|
|||||||
|
|
|
 |
|
|
Strumenti |
19-04-2007, 14:46
|
#1 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 321
|
trojan immortale!
è da un paio di giorni ke questo trojan viene sempre rivelato!!!
l'ho distrutto con superantispyware ma nn muore!!! cosa posso fare? |
|
|
|
19-04-2007, 14:50
|
#2 | |
|
Senior Member
Iscritto dal: Feb 2005
Città: Europa meridionale
Messaggi: 656
|
Quote:
ciao |
|
|
|
|
|
19-04-2007, 16:15
|
#3 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
c'è una sezione per le infezioni
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
19-04-2007, 16:15
|
#4 | |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Quote:
|
|
|
|
|
|
19-04-2007, 16:46
|
#5 |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario. |
|
|
|
|
19-04-2007, 17:25
|
#6 | |
|
Senior Member
Iscritto dal: Nov 2006
Città: Monza (MI)
Messaggi: 3329
|
Quote:
 .Comunque sono d'accordo con quello detto. Ah, ricordati di postare un log di hijackthis, in modo che puoi esserci più d'aiuto, buona fortuna
__________________
CM Haf 932 Advanced | EVGA Supernova 750 G5 | Asus ROG Maximus X Hero | i7 8700k @ 4.8 cooled by Noctua NH-D15 | G.Skill DDR4 Trident Z RGB 2x8GB @ 4133 MHz 1,45v | Asus ROG STRIX GTX 1080 Ti OC | Samsung 970 EvoPlus 500GB | Samsung 840 Pro 128 GB | WD Caviar Blue 1TB | AOC 24G2U/BK | Corsair K70 (CMX Red ) | Logitech G-Pro Wireless | Fnatic FOCUS V2 | HyperX Cloud II | Win 10 Pro X64 | Vodafone FTTH 1000/200 Toshiba L50-A-1EL + Samsung 830 128 GB |
|
|
|
|
|
19-04-2007, 18:04
|
#7 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 321
|
Running processes:
C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Programmi\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\system32\HPZipm12.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\Programmi\Ahead\InCD\InCD.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\sm56hlpr.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Programmi\Multimedia Card Reader\shwicon2k.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\Java\jre1.6.0\bin\jusched.exe C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe C:\WINDOWS\updater.exe C:\Programmi\Windows Defender\MSASCui.exe C:\Programmi\QuickTime\qttask.exe C:\Programmi\iTunes\iTunesHelper.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\MsnMsgr.Exe C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\iPod\bin\iPodService.exe C:\Programmi\HP\Digital Imaging\bin\hpqgalry.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\Alice ti aiuta\bin\mpbtn.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\ATI Technologies\ATI.ACE\cli.exe C:\Programmi\MSN Messenger\usnsvc.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\WinRAR\WinRAR.exe C:\DOCUME~1\bb\IMPOST~1\Temp\Rar$EX00.015\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {43B3F517-32D1-3C54-F240-6EE34FE3FABD} - C:\WINDOWS\system32\ttgvay.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0\bin\jusched.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 O4 - HKLM\..\Run: [Windows Defender] "C:\Programmi\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [Nan] "C:\Documents and Settings\bb\Dati applicazioni\s?stem\explorer.exe" O4 - HKCU\..\Run: [Raps] "C:\WINDOWS\system32\CURITY~1\attrib.exe" -vt ndrv O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O4 - Global Startup: Avvio rapido di HP Image Zone.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Programmi\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Programmi\Microsoft Office\OFFICE11\ONENOTEM.EXE O8 - Extra context menu item: &Cerca con Google - res://c:\programmi\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Traduci parola in italiano - res://c:\programmi\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Link a ritroso - res://c:\programmi\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Pagine simili - res://c:\programmi\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Versione cache della pagina - res://c:\programmi\google\GoogleToolbar1.dll/cmcache.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1103540071355 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab53083.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{92D67EC3-0EE6-4386-9653-3FDB4501079F}: NameServer = 85.37.17.13 85.38.28.81 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SSScsiSV.exe questo è il log... ditemi per favore se mi conviene levare qualke riga per fatti di privacy Ultima modifica di Radmaster : 19-04-2007 alle 21:52. |
|
|
|
|
19-04-2007, 18:17
|
#8 | |
|
Senior Member
Iscritto dal: Nov 2001
Città: Fidenza(pr) da Trento
Messaggi: 27479
|
Quote:
__________________
"Visti da vicino siamo tutti strani..." ~|~ What Defines a Community? ~|~ Thread eMule Ufficiale ~|~ Online Armor in Italiano ~|~ Regole di Sezione ~|► Guida a PrivateFirewall
|
|
|
|
|
|
19-04-2007, 18:28
|
#9 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 321
|
mi dice uknown trojan
|
|
|
|
|
19-04-2007, 18:36
|
#10 |
|
Senior Member
Iscritto dal: Aug 2006
Città: Treviso
Messaggi: 13366
|
il log andrebbe postato nel thread ufficiale di Hijackthis, così li magari c'è gente più esperta nella lettura..comunque se ti rispondono in questo thread tanto meglio...
__________________
MSI MAG PANO 100R PZ | RM1000e | ASUS PRIME X670E-PRO WiFi | Ryzen 7 7800X3D | ARCTIC Liquid Freezer III Pro 360 | Corsair Vengeance CL36 DDR5 2x16 Gb 6000Mhz | RTX 5080 Gaming OC | Logitech G502 | Logitech G410 | ASUS ROG Swift OLED PG32UCDP | MacBook Pro M4 | Meta Quest 3 PS5 | Nintendo Switch 2 | STEAM | Vodafone FTTH 1000/200 |
|
|
|
|
19-04-2007, 19:38
|
#11 | |
|
Senior Member
Iscritto dal: Feb 2005
Città: Europa meridionale
Messaggi: 656
|
Quote:
non so se ti fa piacere o rabbia, ma il log e' perfetto. Ciao |
|
|
|
|
|
19-04-2007, 19:41
|
#12 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Spira, Zanarkand
Messaggi: 394
|
Questi non riesco a capire che cosa sono, non fixarli ancora per sicurezza... sono comunque sospetti...
O2 - BHO: (no name) - {43B3F517-32D1-3C54-F240-6EE34FE3FABD} - C:\WINDOWS\system32\ttgvay.dll O4 - HKCU\..\Run: [Nan] "C:\Documents and Settings\alborz\Dati applicazioni\s?stem\explorer.exe" Fixa: O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72816228849360B8D1BE1C59331416DC57C032CBD1BE3D290641833 |
|
|
|
|
19-04-2007, 20:26
|
#13 | |
|
Senior Member
Iscritto dal: Nov 2006
Città: Monza (MI)
Messaggi: 3329
|
Quote:
 . Io concordo con trdus strife.P.S. Posta nella sezione apposita!
__________________
CM Haf 932 Advanced | EVGA Supernova 750 G5 | Asus ROG Maximus X Hero | i7 8700k @ 4.8 cooled by Noctua NH-D15 | G.Skill DDR4 Trident Z RGB 2x8GB @ 4133 MHz 1,45v | Asus ROG STRIX GTX 1080 Ti OC | Samsung 970 EvoPlus 500GB | Samsung 840 Pro 128 GB | WD Caviar Blue 1TB | AOC 24G2U/BK | Corsair K70 (CMX Red ) | Logitech G-Pro Wireless | Fnatic FOCUS V2 | HyperX Cloud II | Win 10 Pro X64 | Vodafone FTTH 1000/200 Toshiba L50-A-1EL + Samsung 830 128 GB |
|
|
|
|
|
19-04-2007, 21:50
|
#14 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 321
|
ok ragazzi provo li...anke a me quelle voci insospettiscono xk a quanto pare il trojan si è messo nel system32....MALEDETTO....nn so neanche come ho fatto a prenderlo!!!!
grazie mille cmq |
|
|
|
|
19-04-2007, 23:57
|
#15 | |
|
Senior Member
Iscritto dal: Mar 2006
Messaggi: 22121
|
Quote:
usa browser seri quali opera o firefox.
__________________
Questa opera è distribuita secondo le regole di licenza Creative Commons salvo diversa indicazione. Chiunque volesse citare il contenuto di questo post deve necessariamente riportare il link originario. |
|
|
|
|
|
20-04-2007, 14:44
|
#16 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 321
|
cmg io uso firefox...IE è solo per bellezza
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 05:17.
