Dialer (Credo) 0001 con immagine di labbra

trikydj · 19-06-2007, 12:00

Ragazzi, ho un problema al pc, appena lo accendo mi compare una finestrella grigia con sopra il disegno di due labbra e intitolata 0001, che mi dice qualcosa rigurardo al modem, come se volesse connettersi, poi mi si apre internet con la pagina di un sito porno.
Ho scannerizzato sia con spybot che con AVG ma non trova nulla, in corso la scansione con Ad-Aware ma ancora niente...

Guardate che bravo, vi posto anche il log di hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 11.55.56, on 19/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Programmi\iTunes\iTunesHelper.exe
D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe
D:\WINDOWS\system32\wscntfy.exe
D:\windows\system32\services.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\DAEMON Tools\daemon.exe
D:\Programmi\iPod\bin\iPodService.exe
D:\Programmi\MSN Messenger\msnmsgr.exe
D:\Programmi\MSN Messenger\usnsvc.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\Programmi\Internet Explorer\iexplore.exe
D:\Documents and Settings\carlo\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe "
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [runner1] D:\WINDOWS\updater.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227 A755E9D29064183387384A72E512
O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe
O4 - HKLM\..\Run: [csrfgewu] "d:\windows\system32\csrfgewu.exe"
O4 - HKLM\..\Run: [ISUSPM] "D:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AtiTrayTools] "D:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Cd Carlo\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [WMPNSCFG] D:\Programmi\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: hdi.exe
O4 - Startup: MagicDisc.lnk = D:\Programmi\MagicDisc\MagicDisc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Converter... - D:\Programmi\MP3 Player Utilities 4.03\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programmi\MP3 Player Utilities 4.03\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168189043218
O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Programmi\iPod\bin\iPodService.exe

--
End of file - 6531 bytes

Analizzando il log mi dà come malware qst:

O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe
O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe (possibile trojan)

wizard1993 · 19-06-2007, 12:05

posta nella sezione delle infezioni

19-06-2007, 12:00	#1
trikydj Senior Member Iscritto dal: Aug 2006 Messaggi: 673	Dialer (Credo) 0001 con immagine di labbra Ragazzi, ho un problema al pc, appena lo accendo mi compare una finestrella grigia con sopra il disegno di due labbra e intitolata 0001, che mi dice qualcosa rigurardo al modem, come se volesse connettersi, poi mi si apre internet con la pagina di un sito porno. Ho scannerizzato sia con spybot che con AVG ma non trova nulla, in corso la scansione con Ad-Aware ma ancora niente... Guardate che bravo, vi posto anche il log di hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11.55.56, on 19/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe D:\WINDOWS\System32\svchost.exe D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\SOUNDMAN.EXE D:\Programmi\iTunes\iTunesHelper.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe D:\WINDOWS\system32\wscntfy.exe D:\windows\system32\services.exe D:\WINDOWS\system32\ctfmon.exe D:\Programmi\Messenger\msmsgs.exe D:\Programmi\DAEMON Tools\daemon.exe D:\Programmi\iPod\bin\iPodService.exe D:\Programmi\MSN Messenger\msnmsgr.exe D:\Programmi\MSN Messenger\usnsvc.exe D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Programmi\Internet Explorer\iexplore.exe D:\Documents and Settings\carlo\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe " O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [runner1] D:\WINDOWS\updater.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227 A755E9D29064183387384A72E512 O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe O4 - HKLM\..\Run: [csrfgewu] "d:\windows\system32\csrfgewu.exe" O4 - HKLM\..\Run: [ISUSPM] "D:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AtiTrayTools] "D:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Cd Carlo\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] D:\Programmi\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: hdi.exe O4 - Startup: MagicDisc.lnk = D:\Programmi\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to AMV Converter... - D:\Programmi\MP3 Player Utilities 4.03\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programmi\MP3 Player Utilities 4.03\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168189043218 O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Programmi\iPod\bin\iPodService.exe -- End of file - 6531 bytes Analizzando il log mi dà come malware qst: O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe (possibile trojan)

19-06-2007, 12:05	#2
wizard1993 Senior Member Iscritto dal: Apr 2006 Messaggi: 22462	posta nella sezione delle infezioni __________________ amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb\|\| asus g1 Se striscia fulmina, se svolazza l'ammazza

Strumenti
Mostra una versione stampabile Invia questa pagina per email