Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 19

Discussione: Olmarik Trojan horse

  1. 29-12-2009, 00:32 #1
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10

    Olmarik Trojan horse

    Facendo una scansione col Nod32 ho scoperto che il Pc è infetto dal Win32/Olmarik trojan horse nella memoria operativa - impossibile disinfettare (questo è il messaggio che appare al termine della scansione).

    Questo è quello che riporta HiJackthis:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AMD\RAIDXpert\jetty\extra\win32\Wrapp er.exe
    C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\AMD\RAIDXpert\_jvm\bin\java.exe
    C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
    C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Windows Live\Messenger\msnmsgr.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
    C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Documents and Settings\AMD\Desktop\Salvataggio vecchio Hdd\ANTIVIRUS VARI\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BABE2345-969C-4220-8939-0F888EB6EAD8}: NameServer = 85.37.17.51 85.38.28.97
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Programmi\AMD\RAIDXpert\jetty\extra\win32\Wrapp er.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: HSKKZG - Sysinternals - www.sysinternals.com - C:\DOCUME~1\AMD\IMPOST~1\Temp\HSKKZG.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    --
    End of file - 8122 bytes

    Grazie in anticipo
    Rispondi quotando Rispondi quotando
  2. 29-12-2009, 13:51 #2
    darksoullight88
    darksoullight88 non è in linea
    Utente di HTML.it L'avatar di darksoullight88
    Registrato dal
    May 2007
    Messaggi
    762
    ciao,
    fixa queste voci
    codice:
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    poi scansiona su virustotal.com questo file
    codice:
    C:\DOCUME~1\AMD\IMPOST~1\Temp\HSKKZG.exe
    cosa ottieni?
    Rispondi quotando Rispondi quotando
  3. 29-12-2009, 16:20 #3
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10
    Ho fixato come mi hai scritto , ed ho inviato a virustotal il file. Questo è il risultato:

    MD5: 7a06d4f4e5558a9ce6d87d0536901d88
    First received: 2008.07.17 23:08:58 UTC
    Data 2009.11.18 14:43:18 UTC [>40D]
    Risultati 0/40
    Permalink: analisis/be602c3d09ab684a87c0f2fa67313cef0b9817da77fab7b8c6 9dd33a37bcab2d-1258555398
    Rispondi quotando Rispondi quotando
  4. 29-12-2009, 16:27 #4
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10
    Ho rifatto la scansione del file e questo è il risultato completo


    Antivirus Versione Ultimo aggiornamento Risultato
    a-squared 4.5.0.43 2009.12.29 -
    AhnLab-V3 5.0.0.2 2009.12.29 -
    AntiVir 7.9.1.122 2009.12.29 -
    Antiy-AVL 2.0.3.7 2009.12.29 -
    Authentium 5.2.0.5 2009.12.29 -
    Avast 4.8.1351.0 2009.12.29 -
    AVG 8.5.0.430 2009.12.29 -
    BitDefender 7.2 2009.12.29 -
    CAT-QuickHeal 10.00 2009.12.29 -
    ClamAV 0.94.1 2009.12.29 -
    Comodo 3404 2009.12.29 -
    DrWeb 5.0.1.12222 2009.12.29 -
    eSafe 7.0.17.0 2009.12.28 -
    eTrust-Vet 35.1.7203 2009.12.29 -
    F-Prot 4.5.1.85 2009.12.28 -
    F-Secure 9.0.15370.0 2009.12.29 -
    Fortinet 4.0.14.0 2009.12.29 -
    GData 19 2009.12.29 -
    Ikarus T3.1.1.79.0 2009.12.29 -
    Jiangmin 13.0.900 2009.12.29 -
    K7AntiVirus 7.10.932 2009.12.28 -
    Kaspersky 7.0.0.125 2009.12.29 -
    McAfee 5845 2009.12.28 -
    McAfee+Artemis 5845 2009.12.28 -
    McAfee-GW-Edition 6.8.5 2009.12.29 -
    Microsoft 1.5302 2009.12.29 -
    NOD32 4725 2009.12.29 -
    Norman 6.04.03 2009.12.29 -
    nProtect 2009.1.8.0 2009.12.29 -
    Panda 10.0.2.2 2009.12.15 -
    PCTools 7.0.3.5 2009.12.29 -
    Prevx 3.0 2009.12.29 -
    Rising 22.28.01.03 2009.12.29 -
    Sophos 4.49.0 2009.12.29 -
    Sunbelt 3.2.1858.2 2009.12.29 -
    Symantec 1.4.4.12 2009.12.29 -
    TheHacker 6.5.0.3.117 2009.12.29 -
    TrendMicro 9.120.0.1004 2009.12.29 -
    VBA32 3.12.12.1 2009.12.28 -
    ViRobot 2009.12.29.2114 2009.12.29 -
    VirusBuster 5.0.21.0 2009.12.28 -
    Informazioni addizionali
    File size: 445312 bytes
    MD5...: 7a06d4f4e5558a9ce6d87d0536901d88
    SHA1..: b14d37d5ba44c89bca76d4f59db7f93cd77d79f4
    SHA256: be602c3d09ab684a87c0f2fa67313cef0b9817da77fab7b8c6 9dd33a37bcab2d
    ssdeep: 3072:/VgUa9EcWPeWSm/5/jiqyzOYP3v06+mhXErCiTkr/Ilgz9twXLIH3IRvhpD
    4K24d:/aJE/nn52qyaYfv9N4ezz34PD4Kdl

