|
|||||||
|
|
|
 |
|
|
Strumenti |
19-09-2008, 11:08
|
#1 |
|
Member
Iscritto dal: Jun 2007
Messaggi: 43
|
Aiuto mi son beccato un Virus!!
Salve il mio computer si è beccato un virus!!
Cercherò di dare più informazioni possibili Chiedo aiuto agli esperti!! Sintomi: Aprendo le pagine internet si aprono pagine di pubblicità e di tool rimozione virus,e il computer è lentissimo soprattutto nell’aprire cartelle Prime indagini: Spybot rileva il trojan VIRTUMONDE ma una volta eliminato in modalità provvisoria(con l’accortezza di aver tolto il ripristino di configurazione) al riavvio il pc è lentissimo e sono costretto addirittura a disinstallare spybot altrimenti non cammina.Pero’ una volta disinstallato il problema e il trojan ricompare con la modalità di prima Sospetti: Nella cartella window/System32 ci sono delle dll che vedendo la data di creazione sono recenti e facendo un giro su google non esistono(cioè non sono dll di processi conosciuti..),sono in particolare gli ultimi diciassette file in ordine cronologico da tenere sotto occhio cioè quelli installati da settembre,gli ultimissimi sono quasi sicuramente da fixare. Posto l’immagine della cartella sistem32 con le dll in questione,: [IMG]  [/IMG]Vi metto soprattutto il file log hijachtins,ho gia visto che vi sono delle voci sospette da fixare,ma nel dubbio lascio la parola agli esperti: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10.21.21, on 19/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programmi\Bonjour\mDNSResponder.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe C:\Programmi\DCPFLICS\DCPFLICS.exe C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe C:\Programmi\FolderSize\FolderSizeSvc.exe C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\LogMeIn\x86\LogMeIn.exe C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Sandboxie\SbieSvc.exe C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe C:\spm\spmd.exe C:\WINDOWS\system32\GSICON.EXE C:\WINDOWS\system32\dslagent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Programmi\WIDCOMM\Software Bluetooth\BTTray.exe C:\Programmi\Google\Google Updater\GoogleUpdater.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe C:\WINDOWS\system32\wscntfy.exe C:\Programmi\NETGEAR\WG111v2 Configuration Utility\RtWLan.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Programmi\HP\Digital Imaging\bin\hpqbam08.exe C:\Programmi\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\taskmgr.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll O3 - Toolbar: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - (no file) O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [PC-CAM 600 STI App Registration] RunDLL32.exe PD023pin.dll,RunDLL32EP 512 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Programmi\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [BMdb29dca9] Rundll32.exe "C:\WINDOWS\system32\ygmuaftv.dll",s O4 - HKLM\..\Run: [d81aef35] rundll32.exe "C:\WINDOWS\system32\qjdihgpx.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Tasto di scelta rapida per l'avvio di AutoCAD.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart17.exe O4 - Global Startup: WG111v2 Smart Wizard Wireless Setting.lnk = ? O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Link to &MidpX - C:\Programmi\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Programmi\BitComet\tools\BitCometBHO_1.1.7.4.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Selezione intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programmi\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/pla.../installer.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{41439268-7337-4B6F-9CEC-741325F811E9}: NameServer = 192.168.0.1 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll sgfkxy.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArchVision Content Manager Service - ArchVision - C:\Programmi\ArchVision\ArchVision Content Manager\rpcACMapp.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Programmi\File comuni\InterVideo\DeviceService\DevSvc.exe O23 - Service: DCPFLICS - Unknown owner - C:\Programmi\DCPFLICS\DCPFLICS.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Folder Size (FolderSize) - Brio - C:\Programmi\FolderSize\FolderSizeSvc.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Programmi\LogMeIn\x86\LogMeIn.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Programmi\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Programmi\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Programmi\Sandboxie\SbieSvc.exe O23 - Service: ScsiAccess - Unknown owner - C:\Programmi\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: SPM License Server (spmd) - mental images GmbH - C:\spm\spmd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe -- End of file - 11542 bytes Grazie in anticipo! |
|
|
|
19-09-2008, 11:22
|
#2 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
Ciao benvenuto nel pronto soccorso di HU.
segui qui la guida per la rimozione di Falsi Antispyware/Antivirus e posta in quella discussione tutti i log richiesti secondo le modalità . ricarica la tua immagine secondo le modalità perchè deforma tutto...
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • Ultima modifica di wjmat : 19-09-2008 alle 11:27. |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 12:02.
