Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

Vari virus presenti

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

Vari virus presenti

Messaggioda igmf2000@gmail.com » lun ago 17, 2009 1:40 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.24.44, on 14/08/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\msath32.exe
C:\Programmi\ACER\Launch Manager\Wbutton.exe
C:\Programmi\ACER\Launch Manager\LaunchAp.exe
C:\Programmi\ACER\Launch Manager\PowerKey.exe
C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
C:\Programmi\ACER\Launch Manager\CtrlVol.exe
C:\Windows\711Susp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
E:\PhoneConnectorVMC.exe
C:\Programmi\vodafone\vmclite\vmc.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\amministratore\Documenti\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cerca.inwind.it/cerca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.inwind.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da InWind Internet Gratis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SmartPH] C:\Windows\711Susp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\msath32.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\amministratore\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msath32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.inwind.it
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.2) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6849 bytes
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm

Re: ANY IDEAS?

Messaggioda crazy.cat » lun ago 17, 2009 1:47 pm

Si vedono alcune cose strane, ma se almeno ci descrivi che problemi riscontri possiamo indicarti meglio come risolverli.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: ANY IDEAS?

Messaggioda igmf2000@gmail.com » ven ago 21, 2009 3:23 pm

Piacere di risentirvi con la vostra consueta professionalità e disponibilità.Mi sono connesso con vmc lite Vodafone v 3.2.2.182.Non dà icone file exe da rc della chiavetta ma con d click va alla fin di dialogo.Si connette con intermittenza.Dà fin di dialogo in cui dice che un utente ha chiesto connessione remota con messaggio sotto per poi dire l'istruzione a 0x001f1cb1 ha fatto riferimento alla memoria 0x48544950 e non poteva essere written.una volta non funzionava il touch pad e la freccia andava sempre verso l'angolo.Poi non l'ha più fatto.Grazie anticipatamente.
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm


Re: ANY IDEAS?

Messaggioda crazy.cat » ven ago 21, 2009 3:41 pm

Questi file sarebbero da fare analizzare sul sito www.virustotal.com per vedere quanti sono dei virus.
Sul primo ci sono poche informazioni, il secondo è quasi sicuramente un virus, le due dll non è chiaro cosa sono.
O4 - HKLM\..\Run: [SmartPH] C:\Windows\711Susp.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\msath32.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msath32.exe
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll

Dopo l'analisi, selezioni le caselle delle righe dei file indicati come infetti e premi fix checked per eliminarle, poi rimuovi anche i relativi file.
Poi vediamo se basta questo a risolvere i problemi che hai.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: ANY IDEAS?

Messaggioda igmf2000@gmail.com » mer set 09, 2009 3:13 pm

virustotal mi ha dato questa risposta:

File log.txt received on 2009.09.09 14:14:23 (UTC)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED


Result: 0/41 (0%)
Loading server information...
Your file is queued in position: 2.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:


Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.09 -
AhnLab-V3 5.0.0.2 2009.09.09 -
AntiVir 7.9.1.12 2009.09.09 -
Antiy-AVL 2.0.3.7 2009.09.09 -
Authentium 5.1.2.4 2009.09.08 -
Avast 4.8.1351.0 2009.09.08 -
AVG 8.5.0.409 2009.09.09 -
BitDefender 7.2 2009.09.09 -
CAT-QuickHeal 10.00 2009.09.09 -
ClamAV 0.94.1 2009.09.09 -
Comodo 2264 2009.09.09 -
DrWeb 5.0.0.12182 2009.09.09 -
eSafe 7.0.17.0 2009.09.09 -
eTrust-Vet 31.6.6727 2009.09.09 -
F-Prot 4.5.1.85 2009.09.08 -
F-Secure 8.0.14470.0 2009.09.09 -
Fortinet 3.120.0.0 2009.09.09 -
GData 19 2009.09.09 -
Ikarus T3.1.1.72.0 2009.09.09 -
Jiangmin 11.0.800 2009.09.09 -
K7AntiVirus 7.10.839 2009.09.08 -
Kaspersky 7.0.0.125 2009.09.09 -
McAfee 5735 2009.09.08 -
McAfee+Artemis 5735 2009.09.08 -
McAfee-GW-Edition 6.8.5 2009.09.09 -
Microsoft 1.5005 2009.09.09 -
NOD32 4410 2009.09.09 -
Norman 6.01.09 2009.09.08 -
nProtect 2009.1.8.0 2009.09.09 -
Panda 10.0.2.2 2009.09.08 -
PCTools 4.4.2.0 2009.09.09 -
Prevx 3.0 2009.09.09 -
Rising 21.46.24.00 2009.09.09 -
Sophos 4.45.0 2009.09.09 -
Sunbelt 3.2.1858.2 2009.09.09 -
Symantec 1.4.4.12 2009.09.09 -
TheHacker 6.3.4.3.399 2009.09.09 -
TrendMicro 8.950.0.1094 2009.09.09 -
VBA32 3.12.10.10 2009.09.08 -
ViRobot 2009.9.9.1925 2009.09.09 -
VirusBuster 4.6.5.0 2009.09.08 -
Additional information
File size: 6847 bytes
MD5...: 068567a4de9e310adca7cd7d4de704f7
SHA1..: 856347713f41b7557330594e83e58d8c0dbc168a
SHA256: 072a9137474a740f92212927ee955f391233eaab707bc3eb44a3838d778fcfb3
ssdeep: 96:cpydCRL/yMJGY5Om2l5cHyeRfMwZYNoKpuzGqOLvaen6XyOysHvHV7/97bdgC
u4z:HYYxNfLcHPT7vy0

