Ciao a tutti , ho beccato quel noiosissimo virus che si comporta come un antivirus e credo che mi abbia scaricato sul PC ulteriore schifezza.
Ho fatto girare una miriade di antispyware/antimalware ( spyware doctor , malwarebyte's anti-malware , a-squared e Smitfraudx ) ma il problema non č ancora risolto e mi ritrovo i seguenti problemi :
1) quando navigo su Iexplorer mi si aprono delle popup con messaggi pubblicitari
2) se provo a far partire Google Chrome non mi parte
3) mi si modificano periodicamente le impostazioni della tastiera ( a italiano a inglese e devo premere shift+alt per ripristinarle )
Sapreste dirmi come risolvere definitivamente il problema e se 2) e 3) possono dipendere dal virus o devo cercare altrove la soluzione? Grazie.
Questi sono i log rispettivamente di hijackthis e SmitFraudx
codice:Logfile of HijackThis v1.99.1 Scan saved at 12.13.31, on 04/01/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Google\Update\GoogleUpdate.exe C:\WINDOWS\Explorer.EXE C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Programmi\Apoint2K\Apoint.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Programmi\Apoint2K\Apntex.exe C:\Programmi\Spyware Doctor\pctsTray.exe C:\documents and settings\xp\impostazioni locali\dati applicazioni\amyeq.exe C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\a-squared Free\a2service.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Programmi\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programmi\Spyware Doctor\pctsAuxs.exe C:\DOCUME~1\Xp\IMPOST~1\Temp\RtkBtMnt.exe C:\Programmi\Spyware Doctor\pctsSvc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\DATI\SOFTWARE\ANTIVIRUS\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ISTray] "C:\Programmi\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [amyeq] "c:\documents and settings\xp\impostazioni locali\dati applicazioni\amyeq.exe" amyeq O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Programmi\File comuni\Autodesk Shared\acstart16.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1202205040270 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{83CA2E19-290B-4927-9ABA-45B93C9320CC}: NameServer = 129.113.1.254 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll O20 - AppInit_DLLs: avgrsstx.dll , O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Update Service (gupdate1c96dc71ae2a3f0) (gupdate1c96dc71ae2a3f0) - Unknown owner - C:\Programmi\Google\Update\GoogleUpdate.exe" /svc (file missing) O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NMSAccessU - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Unknown owner - C:\Programmi\File comuni\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (file missing) O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe O23 - Service: SessionLauncher - Unknown owner - C:\DOCUME~1\Xp\IMPOST~1\Temp\DX9\SessionLauncher.exe (file missing)Ora sto facendo girare nuovamente Malwarebyte's che al momento mi ha trovato 2 file infetti , ma l'avevo gią fatto girare ieri sera e diceva di averli rimossi tutti. Si re-installano?codice:SmitFraudFix v2.388 Scan done at 12.01.36,25, 04/01/2009 Run from C:\DATI\SOFTWARE\ANTIVIRUS\SmitfraudFix OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\Programmi\Google\googletoolbar1.dll Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix Agent.OMZ.Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{83CA2E19-290B-4927-9ABA-45B93C9320CC}: NameServer=129.113.1.254 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E1643CEA-26EF-410E-B107-5A64D425BDCE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{83CA2E19-290B-4927-9ABA-45B93C9320CC}: NameServer=129.113.1.254 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E1643CEA-26EF-410E-B107-5A64D425BDCE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{83CA2E19-290B-4927-9ABA-45B93C9320CC}: NameServer=129.113.1.254 HKLM\SYSTEM\CS2\Services\Tcpip\..\{E1643CEA-26EF-410E-B107-5A64D425BDCE}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End
Rispondi quotando