    PEiD..: -
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x30f33
    timedatestamp.....: 0x44e255aa (Tue Aug 15 23:15:54 2006)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1c000 0x22965 0x23000 6.57 6c4bd7cd85dee49f28567e656a18f903
    .rdata 0x3f000 0x3c24 0x4000 5.14 1687bcdaefd0fc0c212798b838ae28a3
    .data 0x43000 0x23150 0x1e000 5.33 f6bc870575f523563db838a73f44c76e
    .rsrc 0x67000 0x69d0 0x7000 4.66 ef6f99f8e1d73dd34d7ed72341d217da
    .reloc 0x6e000 0x281a 0x3000 5.82 3ba4575353c26f244864320ddeaa7c00

    ( 11 imports )
    > VERSION.dll: GetFileVersionInfoSizeW, VerQueryValueW, GetFileVersionInfoW
    > KERNEL32.dll: SystemTimeToTzSpecificLocalTime, GetTimeZoneInformation, TerminateProcess, CreateProcessW, GetDriveTypeW, GetLogicalDrives, CreateThread, ResetEvent, OpenEventW, SetEvent, LoadLibraryW, CreateEventW, InitializeCriticalSection, GetFullPathNameW, GetSystemDirectoryW, WaitForMultipleObjects, GetTempPathW, GetCommandLineW, GetVersion, GetModuleFileNameW, FlushFileBuffers, LocalAlloc, SetConsoleCtrlHandler, SetEndOfFile, IsBadCodePtr, SetUnhandledExceptionFilter, SetStdHandle, GetStringTypeW, GetStringTypeA, GetVersionExA, GetUserDefaultLCID, EnumSystemLocalesA, GetLocaleInfoA, IsValidCodePage, IsValidLocale, GetCPInfo, GetModuleFileNameA, ReadFile, GetFileType, GetStdHandle, SetHandleCount, GetCommandLineA, GetEnvironmentStrings, GetEnvironmentStringsW, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, SystemTimeToFileTime, GetCurrentThread, TlsGetValue, TlsFree, TlsAlloc, TlsSetValue, GetCurrentThreadId, IsBadWritePtr, VirtualAlloc, VirtualFree, HeapCreate, HeapDestroy, LCMapStringW, LCMapStringA, FatalAppExitA, DeleteCriticalSection, ExitProcess, GetStartupInfoW, GetModuleHandleA, WideCharToMultiByte, RtlUnwind, HeapFree, HeapAlloc, HeapReAlloc, LoadLibraryA, FindFirstFileW, FindNextFileW, FindClose, CompareFileTime, FileTimeToLocalFileTime, SetEnvironmentVariableA, lstrlenW, CreateFileMappingW, MapViewOfFile, GetFileSize, UnmapViewOfFile, GetTickCount, VirtualProtect, IsBadReadPtr, GetCurrentDirectoryW, GetOEMCP, DeviceIoControl, SetFileAttributesW, DeleteFileW, CopyFileW, InterlockedIncrement, InterlockedDecrement, WaitForSingleObject, EnterCriticalSection, LeaveCriticalSection, WriteFile, MultiByteToWideChar, DosDateTimeToFileTime, LocalFileTimeToFileTime, FileTimeToSystemTime, GetDateFormatW, GetTimeFormatW, GetLocaleInfoW, GlobalAlloc, GlobalLock, GlobalUnlock, GetFileAttributesW, LocalFree, FormatMessageW, Sleep, HeapSize, DebugBreak, GetModuleHandleW, GetProcAddress, InterlockedExchange, SetLastError, CreateFileW, FindResourceW, LoadResource, SizeofResource, LockResource, GetCurrentProcess, CloseHandle, GetVersionExW, CreateFileA, SetFilePointer, GetLastError, CompareStringA, CompareStringW, GetACP, GetStartupInfoA, RaiseException
    > USER32.dll: EndPaint, BeginPaint, PtInRect, IsZoomed, CallWindowProcW, DrawFrameControl, CreateDialogParamW, UnionRect, OffsetRect, GetSystemMetrics, EndDeferWindowPos, EnumChildWindows, BeginDeferWindowPos, GetPropW, DeferWindowPos, GetClassNameW, SetWindowPlacement, UpdateWindow, LoadAcceleratorsW, GetMessageW, TranslateAcceleratorW, ScreenToClient, DrawTextW, GetWindowTextW, wsprintfW, IsDialogMessageW, TranslateMessage, DispatchMessageW, DialogBoxIndirectParamW, GetWindowLongW, SetWindowLongW, SetFocus, GetMenu, CheckMenuItem, GetWindowPlacement, GetDlgItemTextW, SetTimer, EnableWindow, DialogBoxParamW, KillTimer, DefWindowProcW, MsgWaitForMultipleObjects, LoadIconW, SetWindowTextW, DestroyIcon, PostQuitMessage, SetDlgItemTextW, IsWindowEnabled, CheckDlgButton, IsDlgButtonChecked, RegisterClassExW, ShowWindow, MapWindowPoints, CreateWindowExW, SetCapture, ReleaseCapture, EndDialog, GetParent, GetWindowRect, MoveWindow, GetDlgItem, LoadCursorW, GetSysColorBrush, GetSysColor, ChildWindowFromPoint, InvalidateRect, SetCursor, OpenClipboard, EmptyClipboard, SendMessageW, SetClipboardData, CloseClipboard, LoadStringW, PostMessageW, MessageBoxW, InflateRect, SetPropW, GetClientRect
    > GDI32.dll: EndDoc, GetStockObject, GetObjectW, EndPage, SetBkMode, SetTextColor, SelectObject, StartPage, StartDocW, SetMapMode, CreateFontIndirectW, GetDeviceCaps
    > comdlg32.dll: GetSaveFileNameW, PrintDlgW
    > ADVAPI32.dll: RegQueryInfoKeyW, GetSecurityDescriptorLength, MakeAbsoluteSD, MakeSelfRelativeSD, RegOpenKeyExW, RegQueryValueW, RegConnectRegistryW, RegEnumKeyExW, RegCreateKeyExW, RegCreateKeyW, RegSetValueExW, RegCloseKey, RegDeleteKeyW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegQueryValueExA, RegOpenKeyExA, RegQueryValueExW, RegGetKeySecurity, IsValidSecurityDescriptor, CloseServiceHandle, DeleteService, QueryServiceStatus, ControlService, OpenServiceW, OpenSCManagerW, StartServiceW, CreateServiceW, SetServiceStatus, RegEnumKeyW, RegDeleteValueW, FreeSid, EqualSid, GetTokenInformation, AllocateAndInitializeSid, RegisterServiceCtrlHandlerW, StartServiceCtrlDispatcherW, RegEnumValueW
    > SHELL32.dll: CommandLineToArgvW, ShellExecuteW, ExtractIconExW
    > ole32.dll: CreateBindCtx
    > OLEAUT32.dll: -, -, -, -, -, -, -, -, -, -, -
    > COMCTL32.dll: ImageList_Create, ImageList_ReplaceIcon, PropertySheetW, -
    > MPR.dll: WNetEnumResourceW, WNetOpenEnumW, WNetCloseEnum

