|
|||||||
|
|
|
 |
|
|
Strumenti |
19-06-2007, 11:00
|
#1 |
|
Senior Member
Iscritto dal: Aug 2006
Messaggi: 673
|
Dialer (Credo) 0001 con immagine di labbra
Ragazzi, ho un problema al pc, appena lo accendo mi compare una finestrella grigia con sopra il disegno di due labbra e intitolata 0001, che mi dice qualcosa rigurardo al modem, come se volesse connettersi, poi mi si apre internet con la pagina di un sito porno.
Ho scannerizzato sia con spybot che con AVG ma non trova nulla, in corso la scansione con Ad-Aware ma ancora niente... Guardate che bravo, vi posto anche il log di hijackthis: Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11.55.56, on 19/06/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe D:\WINDOWS\System32\svchost.exe D:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\SOUNDMAN.EXE D:\Programmi\iTunes\iTunesHelper.exe D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe D:\WINDOWS\system32\wscntfy.exe D:\windows\system32\services.exe D:\WINDOWS\system32\ctfmon.exe D:\Programmi\Messenger\msmsgs.exe D:\Programmi\DAEMON Tools\daemon.exe D:\Programmi\iPod\bin\iPodService.exe D:\Programmi\MSN Messenger\msnmsgr.exe D:\Programmi\MSN Messenger\usnsvc.exe D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe D:\Programmi\Internet Explorer\iexplore.exe D:\Documents and Settings\carlo\Desktop\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programmi\Java\jre1.5.0_09\bin\jusched.exe " O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] D:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [runner1] D:\WINDOWS\updater.exe 61A847B5BBF72816338B2B27128065E9C085320161C4661227 A755E9D29064183387384A72E512 O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe O4 - HKLM\..\Run: [csrfgewu] "d:\windows\system32\csrfgewu.exe" O4 - HKLM\..\Run: [ISUSPM] "D:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AtiTrayTools] "D:\Programmi\Ray Adams\ATI Tray Tools\atitray.exe" O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [BitTorrent] "C:\Cd Carlo\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [WMPNSCFG] D:\Programmi\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: hdi.exe O4 - Startup: MagicDisc.lnk = D:\Programmi\MagicDisc\MagicDisc.exe O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = D:\Programmi\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Add to AMV Converter... - D:\Programmi\MP3 Player Utilities 4.03\AMVConverter\grab.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: MediaManager tool grab multimedia file - D:\Programmi\MP3 Player Utilities 4.03\MediaManager\grab.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programmi\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1168189043218 O16 - DPF: {7AA32FC7-133B-4AE7-998E-CED0D9829B12} (luna Class) - http://static.waverevenue.com/website.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O20 - AppInit_DLLs: O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\System32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\System32\browseui.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: iPod Service - Apple Computer, Inc. - D:\Programmi\iPod\bin\iPodService.exe -- End of file - 6531 bytes Analizzando il log mi dà come malware qst: O4 - HKLM\..\Run: [Lexmark_X79-55] D:\WINDOWS\system32\lsasss.exe O4 - HKLM\..\Run: [bqmtqa.exe] D:\DOCUME~1\carlo\IMPOST~1\Temp\bqmtqa.exe (possibile trojan) |
|
|
|
19-06-2007, 11:05
|
#2 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22461
|
posta nella sezione delle infezioni
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:01.
