|
| Precedente :: Successivo |
| Autore |
Messaggio |
Blax
Eroe in grazia degli dei
Registrato: 02/03/07 19:34
Messaggi: 97
|
 Inviato: 04 Ago 2007 12:12 Oggetto: Virus in file dll/exe nella cartella Temp |
 |
|
Salve,
ho un problema con un virus (o trojan) che rigenera continuamente dei file .dll o .exe nella cartella Temp che hanno per nome delle lettere a caso (es: eoqpoivu.dll) che ogni volta che vengono rimossi cambiano. Avg continua ad aprirmi le finestre di rilevazione virus (ad esempio quando si avvia windows, quando accedo a internet o quando apro messenger) ma anche se gli dico di rimuoverli quelli continuano a ricrearsi con nomi diversi.
Poi ho visto che Avg rileva anche dei file con estensione .ani nella cartella Temporary Internet Files che si ricreano in continuazione.
Vi posto il mio log di HiJack e grazie a chiunque mi aiuterà:
Logfile of HijackThis v1.99.1
Scan saved at 12.05.28, on 04/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Apple Software Update\SoftwareUpdate.exe
E:\Programmi\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\Sims 2 Pets.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\prdvfbom.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jdniqhmj.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe |
|
| Top |
|
 |
ste_95
Dio maturo
Registrato: 03/08/07 14:41
Messaggi: 1920
Residenza: Italy
|
| Inviato: 04 Ago 2007 14:19 Oggetto: |
|
|
questi per me sono sospetti... e per voi?
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\prdvfbom.dll",forkonce
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jdniqhmj.exe (file missing) |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 04 Ago 2007 17:06 Oggetto: |
|
|
| ste_95 ha scritto: | questi per me sono sospetti... e per voi?
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\prdvfbom.dll",forkonce
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jdniqhmj.exe (file missing) |
Ucci, ucci sento odor di virtumonde... e non é neanche da solo...
qui ci sarà da lavorare... 
@Blax
Scarica VundoFix.exe sul desktop
- Esegui VundoFix.exe
- Clicca Scan for Vundo.
- al termine della scansione, clicca Remove Vundo.
- ti chiede se vuoi eliminare i files infetti, clicca YES
- il tuo video diventerà nero durante la rimozione di Vundo.
- al termine ti chiederà di riavviare il pc, clicca OK.
- Copia qui il contenuto del log C:\vundofix.txt e un nuovo log di hijackthis.
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.
Per sicurezza, fai una passata anche con questo
Al termine, usa anche quest'altro dalla modalità provvisoria.
Posta qui tutti i logs che vengono creati e, dopo, rifai il log aggiornato di hijackthis. |
|
| Top |
|
|
Blax
Eroe in grazia degli dei
Registrato: 02/03/07 19:34
Messaggi: 97
|
| Inviato: 05 Ago 2007 12:17 Oggetto: |
|
|
Ho fatto tutti gli scan con i vari tools, intanto non mi si aprono piu le finestre di avg. Ecco i logs, se è rimasto qualche altro intruso ditemelo:
VundoFix V6.5.6
Checking Java version...
Sun Java not detected
Scan started at 11.11.45 05/08/2007
Listing files found while scanning....
C:\windows\system32\artkjdtd.dll
C:\windows\system32\cqnmarlu.dll
C:\windows\system32\ddcaxxy.dll
C:\windows\system32\faceemgl.ini
C:\windows\system32\fccaaxx.dll
C:\windows\system32\hjllm.bak1
C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini2
C:\windows\system32\hjllm.tmp
C:\windows\system32\jmsgmqiw.dll
C:\windows\system32\lgmeecaf.dll
C:\WINDOWS\system32\mlljh.dll
C:\windows\system32\nfxvgxln.dll
C:\windows\system32\nlxgvxfn.ini
C:\windows\system32\owmdqtjp.dll
C:\windows\system32\pjtqdmwo.ini
C:\windows\system32\rqrrrpo.dll
C:\windows\system32\sskwlwet.ini
C:\windows\system32\tewlwkss.dll
C:\windows\system32\ulramnqc.ini
C:\windows\system32\xxyabcb.dll
Beginning removal...
Attempting to delete C:\windows\system32\artkjdtd.dll
C:\windows\system32\artkjdtd.dll Has been deleted!
Attempting to delete C:\windows\system32\cqnmarlu.dll
C:\windows\system32\cqnmarlu.dll Has been deleted!
Attempting to delete C:\windows\system32\ddcaxxy.dll
C:\windows\system32\ddcaxxy.dll Has been deleted!
Attempting to delete C:\windows\system32\faceemgl.ini
C:\windows\system32\faceemgl.ini Has been deleted!
Attempting to delete C:\windows\system32\fccaaxx.dll
C:\windows\system32\fccaaxx.dll Has been deleted!
Attempting to delete C:\windows\system32\hjllm.bak1
C:\windows\system32\hjllm.bak1 Has been deleted!
Attempting to delete C:\windows\system32\hjllm.bak2
C:\windows\system32\hjllm.bak2 Has been deleted!
Attempting to delete C:\windows\system32\hjllm.ini
C:\windows\system32\hjllm.ini Has been deleted!
Attempting to delete C:\windows\system32\hjllm.ini2
C:\windows\system32\hjllm.ini2 Has been deleted!
Attempting to delete C:\windows\system32\hjllm.tmp
C:\windows\system32\hjllm.tmp Has been deleted!
Attempting to delete C:\windows\system32\jmsgmqiw.dll
C:\windows\system32\jmsgmqiw.dll Has been deleted!
Attempting to delete C:\windows\system32\lgmeecaf.dll
C:\windows\system32\lgmeecaf.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\mlljh.dll Has been deleted!
Attempting to delete C:\windows\system32\nfxvgxln.dll
C:\windows\system32\nfxvgxln.dll Has been deleted!
Attempting to delete C:\windows\system32\nlxgvxfn.ini
C:\windows\system32\nlxgvxfn.ini Has been deleted!
Attempting to delete C:\windows\system32\owmdqtjp.dll
C:\windows\system32\owmdqtjp.dll Has been deleted!
Attempting to delete C:\windows\system32\pjtqdmwo.ini
C:\windows\system32\pjtqdmwo.ini Has been deleted!
Attempting to delete C:\windows\system32\rqrrrpo.dll
C:\windows\system32\rqrrrpo.dll Has been deleted!
Attempting to delete C:\windows\system32\sskwlwet.ini
C:\windows\system32\sskwlwet.ini Has been deleted!
Attempting to delete C:\windows\system32\tewlwkss.dll
C:\windows\system32\tewlwkss.dll Has been deleted!
Attempting to delete C:\windows\system32\ulramnqc.ini
C:\windows\system32\ulramnqc.ini Has been deleted!
Attempting to delete C:\windows\system32\xxyabcb.dll
C:\windows\system32\xxyabcb.dll Has been deleted!
Performing Repairs to the registry.
Done!
Symantec Trojan.Vundo Removal Tool 1.5.0
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\allifolgore92@hotmail.it\DFSR\Staging\CS{D3E1A48D-7AB0-735B-20AC-97FFA2ED8535}\01\21-{D3E1A48D-7AB0-735B-20AC-97FFA2ED8535}-v1-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v21-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\allifolgore92@hotmail.it\DFSR\Staging\CS{D3E1A48D-7AB0-735B-20AC-97FFA2ED8535}\14\45-{7AF5E37D-6C7F-4EB6-ABE5-F97043A35DEA}-v14-{5E81C5B2-BE3A-4589-89A2-E31D8DDB4100}-v45-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\allifolgore92@hotmail.it\DFSR\Staging\CS{D3E1A48D-7AB0-735B-20AC-97FFA2ED8535}\32\42-{5E81C5B2-BE3A-4589-89A2-E31D8DDB4100}-v32-{5E81C5B2-BE3A-4589-89A2-E31D8DDB4100}-v42-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\16\16-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v16-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v16-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\16\16-{BD99DD01-9928-4066-AB10-23A4413EABFD}-v16-{BD99DD01-9928-4066-AB10-23A4413EABFD}-v16-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\17\17-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v17-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v17-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\19\19-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v19-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v19-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\20\20-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v20-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v20-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\inochan08@yahoo.it\DFSR\Staging\CS{6CFE8232-F6DA-EED7-71B1-856AD9CBD9FB}\22\22-{BD99DD01-9928-4066-AB10-23A4413EABFD}-v22-{BD99DD01-9928-4066-AB10-23A4413EABFD}-v22-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\crystal_stefy@hotmail.it\SharingMetadata\salvatore17@hotmail.it\DFSR\Staging\CS{E839E926-B38F-0515-13BE-FA50A5CF3EA1}\01\18-{E839E926-B38F-0515-13BE-FA50A5CF3EA1}-v1-{BBF2BE57-8AD7-42A5-992D-4A7C7853C4ED}-v18-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\01\10-{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}-v1-{8F136446-0F80-4D6D-954D-8B45063A76E4}-v10-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\11\13-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v11-{9010CDA7-F0D3-46BC-B071-EB2AE62E27C2}-v13-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\28\28-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v28-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v28-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\29\29-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v29-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\29\29-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v29-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v29-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\30\31-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v30-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v31-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\43\27-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v43-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v27-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\44\44-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v44-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v44-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\53\53-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v53-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v53-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\60\60-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v60-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v60-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\needled247_ch@hotmail.com\DFSR\Staging\CS{B0F6EA87-0534-2D6C-B238-E6D2FBDC527C}\61\61-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v61-{A4DD3B13-94E9-4FAF-ABEA-774F72F8579E}-v61-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\spirit399@hotmail.com\DFSR\Staging\CS{61240095-AC5B-7F06-3F70-A06E3429B491}\01\11-{61240095-AC5B-7F06-3F70-A06E3429B491}-v1-{8F136446-0F80-4D6D-954D-8B45063A76E4}-v11-Downloaded.frx (WARNING: not scanned, path to long)
C:\Documents and Settings\Rocco.HOME\Impostazioni locali\Dati applicazioni\Microsoft\Messenger\fabry83_714@hotmail.com\SharingMetadata\spirit399@hotmail.com\DFSR\Staging\CS{61240095-AC5B-7F06-3F70-A06E3429B491}\33\33-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v33-{B3963E07-272D-4F7C-A77D-26A0B418084D}-v33-Downloaded.frx (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
D:\System Volume Information: (not scanned)
E:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.
[08/05/2007, 11:57:32] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Rocco.HOME\Desktop\VirtumundoBeGone.exe" )
[08/05/2007, 11:57:44] - Detected System Information:
[08/05/2007, 11:57:44] - Windows Version: 5.1.2600, Service Pack 2
[08/05/2007, 11:57:44] - Current Username: Casa (Admin)
[08/05/2007, 11:57:44] - Windows is in SAFE mode with Networking.
[08/05/2007, 11:57:44] - Searching for Browser Helper Objects:
[08/05/2007, 11:57:44] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Supporto di collegamento per Adobe PDF Reader)
[08/05/2007, 11:57:44] - BHO 2: {08EE06E7-D8E5-4736-9BB8-D62FB3F45F18} ()
[08/05/2007, 11:57:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/05/2007, 11:57:45] - Checking for HKLM\...\Winlogon\Notify\mlljh
[08/05/2007, 11:57:45] - Key not found: HKLM\...\Winlogon\Notify\mlljh, continuing.
[08/05/2007, 11:57:45] - BHO 3: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[08/05/2007, 11:57:45] - BHO 4: {385D525C-507F-48D3-A481-158EBA8D2036} ()
[08/05/2007, 11:57:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/05/2007, 11:57:45] - Checking for HKLM\...\Winlogon\Notify\qdovtopq
[08/05/2007, 11:57:45] - Key not found: HKLM\...\Winlogon\Notify\qdovtopq, continuing.
[08/05/2007, 11:57:45] - BHO 5: {5D945E9A-DC10-4670-83EB-99DAA616628A} (Suchspur)
[08/05/2007, 11:57:45] - BHO 6: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[08/05/2007, 11:57:45] - BHO 7: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[08/05/2007, 11:57:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/05/2007, 11:57:45] - No filename found. Continuing.
[08/05/2007, 11:57:45] - BHO 8: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
[08/05/2007, 11:57:45] - BHO 9: {90F75E47-94D2-48AC-8D32-863356FA6578} ()
[08/05/2007, 11:57:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/05/2007, 11:57:45] - Checking for HKLM\...\Winlogon\Notify\fccaaxx
[08/05/2007, 11:57:45] - Key not found: HKLM\...\Winlogon\Notify\fccaaxx, continuing.
[08/05/2007, 11:57:45] - BHO 10: {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} ()
[08/05/2007, 11:57:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[08/05/2007, 11:57:45] - Checking for HKLM\...\Winlogon\Notify\pwyvihvf
[08/05/2007, 11:57:45] - Key not found: HKLM\...\Winlogon\Notify\pwyvihvf, continuing.
[08/05/2007, 11:57:45] - Finished Searching Browser Helper Objects
[08/05/2007, 11:57:45] - Finishing up...
[08/05/2007, 11:57:45] - Nothing found! Exiting...
Logfile of HijackThis v1.99.1
Scan saved at 12.02.45, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
E:\Programmi\iTunes\iTunesHelper.exe
D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Programmi\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {08EE06E7-D8E5-4736-9BB8-D62FB3F45F18} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - d:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {385D525C-507F-48D3-A481-158EBA8D2036} - C:\WINDOWS\system32\qdovtopq.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\fccaaxx.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\pwyvihvf.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\Sims 2 Pets.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\darcayfv.dll",forkonce
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - d:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jdniqhmj.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 05 Ago 2007 14:40 Oggetto: |
|
|
Avvia il pc in modalità provvisoria
esegui hijackthis
clicca su do a system scan only
metti il segno di spunta a queste voci:
| Citazione: | O2 - BHO: (no name) - {08EE06E7-D8E5-4736-9BB8-D62FB3F45F18} - C:\WINDOWS\system32\mlljh.dll (file missing)
O2 - BHO: (no name) - {385D525C-507F-48D3-A481-158EBA8D2036} - C:\WINDOWS\system32\qdovtopq.dll
O2 - BHO: Suchspur - {5D945E9A-DC10-4670-83EB-99DAA616628A} - C:\WINDOWS\system32\Suchspur.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {90F75E47-94D2-48AC-8D32-863356FA6578} - C:\WINDOWS\system32\fccaaxx.dll (file missing)
O2 - BHO: (no name) - {CF46BFB3-2ACC-441b-B82B-36B9562C7FF1} - C:\WINDOWS\system32\pwyvihvf.dll
O4 - HKLM\..\Run: [I downloaded pirated Software from P2P ] C:\WINDOWS\system32\Sims 2 Pets.exe
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\system32\darcayfv.dll",forkonce
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Suchen - res://C:\WINDOWS\system32\Suchspur.dll/Suchspur.HTM
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\jdniqhmj.exe (file missing) |
clicca fix checked
Riavvia il pc in modalità normale, rifai il log di hijackthis e postalo
Scarica VirIt, installalo, aggiornalo (importante) e fai lo scan completo.
Dopo collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato delle scansioni in un file, carica il file su http://www.freefilehosting.net e posta qui il link che ti viene assegnato. |
|
| Top |
|
|
Blax
Eroe in grazia degli dei
Registrato: 02/03/07 19:34
Messaggi: 97
|
| Inviato: 07 Ago 2007 00:55 Oggetto: |
|
|
Ok ho fatto tutto, ecco i log di hijack, virit e kaspersky.
link
Ho visto che kaspersky ha trovato di nuovo il virtumonde ma è nella cartella dei punti di ripristino (che ora ho cancellato) quindi non dovrebbero esserci piu. |
|
| Top |
|
|
bdoriano
Amministratore
Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
|
| Inviato: 07 Ago 2007 08:42 Oggetto: |
 |
|
Il log di hijackthis sembra pulito. 
Ti consiglio di cancellare anche gli altri files infetti trovati da Kaspersky. |
|
| Top |
|
|
|
|
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi
|
|
FAQ
Cerca
Lista utenti
Gruppi
Registrati
Profilo
Messaggi privati
Log in
