Trojan

Franz1983 · 13-10-2006, 14:45

Ogni volta che mi connetto a internet entra in funzione un dialer che cerca di collegarmi a siti a pagamento, ovviamente avendo l'adsl non riesce e si impalla internet.

Mi viene riconosciuto da vari anti spyware come "Trojan Agent Winlogonhook".

Il fatto è che lo cancello ma poi appena mi connetto a internet si ricrea.

Mi potete dare qualche consiglio?

Grazie

Il mio log:

file of HijackThis v1.99.1
Scan saved at 14.45.23, on 13/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Trust mouse utility\1.0\mouse32a.exe
C:\WINDOWS\System32\rundll32.exe
D:\Musicmatch\Musicmatch Jukebox\mmtask.exe
D:\Alwil Software\Avast4\ashServ.exe
D:\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
D:\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Francesco\Desktop\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [FLMTRUSTMOUSE] "C:\Programmi\Trust mouse utility\1.0\mouse32a.exe"
O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [mmtask] "D:\Musicmatch\Musicmatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [avast!] D:\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6DF06DF-ACC7-4827-A515-9EF0808DF84B}: NameServer = 85.37.17.15 85.38.28.74
O20 - Winlogon Notify: winuah32 - C:\WINDOWS\SYSTEM32\winuah32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - D:\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - Unknown owner - D:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Controllo Registro Sistema (rgsystctl) - Unknown owner - C:\WINDOWS\Downlo~1\6b7ca7\ttbh94o.exe (file missing)

blue_tech · 13-10-2006, 18:00

scarica questo -> http://www.ewido.net/en/
e rifai la scansione con questo e con l'antivirus dalla modalità provvisoria

juninho85 · 13-10-2006, 18:08

il log va postato qua

Franz1983 · 13-10-2006, 19:26

ewido l'ho già provato, assieme a spybot spysweeper e avast.

I file strani vengono cancellati, ma poi si riformano quando mi connetto a internet

stesio54 · 14-10-2006, 10:07

Quote:

Originariamente inviato da juninho85

il log va postato qua

13-10-2006, 14:45	#1
Franz1983 Member Iscritto dal: Dec 2005 Messaggi: 85	Trojan Ogni volta che mi connetto a internet entra in funzione un dialer che cerca di collegarmi a siti a pagamento, ovviamente avendo l'adsl non riesce e si impalla internet. Mi viene riconosciuto da vari anti spyware come "Trojan Agent Winlogonhook". Il fatto è che lo cancello ma poi appena mi connetto a internet si ricrea. Mi potete dare qualche consiglio? Grazie Il mio log: file of HijackThis v1.99.1 Scan saved at 14.45.23, on 13/10/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe D:\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Trust mouse utility\1.0\mouse32a.exe C:\WINDOWS\System32\rundll32.exe D:\Musicmatch\Musicmatch Jukebox\mmtask.exe D:\Alwil Software\Avast4\ashServ.exe D:\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe D:\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Internet Explorer\iexplore.exe C:\Documents and Settings\Francesco\Desktop\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [FLMTRUSTMOUSE] "C:\Programmi\Trust mouse utility\1.0\mouse32a.exe" O4 - HKLM\..\Run: [AdslTaskBar] "rundll32.exe" stmctrl.dll,TaskBar O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe O4 - HKLM\..\Run: [mmtask] "D:\Musicmatch\Musicmatch Jukebox\mmtask.exe" O4 - HKLM\..\Run: [avast!] D:\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = D:\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: &Clean Traces - D:\DAP\Privacy Package\dapcleanerie.htm O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{C6DF06DF-ACC7-4827-A515-9EF0808DF84B}: NameServer = 85.37.17.15 85.38.28.74 O20 - Winlogon Notify: winuah32 - C:\WINDOWS\SYSTEM32\winuah32.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - D:\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Web Scanner - Unknown owner - D:\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Controllo Registro Sistema (rgsystctl) - Unknown owner - C:\WINDOWS\Downlo~1\6b7ca7\ttbh94o.exe (file missing)

13-10-2006, 19:26	#4
Franz1983 Member Iscritto dal: Dec 2005 Messaggi: 85	Ok ewido l'ho già provato, assieme a spybot spysweeper e avast. I file strani vengono cancellati, ma poi si riformano quando mi connetto a internet

13-10-2006, 18:00	#2
blue_tech Senior Member Iscritto dal: Aug 2006 Messaggi: 299	scarica questo -> http://www.ewido.net/en/ e rifai la scansione con questo e con l'antivirus dalla modalità provvisoria

13-10-2006, 18:08	#3
juninho85 Bannato Iscritto dal: Mar 2004 Città: Galapagos Attenzione:utente flautolente,tienilo a mente Messaggi: 29023	il log va postato qua

Strumenti
Mostra una versione stampabile Invia questa pagina per email