Olimpo Informatico

[sagittarjo]

intanto ho scansionato anche con nod 32 che mi ha rimosso 2 specie di win32 genetic(cavalli di troja)

[bdoriano]

Premetto, SpyDoctor non lo conosco.

I files riscontrati da Kaspersky non sono poi tanti.

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[sagittarjo]

Grazie bdorian ecco qua il log di avenger:

Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vjptamwa

*******************

Script file located at: \??\D:\Documents and Settings\nlhxlaaa.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at D:\Avenger

*******************

Beginning to process script file:



File D:\Programmi\File comuni\SenzaDoppioni\strpmon.exe not found!
Deletion of file D:\Programmi\File comuni\SenzaDoppioni\strpmon.exe failed!

Could not process line:
D:\Programmi\File comuni\SenzaDoppioni\strpmon.exe
Status: 0xc0000034



File D:\RECYCLER\S-1-5-21-1606980848-1563985344-725345543-1003\Dd1.exe not found!
Deletion of file D:\RECYCLER\S-1-5-21-1606980848-1563985344-725345543-1003\Dd1.exe failed!

Could not process line:
D:\RECYCLER\S-1-5-21-1606980848-1563985344-725345543-1003\Dd1.exe
Status: 0xc0000034

File D:\System Volume Information\_restore{9060633F-76BD-4C20-8B92-E33938D1AB6B}\RP34\A0006955.exe deleted successfully.
File D:\System Volume Information\_restore{9060633F-76BD-4C20-8B92-E33938D1AB6B}\RP36\A0007699.exe deleted successfully.
File D:\System Volume Information\_restore{9060633F-76BD-4C20-8B92-E33938D1AB6B}\RP36\A0007705.exe deleted successfully.


Could not open file D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\mfh6uwej.default\Cache\63329BDCd01/data.rar for deletion
Deletion of file D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\mfh6uwej.default\Cache\63329BDCd01/data.rar failed!

Could not process line:
D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\Mozilla\Firefox\Profiles\mfh6uwej.default\Cache\63329BDCd01/data.rar
Status: 0xc0000033

File C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AB8F8UTP\SmitfraudFix[1].exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

e quello di hijack:


Scan saved at 01:46, on 2007-12-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\COMODO\Firewall\cmdagent.exe
D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\Programmi\Eset\nod32krn.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\VEXPLITE\viritsvc.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\COMODO\Firewall\cfp.exe
D:\Programmi\Eset\nod32kui.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Programmi\Google\Google Updater\GoogleUpdater.exe
D:\Programmi\Last.fm\LastFMHelper.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Marco\IMPOST~1\Temp\Directory temporanea 3 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EDS] D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] D:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKLM\..\Run: [nod32kui] "D:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = D:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Programmi\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe

a domani....

[sagittarjo]

c'è quache novità? io intanto sto continuando a fare scansioni con vari programmi.
a dopo

[sagittarjo]

ciao, ho fatto varie nuove scansioni e non mi viene rilevato niente tranne spyware doctor che trova i soliti 3 virus:1 dialer e 2 trojan.
il pc continua a darmi problemi di lentezza.

resto sintonizzato.....

[Sante62]

Il log di HJT sembra pulito. I motivi della lentezza possono essere molteplici, RAM disponibile, troppi programmi caricati all'avvio, spazio su Hard Disk etc.
Se vuoi possiamo provare a disabilitare qualche programma che risulta inutile all'avvio, ma comunque non noterai miglioramenti significativi...

[sagittarjo]

ciao sante62 e grazie di tutto.
ho appena caricato virIT e ancora prima di fare lo scan mi sono apparse delle
voci con un teschio accanto ad ognuna:

[SCANSIONE DELLA MEMORIA]
[Hidden Services]
IKFileSec - File Security Driver - system32\drivers\ikfilesec.sys
IKSysFlt - System Filter Driver - system32\drivers\iksysflt.sys
IKSysSec - System Security Driver - system32\drivers\iksyssec.sys

che vuol dire tutto ciò?

in effetti ora sono pieno di programmi av e mi piacerebbe toglierne un po' ma vorrei essere sicuro che il pc sia pulito, e come mai spyware doctor continua a segnalarmi 1 dialer e 2 trojan?

cosa mi consigli di tenere a protezione di xp? e di vista?

grazie

[Sante62]

Eh, probabili Rootkit..
Puoi postare tutto il log di Virit?
Cosi verifichiamo se li ha eliminati. In ogni caso scarica Navilog1
installalo, riavvia il PC in modalità provvisoria;
Poi, fai doppio click sull'icona navilog1 che si è creata sul desktop
digita E clicca invio;
continua premendo un tasto qualsiasi per andare avanti;
digita 2 e clicca invio;
inizierà a rimuovere i file trovati infetti;
aspetta che finisca la scansione finchè si aprirà il blocco note
Al riavvio alla modalità normale incolla quì il file C:\fixnavi.txt
A protezione sia di XP e Vista, un buon firewall e un buon antivirus. Come antivirus gratuti puoi mettere Avast o Avira e anche qualche antispyware.