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
trid..: HijackThis logfile (100.0%)
pdfid.: -

parrebbe cioè che la macchina non sia infettata però...
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm

Re: ANY IDEAS?

Messaggioda crazy.cat » mer set 09, 2009 3:20 pm

igmf2000@gmail.com ha scritto:Your file has expired or does not exists. .

Parrebbe che il file (quale poi visto che ti ho detto di farne analizzare 4) non sia stato nemmeno analizzato perché il tempo era scaduto.

Riprovaci in un altro momento e aspetta la fine dell'analisi.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: ANY IDEAS?

Messaggioda igmf2000@gmail.com » ven set 11, 2009 7:51 am

Ho riprovato a fare la scansione con hijack e ricaricato il file sul sito.

Ho provato ad aspettare l'esito, in modo che mi si dicesse che l'analisi era finished.
Questo è quanto mi ha detto il sito

Mentre questo è il file log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.34.09, on 10/09/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msdriver32.exe
C:\WINDOWS\LTSMMSG.exe
C:\Programmi\ACER\Launch Manager\Wbutton.exe
C:\Programmi\ACER\Launch Manager\LaunchAp.exe
C:\Programmi\ACER\Launch Manager\PowerKey.exe
C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
C:\Programmi\ACER\Launch Manager\CtrlVol.exe
C:\Windows\711Susp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cerca.inwind.it/cerca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.inwind.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da InWind Internet Gratis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SmartPH] C:\Windows\711Susp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\amministratore\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.inwind.it
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.2) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6693 bytes


File hijackthis.log received on 2009.09.11 06:47:09 (UTC)Antivirus Version Last Update Result
a-squared 4.5.0.24 2009.09.11 -
AhnLab-V3 5.0.0.2 2009.09.11 -
AntiVir 7.9.1.14 2009.09.10 -
Antiy-AVL 2.0.3.7 2009.09.11 -
Authentium 5.1.2.4 2009.09.11 -
Avast 4.8.1351.0 2009.09.10 -
AVG 8.5.0.412 2009.09.10 -
BitDefender 7.2 2009.09.11 -
CAT-QuickHeal 10.00 2009.09.11 -
ClamAV 0.94.1 2009.09.11 -
Comodo 2279 2009.09.11 -
DrWeb 5.0.0.12182 2009.09.10 -
eSafe 7.0.17.0 2009.09.10 -
eTrust-Vet 31.6.6731 2009.09.11 -
F-Prot 4.5.1.85 2009.09.10 -
F-Secure 8.0.14470.0 2009.09.11 -
Fortinet 3.120.0.0 2009.09.11 -
GData 19 2009.09.11 -
Ikarus T3.1.1.72.0 2009.09.11 -
Jiangmin 11.0.800 2009.09.11 -
K7AntiVirus 7.10.841 2009.09.10 -
Kaspersky 7.0.0.125 2009.09.11 -
McAfee 5737 2009.09.10 -
McAfee+Artemis 5737 2009.09.10 -
McAfee-GW-Edition 6.8.5 2009.09.11 -
Microsoft 1.5005 2009.09.11 -
NOD32 4415 2009.09.10 -
Norman 6.01.09 2009.09.10 -
nProtect 2009.1.8.0 2009.09.10 -
Panda 10.0.2.2 2009.09.10 -
PCTools 4.4.2.0 2009.09.10 -
Prevx 3.0 2009.09.11 -
Rising 21.46.40.00 2009.09.11 -
Sophos 4.45.0 2009.09.11 -
Sunbelt 3.2.1858.2 2009.09.11 -
Symantec 1.4.4.12 2009.09.11 -
TheHacker 6.3.4.4.400 2009.09.10 -
TrendMicro 8.950.0.1094 2009.09.11 -
VBA32 3.12.10.10 2009.09.11 -
ViRobot 2009.9.11.1929 2009.09.11 -
VirusBuster 4.6.5.0 2009.09.10 -

Additional information
File size: 6694 bytes
MD5   : e3605e26aa17d1e8a79e59b08fcde09c
SHA1  : 646330f68cb00669a42119b0ce0ce9b2a97e4540
SHA256: 92471cd533cd91ad0e13008cd5eecc5df04856b963345203887997017e523969
ssdeep: 96:VpBdCd5hJGY5Om2o6LHyeRfMwZYNoKpuzGqOLvren6XyOydHvHV7/97bdgCu4yC3:e/zxNfLzMPT7vyW
PEiD  : -
RDS&nbsp;&nbsp;&nbsp;: NSRL Reference Data Set<BR>-

Perdonate l'inesperienza.E' il computer di mia moglie e lo sbaglio è stato mio....
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm

Re: ANY IDEAS?

Messaggioda crazy.cat » ven set 11, 2009 7:58 am

è meglio se cambiamo sistema, si vedono altri due eseguibili sospetti.
Utilizza questo cd per fare una scansione più completa del tuo sistema operativo pieno di virus.
http://www.MegaLab.it/3591/avira-antivir-rescuecd
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: ANY IDEAS?

Messaggioda igmf2000@gmail.com » dom set 13, 2009 5:48 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.36.03, on 13/09/2009
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\msdriver32.exe
C:\WINDOWS\LTSMMSG.exe
C:\Programmi\ACER\Launch Manager\Wbutton.exe
C:\Programmi\ACER\Launch Manager\LaunchAp.exe
C:\Programmi\ACER\Launch Manager\PowerKey.exe
C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
C:\Programmi\ACER\Launch Manager\CtrlVol.exe
C:\Windows\711Susp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cerca.inwind.it/cerca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.inwind.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da InWind Internet Gratis
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programmi\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: (no name) - {CD4C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LaunchApp] LaunApp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [Wbutton] "C:\Programmi\ACER\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [LaunchAp] C:\Programmi\ACER\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [PowerKey] "C:\Programmi\ACER\Launch Manager\PowerKey.exe"
O4 - HKLM\..\Run: [HotkeyApp] C:\Programmi\ACER\Launch Manager\HotkeyApp.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Programmi\ACER\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [SmartPH] C:\Windows\711Susp.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ISUSPM] "C:\Documents and Settings\All Users\Dati applicazioni\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\amministratore\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.inwind.it
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.2) -
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1) -
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 6526 bytes


dopo avira ho rifatto scansione con hj postando il log.
Grazie Gianmarco
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm

Re: ANY IDEAS?

Messaggioda crazy.cat » lun set 14, 2009 7:07 am

Avira aveva trovato qualche virus?
perché questi si continuano a vedere attivi e non sembrano niente di buono.
C:\WINDOWS\msdriver32.exe
C:\Windows\711Susp.exe
C:\WINDOWS\System32\reader_s.exe

Rifai la scansione e seleziona le caselle di queste righe e poi premi fix checked per eliminarle. Controlla che i relativi file exe e dll spariscano o cancellali tu.
O4 - HKLM\..\Run: [SmartPH] C:\Windows\711Susp.exe
O4 - HKLM\..\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\amministratore\reader_s.exe
O4 - HKLM\..\Policies\Explorer\Run: [Microsoft Driver Setup] C:\WINDOWS\msdriver32.exe
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\System32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\System32\oline.dll
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: Vari virus presenti

Messaggioda igmf2000@gmail.com » lun set 14, 2009 11:14 am

non ho floppy..
Avira aveva trovato questi virus


sul nokia 6600 si riferiva a drever.A e Commwarrior.F

sulla macchina

spr/tool.obfuscator.c.190
rootkit/protector.bc

ho le foto digitali del log ma sono pesanti da inviare
Avatar utente
igmf2000@gmail.com
Neo Iscritto
Neo Iscritto
 
Messaggi: 19
Iscritto il: lun ago 17, 2009 1:06 pm


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising