Analisi LOG hijackthis

**Matematiko** · 21-02-2009, 16:34

Ciao a tutti!.....

Ho un grosso problema...

stavo facendo assistenza in settimana ad un pc....

ho salvato i dati di questo pc....su un hard disk esterno...formattato e ripristinato i drivers...

tutto ok

attacco l'hard disk sul mio pc di casa......e mi si blocca il pc...non visualizzo i files nascosti....ho files strani in esecuzione ecc ecc.....stessi sintomi del pc ke avevo appena ripristinato!...

è possibile ke il virus si sia trasferito in automatico??...(incredibile! ke bastard0!!!)

allora uso un cd di ulility x scansioni varie..unhackme...ed avira antivir il quale mi trova 51 virus...ke elimina...

ora SEMBRA ke sia tutto ok....ma dal basso della mia esperienza pensavo di far vedere a voi un log di hijackthis x vedere se è tutto ok o cos'altro posso fare....

io posto...se qlk1 può darmi una mano...ringrazio molto..ho paura ad attaccare qualsiasi dispositivo usb ora!!! :/

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.16.12, on 21/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Programmi\COMODO\COMODO Internet Security\cfp.exe
C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
C:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\UnHackMe\hackmon.exe
C:\Programmi\Logitech\SetPoint\SetPoint.exe
C:\Programmi\Active SMART\ActiveSMART.exe
C:\Programmi\Logitech\Gaming Software\LWEMon.exe
C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\File comuni\Logitech\khalshared\KHALMNPR.EXE
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
c:\programmi\avira\antivir personaledition classic\avcenter.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\CubicExplorer\CubicExplorer.exe
C:\Documents and Settings\Marco\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Programmi\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Programmi\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [SPIRun] Rundll32 SPIRun.dll,RunDLLEntry
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Programmi\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [XboxStat] "C:\Programmi\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [UnHackMe Monitor] C:\Programmi\UnHackMe\hackmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Active SMART.lnk = C:\Programmi\Active SMART\ActiveSMART.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Logitech Gaming Software.lnk = ? (User 'SYSTEM')
O4 - S-1-5-18 Startup: Microsoft Office Outlook.lnk = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: Mozilla Firefox.lnk = C:\Programmi\Mozilla Firefox\firefox.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Active SMART.lnk = C:\Programmi\Active SMART\ActiveSMART.exe (User 'Default user')
O4 - .DEFAULT Startup: Logitech Gaming Software.lnk = ? (User 'Default user')
O4 - .DEFAULT Startup: Microsoft Office Outlook.lnk = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE (User 'Default user')
O4 - .DEFAULT Startup: Mozilla Firefox.lnk = C:\Programmi\Mozilla Firefox\firefox.exe (User 'Default user')
O4 - Startup: Active SMART.lnk = C:\Programmi\Active SMART\ActiveSMART.exe
O4 - Startup: Logitech Gaming Software.lnk = ?
O4 - Startup: Microsoft Office Outlook.lnk = C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE
O4 - Startup: Mozilla Firefox.lnk = C:\Programmi\Mozilla Firefox\firefox.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1234627433078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1234630021453
O17 - HKLM\System\CCS\Services\Tcpip\..\{2F0A0707-609C-49E5-BBF0-BD1DDAA7315C}: NameServer = 151.99.0.100,151.99.125.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Programmi\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9037 bytes

GRAZIE A TUTTI!

Discussione: Analisi LOG hijackthis

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Analisi LOG hijackthis - HELP VIRUS incredibile!

Permessi di invio