|
|||||||
|
|
|
 |
|
|
Strumenti |
14-07-2008, 11:40
|
#81 |
|
Junior Member
Iscritto dal: Jul 2008
Messaggi: 11
|
virtumonde si ripresenta
salve raga...mi sono beccato lo stesso virus di mauci win32/adware virtumonde
credo di averlo eliminato ma mi causa ancora problemi a internet...non mi carica certe pagine o comunque fa fatica...con internet expolorer mi dirotta la ricerca su pagine pubblicitarie o comunque non attinenti alla mia ricerca posto un log di hijack...scusate se non posto bene il log ma non sono pratico ci forum Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11.13.45, on 14/07/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe C:\Programmi\Eset\nod32kui.exe C:\Programmi\PowerISO\PWRISOVM.EXE C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe C:\Programmi\MagicDisc\MagicDisc.exe C:\Programmi\File comuni\LightScribe\LSSrvc.exe C:\Programmi\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Programmi\Spyware Terminator\sp_rsser.exe C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Windows Live\Messenger\msnmsgr.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Documents and Settings\Andrea\Documenti\Downloads\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispat...=%s&tbid=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_cu...spx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll O2 - BHO: {34859642-4d32-9438-7644-3b7584227a42} - {24a72248-57b3-4467-8349-23d424695843} - C:\WINDOWS\system32\smgjft.dll O2 - BHO: (no name) - {36953122-9F7C-4461-AF35-E23242461FD7} - C:\WINDOWS\system32\tuvSjJBQ.dll O2 - BHO: (no name) - {62BAFCA6-494E-4DBF-A274-023F138C6C2E} - C:\WINDOWS\system32\khfFVPgF.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {BEC67968-9964-4710-9011-8DD45DBF1802} - C:\WINDOWS\system32\jkkKCrPI.dll (file missing) O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: Toolbar &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programmi\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RoxWatchTray] "C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [90630663] rundll32.exe "C:\WINDOWS\system32\srptahpi.dll",b O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [BM935035ff] Rundll32.exe "C:\WINDOWS\system32\vosiqjdk.dll",s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S169.tmp" /EF "HKCU" O4 - HKCU\..\Run: [ISUSPM] "C:\Programmi\File comuni\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO DI RETE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: MagicDisc.lnk = C:\Programmi\MagicDisc\MagicDisc.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: tuvSjJBQ - C:\WINDOWS\SYSTEM32\tuvSjJBQ.dll O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Programmi\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Programmi\File comuni\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- End of file - 10293 bytes |
|
|
14-07-2008, 11:45
|
#82 |
|
Senior Member
Iscritto dal: Dec 2007
Città: Brianza
Messaggi: 14704
|
Ciao benvenuto nel pronto soccorso di HU.
Leggi le regole di sezione e poi segui qui la guida per la rimozione di Vundo e posta in quella discussione tutti i log richiesti secondo le modalità .
__________________
fattoebloggato.com • Trattamento post disinfezione • Recupero dati, RAID e Partizioni • Guida UBCD4Win • Test RAM • Controllo Disco • TestDisk • Operazioni di emergenza • Live cd Linux • UBCD • Backup • Gestione ISO & immagini virtuali • Partizionare un disco • Sardu • ScreenRecording • |
|
|
|
14-07-2008, 15:54
|
#83 |
|
Bannato
Iscritto dal: Oct 2007
Città: Palermo
Messaggi: 4623
|
sbaglio o nn c'è il 3d ufficiale per la rimozione di vundo?
credo sia meglio chiudere questo topic.....in quanto è un doppione, imho |
|
|
|
14-11-2008, 23:43
|
#84 |
|
Junior Member
Iscritto dal: Nov 2008
Messaggi: 16
|
Purtroppo ci sono caduta anche io e sto eseguendo vari controlli. Ho allegato il log hijackthis. Intanto sto scannerizzando con VundoFix e con quello di Symantec.
Ho fatto la scansione con Spybot sia in modalità provvisoria che in modalità normale. Nella prima non mi trova nulla mentre nella seconda vede il Virtumonde. Perdonate la mia ignoranza in materia ma il log di prevx come lo trovo? Grazie per l'aiuto. |
|
|
|
15-11-2008, 00:10
|
#85 |
|
Moderatore
Iscritto dal: Jun 2007
Città: 127.0.0.1
Messaggi: 25885
|
__________________
Try again and you will be luckier.
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:25.
