|
|||||||
|
|
|
 |
|
|
Strumenti |
07-10-2008, 17:29
|
#1 |
|
Junior Member
Iscritto dal: Oct 2008
Messaggi: 2
|
DLL download continuo -.-
Salve a tutti!
Scusate l'irruzione ma son disperato, non so come... Ma ho preso un maledetto trojan che scarica di continuo ad ogni avvio del pc delle dll con nomi impronunciabili e un file chiamato " rar.exe " nella cartella system32... Ho smanettato un pò con spybot e ho deletato qualcosa, adesso dopo il riavvio da modalità provvisoria il log di HijackThis è il seguente: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17.25.10, on 07/10/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe C:\Programmi\Eset\nod32kui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\Eset\nod32krn.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\ASUS\AASP\1.00.59\aaCenter.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe C:\Programmi\CyberLink\Shared files\RichVideo.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe C:\WINDOWS\system32\rundll32.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Programmi\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.winzozz.net/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Ai Nap] "C:\Programmi\ASUS\AI Suite\AiNap\AiNap.exe" O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Programmi\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" O4 - HKLM\..\Run: [Cpu Level Up help] C:\Programmi\ASUS\AI Suite\CpuLevelUpHelp.exe O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Programmi\ASUS\AI Suite\EnergySaving\PwSave.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [RivaTuner] "C:\Programmi\RivaTuner v2.09\RivaTuner.exe" /T O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Programmi\RivaTuner v2.09\RivaTuner.exe" /S O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Services6] dllhosts.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with &Babylon - res://C:\Programmi\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://uomodelfaro.spaces.live.com/P...d/MsnPUpld.cab O20 - AppInit_DLLs: qebxtd.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Agent.exe O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk2008\PD91Engine.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe Qualche accorgimento? Helpatemi please! |
|
|
|
07-10-2008, 17:37
|
#2 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
Ciao e benvenuto segui la Guida alla disinfezione allegando tutti i log prodotti in un'unico post secondo le sottoindicate modalità, grazie per la collaborazione
MODALITA' DI PUBBLICAZIONE DEI LOG RICHIESTI: Ogni singolo log, esclusivamente in formato txt a parte SynInspector e nell'ordine indicato in Guida, deve essere hostato su Fileqube, clicca qui per raggiungere Fileqube, pubblicando, nella discussione, singolarmente, per ogni log, il link che verrà rilasciato per il download *** REGOLE di SEZIONE - obbligatoria la lettura!! ***
__________________
Try again and you will be luckier.
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 15:31.