    ( 0 exports )

    RDS...: NSRL Reference Data Set
    -
    pdfid.: -
    trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    sigcheck:
    publisher....: Sysinternals - www.sysinternals.com
    copyright....: Copyright (C) 2005-2006 Bryce Cogswell and Mark Russinovich
    product......: Sysinternals Rootkitrevealer
    description..: Rootkit detection utility
    original name:
    internal name:
    file version.: 1.70
    comments.....:
    signers......: -
    signing date.: -
    verified.....: Unsigned
    Rispondi quotando Rispondi quotando
  5. 29-12-2009, 19:40 #5
    darksoullight88
    darksoullight88 non è in linea
    Utente di HTML.it L'avatar di darksoullight88
    Registrato dal
    May 2007
    Messaggi
    762
    allora
    scarica ed istalla ccleaner e fai una puliza dei file temporanei,dei cookie e delle vecchie chiavi di registro.

    scarica e istalla spybot search & destroy . aggiornalo ed esegui una scansione

    scarica e istalla mbam , aggiornalo ed esegui una scansione.

    facci sapere come va.
    Rispondi quotando Rispondi quotando
  6. 29-12-2009, 22:40 #6
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10
    Ho fatto come mi hai detto ed ora questo è il log di Hijakthis


    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\AMD\RAIDXpert\jetty\extra\win32\Wrapp er.exe
    C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    C:\Programmi\AMD\RAIDXpert\_jvm\bin\java.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
    C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
    C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe
    C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Programmi\Internet Explorer\iexplore.exe
    C:\Documents and Settings\AMD\Desktop\Salvataggio vecchio Hdd\ANTIVIRUS VARI\HiJackThis.exe
    C:\Programmi\Skype\Toolbars\Shared\SkypeNames.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.codecguide.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Programmi\VIA\VIAudioi\HDADeck\HDeck.exe 1
    O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
    O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\digicomt\Michelangelo USB ADSL\CnxDslTb.exe"
    O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
    O8 - Extra context menu item: Aggiungi ad Anti-Banner - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: &Tastiera Virtuale - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: C&ontrollo URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsof...?1262103594593
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1262103586656
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{BABE2345-969C-4220-8939-0F888EB6EAD8}: NameServer = 85.37.17.51 85.38.28.97
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGR A~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: AMD RAIDXpert (AMDRAIDXpert) - Unknown owner - C:\Programmi\AMD\RAIDXpert\jetty\extra\win32\Wrapp er.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: HSKKZG - Unknown owner - C:\DOCUME~1\AMD\IMPOST~1\Temp\HSKKZG.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Programmi\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programmi\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

    --
    End of file - 9675 bytes
    Rispondi quotando Rispondi quotando
  7. 30-12-2009, 13:39 #7
    darksoullight88
    darksoullight88 non è in linea
    Utente di HTML.it L'avatar di darksoullight88
    Registrato dal
    May 2007
    Messaggi
    762
    il log mi sembra pulito.hai ancora problemi?
    Rispondi quotando Rispondi quotando
  8. 30-12-2009, 16:11 #8
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10
    No in linea di massima no. Però ogni tanto mi appare una finestra che mi dice che ci sono problemi con Google Installer e che l'applicazione viene chiusa, ma non credo che c'entri nulla. Ultima cosa ho provato a disinstallare Avira ma non me lo consente, neanche con la procedura forzata che fornisce la casa (Reacleaner- Avira Registry Cleaner).
    Ciao e grazie di nuovo
    Rispondi quotando Rispondi quotando
  9. 30-12-2009, 19:38 #9
    darksoullight88
    darksoullight88 non è in linea
    Utente di HTML.it L'avatar di darksoullight88
    Registrato dal
    May 2007
    Messaggi
    762
    dà qualche errore in particolare?
    per il problema di google prova a disistallare e reistallare.
    Rispondi quotando Rispondi quotando
  10. 31-12-2009, 16:43 #10
    ciccysub
    ciccysub non è in linea
    Utente di HTML.it
    Registrato dal
    Dec 2009
    Messaggi
    10
    No a parte Google no.
    Grazie mille e auguri di Buon Anno
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2025 vBulletin Solutions, Inc. All rights reserved.