Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virtumonde.dll

Virtumonde.dll Opzioni
Topic Precedente · Topic Sucessivo
gcerri
Inviato: Sunday, July 06, 2008 1:31:03 PM
Rank: AiutAmico

Iscritto dal : 2/11/2007
Posts: 289
Carissimi, ho fatto scansione con Spybot e mi compare Virtumonde.ddl, eppure ho fatto poco prima scansione con ccleaner con rimozione delle voci da lui consigliate. AVG 8.0.138 non ha rilevato niente. Come lo caccio?
Da notare che da quando psybot ha rilevato il malwere la velocità della scansione si è moltissimo rallentata....:Think
Torna in alto
 
Sponsor
Inviato: Sunday, July 06, 2008 1:31:03 PM

 
Torna in alto
 
r16
Inviato: Sunday, July 06, 2008 1:40:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Bella fetecchia......Anxious Anxious
Disattiva il ripristino configurazione di sistema, e tienilo disattivato, fino alla soluzione del problema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Scarica VundoFix.exe sul desktop http://www.atribune.org/ccount/click.php?id=4
Doppio click sull'icona per avviare VundoFix.exe
Clicca Scan for Vundo.
Durante le operazioni di scansione, non utilizzare il pc
al termine della scansione, clicca Remove Vundo.

Ti chiede se vuoi eliminare i files infetti, clicca YES
il tuo video diventerà nero durante la rimozione di Vundo.

Al termine ti chiederà di riavviare il pc, clicca OK.
Copia qui il contenuto del log C:\vundofix.txt .
Nota: VundoFix potrebbe non riuscire ad eliminare qualche file. In questo caso, VundoFix si avvierà automaticamente al riavvio del pc, ripeti le operazioni indicate sopra partendo da "Clicca Scan for Vundo" quando VundoFix apparirà al riavvio.

Scarica VirtuMondeBegone sul desktop http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe
Avvia il pc in modalità provvisoria. (va usato esclusivamente in questa modalità)
Doppio click sull'icona per avviare il programma

Clicca su Continue
Clicca su Start
Clicca su Si
Al termine riavvia il pc e copia qui il log che verrà creato.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1, premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .
Sempre qui.
ComboFix non funziona in modalità provvisoria
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Vorrei vedere TUTTI i log che ti ho segnalato.
Torna in alto
 
gcerri
Inviato: Sunday, July 06, 2008 7:46:07 PM
Rank: AiutAmico

Iscritto dal : 2/11/2007
Posts: 289
Caro r16, innanzi tutto grazie molto, la situazione è la seguente: a) Vundo fix.exe non ha rilevato nessun malware, b) non sono riuscito, sono a lavoro e quindi non autorizza il download, a scaricare VirtuMondeBegone, c) ti invio log HijackThis, log ComboFix.
ComboFix 08-07-05.1 - gianlucacerri amm 2008-07-06 17.27.09.1 - NTFSx86
Eseguito da: C:\Documents and Settings\gianlucacerri amm\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-06-06 al 2008-07-06 )))))))))))))))))))))))))))))))))))
.

C:\ComboFix\CreateC00.bat .
2008-07-06 17:23 . 2008-07-06 17:28 <DIR> d-------- C:\QooBox
2008-07-06 17:23 . 2008-07-06 17:28 <DIR> d-------- C:\QooBox
2008-07-06 17:22 . 2008-07-06 17:38 <DIR> d-------- C:\ComboFix
2008-07-06 17:22 . 2008-07-06 17:38 <DIR> d-------- C:\ComboFix
2008-07-06 17:22 . 2008-07-06 17:38 <DIR> d-------- C:\ComboFix
2008-07-06 16:14 . 2008-07-06 16:14 <DIR> d-------- C:\VundoFix Backups
2008-07-06 16:14 . 2008-07-06 16:14 <DIR> d-------- C:\VundoFix Backups
2008-07-06 16:14 . 2008-07-06 16:14 <DIR> d-------- C:\VundoFix Backups
2008-07-06 16:14 . 2008-07-06 16:14 <DIR> d-------- C:\VundoFix Backups
2008-06-29 20:17 . 2008-06-14 19:32 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-29 19:37 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-29 18:37 . 2008-06-29 18:37 <DIR> d-------- C:\Programmi\Microsoft Silverlight
2008-06-29 16:56 . 2008-06-29 17:00 <DIR> d-------- C:\WINDOWS\system32\ZeroSpyware
2008-06-29 16:55 . 2008-06-29 16:55 <DIR> d-------- C:\Programmi\FBM Software
2008-06-29 16:55 . 2006-05-26 17:39 64,336 -ra------ C:\WINDOWS\system32\zsnotify.dll
2008-06-29 16:55 . 2006-04-05 09:45 61,208 -ra------ C:\WINDOWS\system32\zsfd.exe
2008-06-25 00:10 . 2008-07-06 17:20 <DIR> d-------- C:\Documents and Settings\gianlucacerri amm\Dati applicazioni\OpenOffice.org2
2008-06-24 23:58 . 2008-06-25 00:00 <DIR> d-------- C:\Programmi\OpenOffice.org 2.4
2008-06-24 23:00 . 2008-07-06 10:08 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-06-24 23:00 . 2008-07-06 10:11 <DIR> d-------- C:\Documents and Settings\gianlucacerri amm\Dati applicazioni\Spyware Terminator
2008-06-24 23:00 . 2008-07-05 13:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator
2008-06-24 23:00 . 2008-06-24 23:00 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-06-24 22:32 . 2008-07-06 13:49 <DIR> d-------- C:\GIANLUCA
2008-06-24 22:32 . 2008-07-06 13:49 <DIR> d-------- C:\GIANLUCA
2008-06-24 22:32 . 2008-07-06 13:49 <DIR> d-------- C:\GIANLUCA
2008-06-24 22:32 . 2008-07-06 13:49 <DIR> d-------- C:\GIANLUCA

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-06 08:37 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-06 08:15 --------- d-----w C:\Programmi\Cobian Backup 9
2008-07-05 12:13 --------- d-----w C:\Documents and Settings\gianlucacerri amm\Dati applicazioni\SlipStream
2008-07-02 19:19 --------- d---a-w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-02 18:38 --------- d-----w C:\Programmi\SpywareBlaster
2008-07-02 18:29 96,520 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-02 18:29 76,040 ----a-w C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-02 18:29 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-06-29 19:44 --------- d-----w C:\Documents and Settings\gianlucacerri amm\Dati applicazioni\AVGTOOLBAR
2008-06-29 14:55 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-06-29 14:53 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-06-24 21:56 --------- d-----w C:\Programmi\Java
2008-06-14 17:32 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-03 21:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Comodo
2008-06-03 20:29 --------- d-----w C:\Programmi\Comodo
2008-06-03 20:28 87,056 ----a-w C:\WINDOWS\system32\drivers\cmdguard.sys
2008-06-03 20:28 24,208 ----a-w C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-06-03 20:28 143,104 ----a-w C:\WINDOWS\system32\guard32.dll
2008-06-03 20:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-06-03 20:01 --------- d-----w C:\Programmi\CCleaner
2008-05-19 17:09 --------- d-----w C:\Programmi\Mozilla Sunbird
2008-05-18 19:33 --------- d-----w C:\Programmi\McDonaldsDragons
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 02:27 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 02:16 331,776 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 02:13 99,840 ----a-w C:\WINDOWS\system32\loadperf.dll
2008-04-14 02:12 9,344 ----a-w C:\WINDOWS\system32\framebuf.dll
2008-04-14 02:11 539,648 ----a-w C:\WINDOWS\system32\comuid.dll
2008-04-14 02:11 285,696 ----a-w C:\WINDOWS\system32\atmfd.dll
2008-04-14 02:11 16,896 ----a-w C:\WINDOWS\system32\cfgmgr32.dll
2008-04-14 01:55 2,192,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 01:54 4,096 ------w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 01:54 2,069,632 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 01:53 92,672 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 01:52 80,896 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 01:52 2,973,696 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-14 01:51 566,272 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 01:51 51,200 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 01:51 186,880 ------w C:\WINDOWS\system32\wmerror.dll
2008-04-14 01:50 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 01:49 68,608 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 01:49 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-14 01:48 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-14 01:47 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:40 449,024 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 18:37 2,962,432 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:35 195,072 ------w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:14 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-13 17:13 424,448 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-13 17:13 1,001,472 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-13 16:48 1,647,616 ------w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 11:50 28672]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2001-07-27 19:18 94208]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2001-07-27 19:17 282624]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 23:34 36864]
"SlipStream"="C:\Programmi\Web Accelerator\slipcore.exe" [2006-04-07 05:51 253952]
"ClamWin"="C:\Programmi\ClamWin\bin\ClamTray.exe" [2008-06-14 15:13 77824]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 20:30 1232152]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"COMODO Firewall Pro"="C:\Programmi\Comodo\Firewall\cfp.exe" [2008-06-03 22:28 1655552]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-06-24 23:00 1817600]
"ZSScheduler"="C:\Programmi\FBM Software\ZeroSpyware\ZSLoader.exe" [2006-05-26 17:39 52048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:14 15360]

