti