+ Rispondi alla Discussione
Risultati da 1 a 13 di 13

[Risolto] Virus Virtumonde

Ultimo Messaggio di Wolf Otakar il:
  1. #1
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8

    Virus Virtumonde

    Salve a tutti, sono nuovo.Ho anch'io un problema con virtumondo,ho provato a scansionare sia con spybot che con adaware.Ho provato anche con dei tool di rimozioni vari specifici(virtumondobegone e vundofix), ma il problema persiste e lo ritrovo riscansionando.Oltretutto, se attuo una scansione con adaware,il sistema mi si riavvia automaticamente.Cosa devo fare?Ho preso anche hijackthis, se qualcuno potrebbe gentilmente analizzarmi il log e mi dicesse cosa devo eliminare mi sarebbe di grande aiuto.Sto virtumondo e' proprio una piaga.Ciao e grazie in anticipo per l'aiuto.

  2. #2
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    Ecco il log fatto con Hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14.17.40, on 18/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\system32\V0230Mon.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Router\Router.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: {689c8ae9-a014-63fa-88f4-0e99ac77e282} - {282e77ca-99e0-4f88-af36-410a9ea8c986} - C:\WINDOWS\system32\tmp329.tmp.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
    O2 - BHO: (no name) - {eb46f37a-6e41-464c-9aca-0aef6ae340af} - C:\WINDOWS\system32\c_13d8.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [{2CCCCBD9-096C-1040-1120-020607060027}] "C:\Programmi\File comuni\{2CCCCBD9-096C-1040-1120-020607060027}\Update.exe" te-110-12-0000307
    O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\Compy\IMPOST~1\Temp\MBDownloader_87692 3.exe
    O4 - HKLM\..\Run: [teke] C:\Programmi\Internet Explorer\teke77798.exe
    O4 - HKLM\..\Run: [2ccccb76] rundll32.exe "C:\WINDOWS\hgddaa.dll",b
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [DDC] C:\Documents and Settings\Compy\Dati applicazioni\tmp320.tmp.exe
    O4 - HKCU\..\Run: [Router] C:\Programmi\Router\Router.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kbdwin.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kbdwin.dll (file missing)
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS2\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS3\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O20 - AppInit_DLLs: c:\windows\system32\awvtstr.dll
    O20 - Winlogon Notify: c_13d8 - C:\WINDOWS\SYSTEM32\c_13d8.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O24 - Desktop Component 0: (no name) - C:\Programmi\NetMeeting\cewuemyjy.html

    --
    End of file - 9215 bytes

  3. #3
    Consiglio Direttivo L'avatar di Wolf Otakar
    Data Registrazione
    Apr 2006
    Località
    Calabria
    Messaggi
    7,473
    Segui Wolf Otakar su Twitter
    Ciao Dirty&Rotten e benvenuto nel Forum GT!

    Fixa con hijackthis queste chiavi:

    O2 - BHO: {689c8ae9-a014-63fa-88f4-0e99ac77e282} - {282e77ca-99e0-4f88-af36-410a9ea8c986} - C:\WINDOWS\system32\tmp329.tmp.dll

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)

    O2 - BHO: (no name) - {eb46f37a-6e41-464c-9aca-0aef6ae340af} - C:\WINDOWS\system32\c_13d8.dll

    O4 - HKLM\..\Run: [{2CCCCBD9-096C-1040-1120-020607060027}] "C:\Programmi\File comuni\{2CCCCBD9-096C-1040-1120-020607060027}\Update.exe" te-110-12-0000307

    O4 - HKLM\..\Run: [NBInstall] C:\DOCUME~1\Compy\IMPOST~1\Temp\MBDownloader_87692 3.exe

    O4 - HKLM\..\Run: [2ccccb76] rundll32.exe "C:\WINDOWS\hgddaa.dll",b

    O4 - HKCU\..\Run: [DDC] C:\Documents and Settings\Compy\Dati applicazioni\tmp320.tmp.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kbdwin.dll (file missing)

    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\kbdwin.dll (file missing)

    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} -

    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} -

    O16 - DPF: {E13F1132-4CA0-4005-84D3-51406E27D269} -

    O20 - AppInit_DLLs: c:\windows\system32\awvtstr.dll

    O20 - Winlogon Notify: c_13d8 - C:\WINDOWS\SYSTEM32\c_13d8.dll
    Fatto questo, scarica ed avvia questo tool di rimozione!

    Posta poi, un nuovo log con hijackthis!

  4. #4
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    Fatto, scansionato con FxVMonde, non ha trovato nulla.Devo riavviare?Cmq ecco il nuovo log di Hijackthis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15.53.36, on 18/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
    C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\WINDOWS\system32\V0230Mon.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Programmi\Messenger\msmsgs.exe
    C:\Programmi\Router\Router.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Programmi\Internet Explorer\IEXPLORE.EXE
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
    C:\Programmi\Mozilla Firefox\firefox.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {eb46f37a-6e41-464c-9aca-0aef6ae340af} - C:\WINDOWS\system32\c_13d8.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe "
    O4 - HKLM\..\Run: [AVFX Engine] C:\Programmi\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [teke] C:\Programmi\Internet Explorer\teke77798.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Programmi\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Live! Cam Manager] "C:\Programmi\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
    O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Programmi\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
    O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKCU\..\Run: [Router] C:\Programmi\Router\Router.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS2\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS3\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O20 - AppInit_DLLs: c:\windows\system32\awvtstr.dll
    O20 - Winlogon Notify: c_13d8 - C:\WINDOWS\SYSTEM32\c_13d8.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    O24 - Desktop Component 0: (no name) - C:\Programmi\NetMeeting\cewuemyjy.html

    --
    End of file - 8138 bytes

  5. #5
    Consiglio Direttivo L'avatar di Wolf Otakar
    Data Registrazione
    Apr 2006
    Località
    Calabria
    Messaggi
    7,473
    Segui Wolf Otakar su Twitter
    Fixa con hijackthis queste chiavi:

    O2 - BHO: (no name) - {eb46f37a-6e41-464c-9aca-0aef6ae340af} - C:\WINDOWS\system32\c_13d8.dll

    O20 - AppInit_DLLs: c:\windows\system32\awvtstr.dll

    O20 - Winlogon Notify: c_13d8 - C:\WINDOWS\SYSTEM32\c_13d8.dll


    Ma non usi nessun firewall o antivirus???

  6. #6
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    Fatto, ed ora?Uso solo il firewall di windows.

  7. #7
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    non ho avuto mai problemi di questo tipo, avevo sempre risolto tutto con spybot o con adaware, ma questo sempra piu' duro..

  8. #8
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    ah c'e' anche un'altra stranezza..da quando ho preso questo virus, i nomi delle icone nel desktop sono riquadrate di nero.. la cosa e' collegata?

  9. #9
    Consiglio Direttivo L'avatar di Wolf Otakar
    Data Registrazione
    Apr 2006
    Località
    Calabria
    Messaggi
    7,473
    Segui Wolf Otakar su Twitter
    Citazione Originariamente Scritto da Dirty&Rotten Visualizza Messaggio
    Fatto, ed ora?Uso solo il firewall di windows.
    Ciao Dirty&Rotten,

    solo il firewall di windows non basta!

    Qui, trovi una lista di software utili, per la sicurezza del tuo sistema!

    Ti consiglio "momentaneamente", di effettuare una scansione con Virit Antivirus "aggiornato"!

    Fammi sapere!