C:\Documents and Settings\gianlucacerri amm\Menu Avvio\Programmi\Esecuzione automatica\
OpenOffice.org 2.4.lnk - C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 16:41:28 393216]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Assistente documenti.lnk - C:\HPDESK\hppddir.exe [2008-01-27 09:37:14 385024]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 11:15:56 65588]
Promemoria del Calendario di Microsoft Works.lnk - C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe [1999-08-06 10:53:00 53317]
SlipStream Web Accelerator.lnk - C:\Programmi\Web Accelerator\slipgui.exe [2008-02-02 19:07:56 159744]

Pend(?)
.:\\(0!|0\\0)
C:\\WINDOWS\\system32\\(\\|0!|0\\0)
C:\\WINDOWS\\system32\\config\\(\\|0!|0\\0)
C:\\WINDOWS\\system32\\csrss.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\drivers\\(\\|0!|0\\0)
C:\\WINDOWS\\system32\\hal.dll\\(0!|0\\0)
C:\\WINDOWS\\system32\\lsass.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\ntdll.dll\\(0!|0\\0)
C:\\WINDOWS\\system32\\services.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\smss.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\svchost.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\userinit.exe\\(0!|0\\0)
C:\\WINDOWS\\system32\\wbem\\(\\|0!|0\\0)
C:\\WINDOWS\\system32\\winlogon.exe\\(0!|0\\0)
C:\\boot.ini\\(0!|0\\0)
C:\\ntdetect.com\\(0!|0\\0)
C:\\ntldr\\(0!|0\\0)
C:\\WINDOWS\\(\\|0!|0\\0)
C:\\WINDOWS\\explorer.exe\\(0!|0\\0)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44, on 2008-07-06
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\Comodo\Firewall\cmdagent.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Web Accelerator\slipcore.exe
C:\Programmi\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe
C:\Programmi\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\HPDESK\hppddir.exe
C:\Programmi\File comuni\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Programmi\Web Accelerator\slipgui.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.exe
C:\Programmi\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\explorer.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=0410&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZSScheduler] "C:\Programmi\FBM Software\ZeroSpyware\ZSLoader.exe" -STARTUP
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Assistente documenti.lnk = C:\HPDESK\hppddir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197817996840
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197818613186
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe

--
End of file - 7489 bytes
Torna in alto
 
r16
Inviato: Sunday, July 06, 2008 10:10:52 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ok.
Lascia sempre disattivato il ripristino configurazione di sistema.
Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc =0410&s=search&ap=b204
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).

Scarica Spy-Bot da qui http://www.aiutaamici.com/software?ID=10831 e fai una scansione sempre in Modalità Provvisoria.

Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.

Esegui una scansione con Bitdefender Online Scanner: http://www.bitdefender.com/scan8/ie.html
per poter eseguire l'operazione, è necessario utilizzare il Browser Internet Explorer.
una volta aperta la pagina, clicca I agree.
verrà proposta l'installazione di un ActiveX.
installato ActiveX, segui la procedura guidata ed esegui la scansione del Disco sul quale è residente il Sistema Operativo (di norma, C:)
Salva il Report che verrà rilasciato.
Terminata la scansione di Bitdefender - e' necessario riavviare il sistema.
Postami il log di Virit.
Posta anche (alla fine di tutte le operazioni) un log di hijackthis
Fai quest'altra scansione:

Scarica FIXVUNDO:
http://www.symantec.com/content/it/it/global/removal_tool/threat_writeups/FixVundo.exe
lancia FIXVundo
clicca su Start per avviare la scansione.
il tool se rileverà traccie di vundo, procederà automaticamente
finita la scansione, ti apparirà il messaggio se sono state rilevate o meno traccie di vundo.

potrai trovare il log nella stessa cartella in cui il tool è stato eseguito.
*********************************************************************************************************
Se il pc và bene, e non vengono rilevate infezioni ,esegui queste 2 procedure:
lancia Hijackthis
clicca sulla voce Open the misc tool section
clicca su Open ads spy
togli la spunta alla voce Quick scan (windows base folder only)
lascia la spunta alla voce Ignore safe system info streams
togli la spunta alla voce Calculate md5 checksum of streams
clicca su Scan
se venissero rilevati ADS, spunta tutte le caselline e clicca su Remove selected
Terminata la scansione, devi riavviare il sistema.


Provvedi a svuotare del suo contenuto la cartella Prefetch :

Start
clicca su Risorse del Computer
clicca su Disco locale C:
cerca, all’interno delle cartelle che saranno visualizzate la cartella Windows, aprila ed, al suo interno, cerca la cartella Prefetch, la apri ed elimina tutte le voci conservate al suo interno (mi raccomando, non eliminare la cartella)
Dovresti aver risolto,se hai domande da pormi, sono qui.
Torna in alto
 
gcerri
Inviato: Friday, July 11, 2008 1:32:16 PM
Rank: AiutAmico

Iscritto dal : 2/11/2007
Posts: 289
r16 per cortesia vedi un pò cosa ne è venuto fuori.
1) adsspy
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34 (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34 (120 bytes)

li devo eliminare?

2)avgrep
AVG 8.0 Anti-Virus command line scanner
Copyright (c) 1992 - 2008 AVG Technologies
Program version 8.0.134, engine 8.0.0
Virus Database: Version 270.4.5/1536 2008-07-05

C:\Documents and Settings\gianlucacerri amm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\gianlucacerri amm\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\gianlucacerri amm\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\gianlucacerri amm\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Locked file. Not tested.
C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Locked file. Not tested.
C:\Documents and Settings\NetworkService\NTUSER.DAT Locked file. Not tested.
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Locked file. Not tested.
C:\Documents and Settings\UTENTE\ Locked file. Not tested.
C:\pagefile.sys Locked file. Not tested.
C:\Programmi\Crawler\Toolbar\Update\domains.cab Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc1\ Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc11.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc12.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc13.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc14.zip Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc15.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc16.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc19.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc2.htm Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc21.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc23.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc24.zip Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc25.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc26.zip Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc27.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc28.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc29.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc30.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc31.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc32.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc33.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc34.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc35.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc36.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc37.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc38\ Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc39\ Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc4.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc40.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc41.lnk Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc5.exe Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc6.doc Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc7.zip Locked file. Not tested.
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc8.doc Locked file. Not tested.
C:\System Volume Information\ Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\es.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\browser.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Locked file. Not tested.
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Locked file. Not tested.
C:\WINDOWS\system32\config\default Locked file. Not tested.
C:\WINDOWS\system32\config\default.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SAM Locked file. Not tested.
C:\WINDOWS\system32\config\SAM.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY Locked file. Not tested.
C:\WINDOWS\system32\config\SECURITY.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\software Locked file. Not tested.
C:\WINDOWS\system32\config\software.LOG Locked file. Not tested.
C:\WINDOWS\system32\config\system Locked file. Not tested.
C:\WINDOWS\system32\config\system.LOG Locked file. Not tested.

Objects scanned : 385934
Found infections : 0
Found PUPs : 0
Healed infections : 0
Healed PUPs : 0
Warnings : 0

3) FixVundo
Symantec Trojan.Vundo Removal Tool 1.5.1

C:\Documents and Settings\UTENTE: (not scanned)
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc1: (not scanned)
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc38: (not scanned)
C:\RECYCLER\S-1-5-21-2704883870-951796526-1614765859-1006\Dc39: (not scanned)
C:\System Volume Information: (not scanned)
Trojan.Vundo has not been found on your computer.

4) hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:56, on 2008-07-07
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Programmi\Web Accelerator\PBHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Programmi\Web Accelerator\components\NOWImaging.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [CPQEASYACC] C:\Programmi\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SlipStream] "C:\Programmi\Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Programmi\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZSScheduler] "C:\Programmi\FBM Software\ZeroSpyware\ZSLoader.exe" -STARTUP
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Programmi\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Assistente documenti.lnk = C:\HPDESK\hppddir.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Promemoria del Calendario di Microsoft Works.lnk = ?
O4 - Global Startup: SlipStream Web Accelerator.lnk = C:\Programmi\Web Accelerator\slipgui.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197817996840
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1197818613186
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Programmi\Comodo\Firewall\cmdagent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 6288 bytes

5) virit
VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
07/07/2008 - 01:46:54

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Preferiti\GNLD\Offerte lavoro.url Infetto da HTML.LinkShare.A
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 1.
Files Sospetti: 0.
Files Analizzati: 19478.
Files Totali: 19478.
Chiavi Registro rimosse: 0.
Virus Rimossi: 1.

[SCANSIONE DELLA MEMORIA]
OK
07/07/2008 - 12:54:56

[SCANSIONE DEL REGISTRO]
OK

[A:]
BOOT SECTOR: OK


[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[E:]


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 42586.
Files Totali: 42586.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.
Torna in alto
 
r16
Inviato: Friday, July 11, 2008 7:07:49 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
r16 per cortesia vedi un pò cosa ne è venuto fuori.
1) adsspy
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34 (120 bytes)
C:\Documents and Settings\All Users\Dati applicazioni\TEMP : 5C321E34 (120 bytes)

li devo eliminare?
Si, questi vanno eliminati.
Per eliminare questi:C:\RECYCLER,basta che SVUOTI il Cestino.
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
Il log di HijackThis è pulito.
Dimmi se il pc và bene,oppure se riscontri qualche problema.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Virtumonde.dll


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.