Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Aiuto please :(
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Samskeyti
Comune mortale
Comune mortale


Registrato: 25/11/07 14:44
Messaggi: 4
MessaggioInviato: 25 Nov 2007 15:10    Oggetto: Aiuto please :( Rispondi citando
Innanzitutto, buongiorno a tutti (:

Avrei un problema.. ogni volta che cerco di installare un programma mi dice che il file .exe non c'è Crying or Very sad credo di essermi presa un qualche malware..
Il risultato di hijackthis è questo:

Logfile of HijackThis v1.99.1
Scan saved at 13.58.49, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Arovax Shield\ArovaxShield.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Arovax Shield] C:\Programmi\Arovax Shield\ArovaxShield.exe -tray
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programmi\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe

Qualche idea? Ogni aiuto sarebbe apprezzatissimo perchè sono abbastanza disperata Embarassed Grazie infinite!
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 25 Nov 2007 15:59    Oggetto: Rispondi citando
Ciao Samskeyti, Ciao

il log di hijackthis sembra pulito.

Fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

PS: se vuoi, puoi presentarti qui
Top
Profilo Invia messaggio privato
Samskeyti
Comune mortale
Comune mortale


Registrato: 25/11/07 14:44
Messaggi: 4
MessaggioInviato: 25 Nov 2007 16:36    Oggetto: Rispondi citando
ciao, grazie per la disponibilità ^^

ecco i log:
http://www.freefilehosting.net/download/NDA5MjY=
http://www.freefilehosting.net/download/NDA5Mjk=
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 25 Nov 2007 17:58    Oggetto: Rispondi citando
Una cortesia, i logs salvali in formato .TXT (testo semplice).

Da quel poco che sono riuscito a vedere (manca completamente l'AUTOSTART), dovresti avere un'infezione da Bagle.
Segui queste istruzioni.
Top
Profilo Invia messaggio privato
Samskeyti
Comune mortale
Comune mortale


Registrato: 25/11/07 14:44
Messaggi: 4
MessaggioInviato: 25 Nov 2007 19:00    Oggetto: Rispondi citando
oh, scusa per i logs <.< io comunque l'autostart l'avevo fatto.. forse ho sbagliato qualcosa?

ho seguito le istruzioni e il log che mi ha dato elibagla è questo:

Sun Nov 25 17:36:57 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\DRIVERS\HIDR.EXE --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Eliminado Bagle (rootkit)
Eliminada Carpeta "%WinDir%\exefld"
Restaurada Clave: "SafeBoot\Minimal y Network"

Sun Nov 25 17:38:24 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4842
Nº Total de Ficheros: 42350
Nº de Ficheros Analizados: 8883
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Nov 25 17:41:03 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 1223
Nº Total de Ficheros: 4695
Nº de Ficheros Analizados: 89
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0
Exploración Detenida por el Usuario.

Sun Nov 25 17:44:14 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Nov 25 17:44:44 2007
EliBagle v10.73 (c)2007 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 4848
Nº Total de Ficheros: 42202
Nº de Ficheros Analizados: 8891
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0



e questo è il log nuovo di hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 17.53.45, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Arovax Shield\ArovaxShield.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\e1c01b7f52f122729009e4d1770edc4f\update\update.exe
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Arovax Shield] C:\Programmi\Arovax Shield\ArovaxShield.exe -tray
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programmi\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe


spero di aver fatto tutto giusto..
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 25 Nov 2007 19:24    Oggetto: Rispondi citando
Il log di hijackthis sembra pulito.

Giusto per sicurezza, fai anche questi passaggi.

Alla fine, fai ancora le scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

Mi sa che dovrai reinstallare il tuo antivirus. Razz
Top
Profilo Invia messaggio privato
Samskeyti
Comune mortale
Comune mortale


Registrato: 25/11/07 14:44
Messaggi: 4
MessaggioInviato: 25 Nov 2007 20:09    Oggetto: Rispondi
ma allora avevo un bagle?

comunque ho fatto come mi hai detto..
log di combofix:

ComboFix 07-11-19.3 - Diandra 2007-11-25 18.36.39.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.39.1040.18.604 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Diandra\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((( Files Creati Da 2007-10-25 al 2007-11-25 )))))))))))))))))))))))))))))))))))
.