  10. #10
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    Ciao Wolf!
    Allora ho fatto una scansione completa con Avira Antivir ecco il log :

    Starting the file scan:

    Begin scan in 'C:'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Programmi\Easy CD-DA Extractor 7\ezcdda_7091_18.7.2004.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [INFO] The file was deleted!
    C:\Programmi\Router\Router.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Textrec
    [INFO] The file was deleted!
    C:\Programmi\Trend Micro\HijackThis\backups\backup-20071218-151105-616.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\Programmi\Trend Micro\HijackThis\backups\backup-20071218-210136-908.dll
    [DETECTION] Is the Trojan horse TR/Vundo.Gen
    [INFO] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!


    End of the scan: mercoledì 19 dicembre 2007 16:13
    Used time: 1:28:16 min

    The scan has been done completely.

    6430 Scanning directories
    325886 Files were scanned
    4 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    4 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    325882 Files not concerned
    2698 Archives were scanned
    2 Warnings
    0 Notes

    Dopodiche' ho riavviato ed ho fatto una scansione con ad-aware e non ha trovato nulla.Cmq sospetto che il problema ancora esista.Ti posto il log di hijackthis dopo queste operazioni :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16.57.03, on 19/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\UAService7.exe
    C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\MSN Messenger\msnmsgr.exe
    C:\Programmi\MSN Messenger\usnsvc.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programmi\FlashGet\jccatch.dll
    O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programmi\Windows Desktop Search\dsWebAllow.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programmi\FlashGet\getflash.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Programmi\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: &Scarica con FlashGet - C:\Programmi\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Scarica tutto con FlashGet - C:\Programmi\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} (Java Plug-in 1.4.2_03) -
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS2\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O17 - HKLM\System\CS3\Services\Tcpip\..\{168C0037-ED7E-4493-B57D-539417AC7CC6}: NameServer = 85.37.17.57 85.38.28.80
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: 1_srop - 1_srop.dll (file missing)
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

    --
    End of file - 6654 bytes

    Ciao e grazie

  11. #11
    Consiglio Direttivo L'avatar di Wolf Otakar
    Data Registrazione
    Apr 2006
    Località
    Calabria
    Messaggi
    7,473
    Segui Wolf Otakar su Twitter
    Citazione Originariamente Scritto da Dirty&Rotten Visualizza Messaggio
    il problema ancora esista
    Che tipo di problema?

    Fixa con hijackthis questa chiave:

    O20 - Winlogon Notify: 1_srop - 1_srop.dll (file missing)
    Citazione Originariamente Scritto da Wolf Otakar Visualizza Messaggio
    Ti consiglio "momentaneamente", di effettuare una scansione con Virit Antivirus "aggiornato"!
    Come ti ho suggerito precedentemente, effettua una scansione con Virit; posta poi, il suo log qui!

  12. #12
    User Newbie L'avatar di Dirty&Rotten
    Data Registrazione
    Dec 2007
    Messaggi
    8
    Perfetto problema risolto!
    Grazie mille Wolf!
    Ciao!

  13. #13
    Consiglio Direttivo L'avatar di Wolf Otakar
    Data Registrazione
    Apr 2006
    Località
    Calabria
    Messaggi
    7,473
    Segui Wolf Otakar su Twitter
    Citazione Originariamente Scritto da Dirty&Rotten Visualizza Messaggio
    Perfetto problema risolto!
    Grazie mille Wolf!
    Ciao!


+ Rispondi alla Discussione

Tag per Questa Discussione

^ Permessi di Scrittura

  • Tu non puoi inviare nuove discussioni
  • Tu non puoi inviare risposte
  • Tu non puoi inviare allegati
  • Tu non puoi modificare i tuoi messaggi
  •  
  • Il codice BB è Attivato
  • Le faccine sono Attivato
  • Il codice [IMG] è Attivato
  • Il codice [VIDEO] è Attivato
  • Il codice HTML è Disattivato
  • Trackbacks Attivato
  • Pingback Attivato
  • Refback Attivato

SEO by vBSEO 3.6.0 PL2 ©2011, Crawlability, Inc.