|
|||||||
|
|
|
 |
|
|
Strumenti |
14-08-2008, 17:23
|
#1 |
|
Junior Member
Iscritto dal: Dec 2007
Messaggi: 11
|
Infetto da Virtumonde
Ciao a tutti... sarò breve: ho un disperato bisogno d'aiuto...
Il computer che uso al lavoro è infetto da virtumonde (almeno credo). Nod32 lo rileva, ma il problema persiste. Questo è il log di HiJackThis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17.17.27, on 14/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Programmi\PrevxCSI\prevxcsi.exe C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Programmi\PrevxCSI\prevxcsi.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\SOUNDMAN.EXE C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe C:\Programmi\Spyware Doctor\svcntaux.exe C:\Programmi\iTunes\iTunesHelper.exe C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe C:\Programmi\Spyware Doctor\swdsvc.exe C:\Programmi\Spyware Doctor\SDTrayApp.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\DAEMON Tools\daemon.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Skype\Plugin Manager\skypePM.exe C:\Programmi\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Microsoft Office\Office12\OUTLOOK.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Amministratore\Desktop\HiJackThis.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programmi\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [SpyHunter Security Suite] "C:\Programmi\Enigma Software Group\SpyHunter\SpyHunter3.exe" -minimized O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NodLogin] C:\Programmi\ESET\ESET NOD32 Antivirus\nodlogin.exe O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe" O4 - HKLM\..\Run: [BM53162cbd] Rundll32.exe "C:\WINDOWS\system32\uuoqacxt.dll",s O4 - HKLM\..\Run: [50251f21] rundll32.exe "C:\WINDOWS\system32\cbketmno.dll",b O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Scarica tutti i video usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Scarica tutto usando BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Scarica usando &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Programmi\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{F15B11A9-DF59-409E-9F06-5EBAFB8A301C}: NameServer = 213.140.2.43,213.140.2.49 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: CSIScanner - Prevx - C:\Programmi\PrevxCSI\prevxcsi.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe --- End of file - 6835 bytes Qualcuno mi può aiutare? Grazie
__________________
Configurazione: Processore: AMD Athlon 64 X2 Dual Core 6400+ 3.20 Ghz | RAM: 4Gb Dual Channel | Scheda Video: XFX 8800GT XXX | Scheda Audio: X-Fi Xtreme Audio | OS: Windows Vista Ultimate 64bit Ultima modifica di Icemangio : 14-08-2008 alle 17:25. |
|
|
14-08-2008, 18:17
|
#2 | |
|
Senior Member
Iscritto dal: Aug 2007
Città: Lucca Sesso: FEMMINA
Messaggi: 2495
|
Quote:
 un altra cosa: ci sono delle regole di sezione che vanno legge e rispettate anche nelle modalità per caricare i log eccole qui: http://www.hwupgrade.it/forum/showthread.php?t=1751598 Mod puoi chiudere |
|
|
|
|
14-08-2008, 18:31
|
#3 |
|
Junior Member
Iscritto dal: Dec 2007
Messaggi: 11
|
Sei stata breve, e soprattutto "molto simpatica e disponibile"... in senso ironico, si capisce.
Cmq grazie... Evviva la gentilezza. Il mod può chiudere, se lo ritiene opportuno. 
__________________
Configurazione: Processore: AMD Athlon 64 X2 Dual Core 6400+ 3.20 Ghz | RAM: 4Gb Dual Channel | Scheda Video: XFX 8800GT XXX | Scheda Audio: X-Fi Xtreme Audio | OS: Windows Vista Ultimate 64bit |
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:00.
