Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi potete controllare HijackThis

Per favore mi potete controllare HijackThis Opzioni
Topic Precedente · Topic Sucessivo
enzino85
Inviato: Saturday, December 13, 2008 12:00:34 AM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Con Internet Explorer mi si connette automaticamente a "bigmp3online.com"
Con Firefox tenta di connettersi a "antivirus-rapidscan.com"
Segue il Logfile di HijackThis
Grazie



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.33.31, on 12/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\Programmi\DiskUtility\totalcmd\TOTALCMD.EXE
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\Ad-Aware2007.exe
D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
C:\Programmi\Internet Explorer\iexplore.exe
D:\Programmi\DiskUtility\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nontipago.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programmi\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {92636829-db87-4595-a3a9-5a0b5dd560d0} - C:\WINDOWS\system32\zomutaho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [TCASUTIEXE] TCAUDIAG.exe -off
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Programmi\File comuni\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [supudivaza] Rundll32.exe "C:\WINDOWS\system32\pebemona.dll",s
O4 - HKLM\..\Run: [00fb0bdb] rundll32.exe "C:\WINDOWS\system32\zumidiba.dll",b
O4 - HKLM\..\Run: [CPM03c83847] Rundll32.exe "c:\windows\system32\lolajeyo.dll",a
O4 - HKLM\..\Run: [AAWTray] D:\Programmi\DiskUtility\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [supudivaza] Rundll32.exe "C:\WINDOWS\system32\pebemona.dll",s (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{F161C967-45DA-43F4-B2F4-282DE0ED0F46}: NameServer = 85.37.17.5 85.38.28.77
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programmi\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programmi\Crawler\Toolbar\ctbr.dll (file missing)
O20 - AppInit_DLLs: rdylbw.dll C:\WINDOWS\system32\diperede.dll c:\windows\system32\lolajeyo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lolajeyo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lolajeyo.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\DiskUtility\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Programmi\File comuni\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Programmi\Foto\Common\Database\bin\fbserver.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NBService - Nero AG - D:\Programmi\Burn\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMSAccessU - Unknown owner - d:\Programmi\Burn\CDBurnerXP\NMSAccessU.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ScsiAccess - Unknown owner - d:\Programmi\Foto\ProShowGold\ScsiAccess.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StyleXPService - Unknown owner - (no file)
O23 - Service: UPnPService - Magix AG - C:\Programmi\File comuni\MAGIX Shared\UPnPService\UPnPService.exe
O24 - Desktop Component 1: PC-Aquarium Deluxe - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 10380 bytes
Torna in alto
 
Sponsor
Inviato: Saturday, December 13, 2008 12:00:34 AM

 
Torna in alto
 
shapiro
Inviato: Saturday, December 13, 2008 1:08:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

apri hjt, spunta queste voci e premi fix checked

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {92636829-db87-4595-a3a9-5a0b5dd560d0} - C:\WINDOWS\system32\zomutaho.dll

O4 - HKLM\..\Run: [supudivaza] Rundll32.exe "C:\WINDOWS\system32\pebemona.dll",s

O4 - HKLM\..\Run: [00fb0bdb] rundll32.exe "C:\WINDOWS\system32\zumidiba.dll",b

O4 - HKUS\S-1-5-19\..\Run: [supudivaza] Rundll32.exe "C:\WINDOWS\system32\pebemona.dll",s (User 'SERVIZIO LOCALE')

O4 - HKLM\..\Run: [CPM03c83847] Rundll32.exe "c:\windows\system32\lolajeyo.dll",a

O20 - AppInit_DLLs: rdylbw.dll C:\WINDOWS\system32\diperede.dll c:\windows\system32\lolajeyo.dll




O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lolajeyo.dll

O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\lolajeyo.dll

O23 - Service: StyleXPService - Unknown owner - (no file)



analizza qui ► http://www.virustotal.com/it/

questo in rosso ► C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll



scarica Malwarebytes

http://www.malwarebytes.org/mbam/program/mbam-setup.exe




1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum
Torna in alto
 
enzino85
Inviato: Sunday, December 14, 2008 5:23:53 PM

Rank: AiutAmico

Iscritto dal : 9/12/2008
Posts: 76
Questo è il log della scansione con Malvarebytes
In attesa di ulteriori istruzioni, saluto e ringrazio

**********************************************


Malwarebytes' Anti-Malware 1.31
Versione del database: 1498
Windows 5.1.2600 Service Pack 3

14/12/2008 15.55.59
mbam-log-2008-12-14 (15-55-26).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi scansionati: 144708
Tempo trascorso: 1 hour(s), 0 minute(s), 41 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 1
Chiavi di registro infette: 4
Valori di registro infetti: 4
Elementi dato del registro infetti: 3
Cartelle infette: 0
File infetti: 8

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\WINDOWS\system32\diperede.dll (Trojan.Vundo) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{92636829-db87-4595-a3a9-5a0b5dd560d0} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{92636829-db87-4595-a3a9-5a0b5dd560d0} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm03c83847 (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\supudivaza (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\00fb0bdb (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SSODL (Trojan.Agent) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: c:\windows\system32\diperede.dll -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\diperede.dll -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo) -> Data: system32\diperede.dll -> No action taken.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\system32\diperede.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{22E78CC2-918B-45A4-B3E8-DBF10214A192}\RP179\A0057563.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{22E78CC2-918B-45A4-B3E8-DBF10214A192}\RP179\A0057564.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{22E78CC2-918B-45A4-B3E8-DBF10214A192}\RP179\A0057565.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{22E78CC2-918B-45A4-B3E8-DBF10214A192}\RP179\A0057582.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rijavuza.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\poveyawi.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yifulose.dll (Trojan.Vundo) -> No action taken.
Torna in alto
 
shapiro
Inviato: Sunday, December 14, 2008 5:33:20 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
quest'anno e' un'epidemia

anche tu colpito dal Trojan.Vundo

disattiva il ripristino

1. clic su Start-> Programmi->Accessori->Esplora risorse.

2. clic con il pulsante destro del mouse sull'icona Risorse del computer e quindi su Proprietà.

3. Selezionare la scheda "Ripristino configurazione di sistema".

4. Selezionare la voce "Disattiva ripristino configurazione di sistema"

5. Premere OK. Verrà richiesto di confermare l'azione in quanto saranno eliminati tutti i punti di ripristino memorizzati. Confermare premendo SI.


Riavvia il pc ed elimina tutto quello che ha trovato malwarebytes

Riattiva il ripristino

fai anche tu una scansione supplementare per vedere se e' rimasto qualcosa


http://www.kaspersky.com/virusscanner

1. Clicca su Kaspersky Online Scanner
2. Clicca su Accept
3. Partirà un Update
4. Vai nella colonna di sinistra dov'è scritto Scan e scegli my computer
5. Al termine della scansione in fondo a destra trovi la voce View Scan Report. Cliccaci sopra e poi clicca su Save "Save Report As" e salvalo sul desktop.
Per la scansione è richiesta l'installazione del java.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Per favore mi potete controllare HijackThis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.