2007-11-25 17:56 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Dati applicazioni\AVG7
2007-11-25 17:56 <DIR> d-------- C:\Documents and Settings\Diandra\Dati applicazioni\AVG7
2007-11-25 17:55 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\avg7
2007-11-25 15:20 <DIR> d-------- C:\Programmi\gmer
2007-11-15 17:07 <DIR> d-------- C:\Sailor_Stars_DVD_1
2007-11-03 12:21 <DIR> d-------- C:\Programmi\Foxit Software
2007-11-03 00:20 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-03 00:14 <DIR> d-------- C:\Programmi\WinClamAVShield
2007-11-03 00:13 <DIR> d-------- C:\Programmi\Spyware Terminator
2007-11-03 00:13 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spyware Terminator
2007-11-02 18:56 <DIR> d-------- C:\Programmi\CCleaner
2007-11-01 13:26 <DIR> d-------- C:\Programmi\Alwil Software
2007-11-01 13:26 801,144 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-11-01 13:26 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-11-01 13:26 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-10-31 22:34 <DIR> d-------- C:\Documents and Settings\Diandra\Dati applicazioni\Jetico Personal Firewall
2007-10-31 22:31 <DIR> d-------- C:\Programmi\Jetico
2007-10-31 22:22 <DIR> d-------- C:\Programmi\Arovax Shield
2007-10-31 22:21 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Arovax

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-25 17:39 --------- d-----w C:\Documents and Settings\Diandra\Dati applicazioni\OpenOffice.org2
2007-11-25 17:08 --------- d-----w C:\Programmi\AdunanzA
2007-11-25 16:52 --------- d-----w C:\Documents and Settings\Diandra\Dati applicazioni\MegauploadToolbar
2007-11-25 14:22 --------- d-----w C:\Programmi\NJStar Japanese WP
2007-11-03 13:15 --------- d-----w C:\Programmi\F-Secure
2007-11-02 19:03 118,842 ----a-w C:\WINDOWS\bwUnin-6.3.2.123-4476822L.exe
2007-10-12 14:52 --------- d-----w C:\Documents and Settings\Diandra\Dati applicazioni\verbix
2007-10-12 14:48 --------- d-----w C:\Programmi\Verbix7
2007-09-08 02:38 1,558 ---ha-w C:\hpothb07.dat
2007-08-01 01:14 48,968 -c--a-w C:\Documents and Settings\Diandra\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-04-07 22:46 121 ----a-w C:\Documents and Settings\Diandra\Dati applicazioni\SQSDRVWC.SYS
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Arovax Shield"="C:\Programmi\Arovax Shield\ArovaxShield.exe" [2007-04-26 12:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"Cmaudio"="RunDll32 cmicnfg.cpl" []
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 22:31]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2007-01-28 15:40]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-02-16 09:54]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-03-14 18:05]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06]
"JeticoPFStartup"="C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe" [2005-07-19 07:22]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39]

C:\Documents and Settings\Diandra\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
OpenOffice.org 2.1.lnk - C:\Programmi\OpenOffice.org 2.1\program\quickstart.exe [2006-11-27 16:45:48]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
hp psc 1000 series.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 21:08:34]
hpoddt01.exe.lnk - C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 20:56:10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

R1 dtd;dtd;\??\C:\Programmi\Arovax Shield\dtd.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R2 F-Secure Filter;F-Secure File System Filter;\??\C:\Programmi\F-Secure\Anti-Virus\Win2K\FSfilter.sys
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Programmi\F-Secure\Anti-Virus\Win2K\FSgk.sys
R2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Programmi\F-Secure\Anti-Virus\Win2K\FSrec.sys
S2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
S4 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys

.
Contenuto della cartella 'Scheduled Tasks'
"2007-04-11 18:45:22 C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1168543670.job"
- C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe4-I
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-25 18:39:35
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2007-11-25 18:40:06 - machine was rebooted
.
--- E O F ---


log aggiornato di hjt:

Logfile of HijackThis v1.99.1
Scan saved at 18.42.33, on 25/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Arovax Shield\ArovaxShield.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.exe
C:\Programmi\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\system32\CNAB4RPK.EXE
C:\Programmi\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Programmi\Megaupload\Mega Manager\MegaIEMn.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Programmi\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Programmi\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Arovax Shield] C:\Programmi\Arovax Shield\ArovaxShield.exe -tray
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Programmi\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Block this popup - C:\Programmi\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Scarica link utilizzando Mega Manager... - C:\Programmi\Megaupload\Mega Manager\mm_file.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Programmi\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\programmi\f-secure\fsps\program\fslsp.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe


log di gmer:
http://www.freefilehosting.net/download/NDEwMTI=
http://www.freefilehosting.net/download/NDEwMTM=
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi