Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
* [RISOLTO] trojan e downloader
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
agatina
Eroe
Eroe


Registrato: 29/05/07 12:44
Messaggi: 50
MessaggioInviato: 21 Feb 2008 19:23    Oggetto: Rispondi citando
questo il log hj:

Logfile of HijackThis v1.99.1
Scan saved at 18.22.02, on 21/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - HKCU\..\Run: [MSWTL32] C:\WINDOWS\MSATL32.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Programmi\SpyShredder\SpyShredder.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ibutu - ibutu.dll (file missing)
O21 - SSODL: zip - {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlagons.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 22 Feb 2008 00:44    Oggetto: Rispondi citando
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria

Avvia Hijackthis, seleziona queste righe e clicca fix checked:
Citazione:
O4 - HKLM\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [Microsoft hren1] C:\WINDOWS\mmhren1.exe
O4 - HKCU\..\Run: [msiconf.exe] msiconf.exe
O4 - HKCU\..\Run: [MSWTL32] C:\WINDOWS\MSATL32.exe
O4 - HKCU\..\Run: [SpyShredder] C:\Programmi\SpyShredder\SpyShredder.exe
O20 - Winlogon Notify: ibutu - ibutu.dll (file missing)
O23 - Service: Google Online Search Service - Unknown owner - C:\WINDOWS\System32\winlagons.exe (file missing)

Riavvia il PC alla modalità normale e posta un altro log di HJT;
Utilizza Avenger con questo script:
Citazione:
files to delete:
C:\WINDOWS\mmhren1.exe
C:\WINDOWS\MSATL32.exe
C:\Programmi\SpyShredder\SpyShredder.exe
C:\WINDOWS\System32\winlagons.exe

Come sempre posta il risultato;
devi installarti il Service Pack 2 non ho sottomano il link preciso ma dovrebbe essere da quì: Windows Update
installati anche l'antivirus e firewall che hai detto, altrimenti ti reinfetti di continuo. Fai prima tutte le operazioni precedenti.
Top
Profilo Invia messaggio privato
agatina
Eroe
Eroe


Registrato: 29/05/07 12:44
Messaggi: 50
MessaggioInviato: 22 Feb 2008 01:21    Oggetto: Rispondi citando
log avenger:

//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Error: could not initiate system shutdown.
Error code: 0


//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cundliyg

*******************

Script file located at: \??\C:\WINDOWS\System32\oecicidw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\WINDOWS\mmhren1.exe not found!
Deletion of file C:\WINDOWS\mmhren1.exe failed!

Could not process line:
C:\WINDOWS\mmhren1.exe
Status: 0xc0000034



File C:\WINDOWS\MSATL32.exe not found!
Deletion of file C:\WINDOWS\MSATL32.exe failed!

Could not process line:
C:\WINDOWS\MSATL32.exe
Status: 0xc0000034



File C:\Programmi\SpyShredder\SpyShredder.exe not found!
Deletion of file C:\Programmi\SpyShredder\SpyShredder.exe failed!

Could not process line:
C:\Programmi\SpyShredder\SpyShredder.exe
Status: 0xc0000034



File C:\WINDOWS\System32\winlagons.exe not found!
Deletion of file C:\WINDOWS\System32\winlagons.exe failed!

Could not process line:
C:\WINDOWS\System32\winlagons.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.



log hj:

Logfile of HijackThis v1.99.1
Scan saved at 0.19.05, on 22/02/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\elenina\Impostazioni locali\Temp\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Programmi\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NBJ] "C:\Programmi\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: zip - {16825f6a-dc77-436b-868a-17ef424b46fc} - C:\WINDOWS\Installer\{16825f6a-dc77-436b-868a-17ef424b46fc}\zip.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 22 Feb 2008 10:30    Oggetto: Rispondi
Avenger non ha trovato i file, segno che non ci sono più, o almeno spero;
il log di HJT sembra pulito;
installati al più presto gli aggiornamenti che ti ho indicato e l'antivirus....
Se riscontri altri problemi fai un fischio....


Ciao
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a Precedente  1, 2
Pagina 2 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi