Spam, google non funzionante, virtumonde e Win32 T.T

**wHacko** · 12-08-2008, 11:44

Ciao a tutti e complimentoni per il sito

Ho da qualche tempo qualche problemi con il pc. Inizialmente la connessione a internet durava molto poco, avevo crash continui e casini vari. Dopo aver effettuato una scansione approfondita al riavvio con avast, spybot e ad-aware i problemi si sono ridotti ma restano:

1)Una volta attivato il browser iniziano a comparirmi pagine di messaggi pubblicitari contro la mia volontà;
2)Google ha deciso che non gli piaccio e tutte le volte che cerco qualcosa si mette in attesa senza darmi risultati.
3)Ci sono continue richieste di modifica alla chiave di registro BM77f7de87 riguardo al processo Runddl32.exe che ho negato con spybot...anche se adesso vedendo il log di hijackthis non sembra abbia funzionato

4)Spybot trova Virtumonde ad ogni scansione e non riesce ad eliminarlo. Molto spesso quando lo trova si chiude il processo Runddl32.exe.
5)Avast trova diversi file infetti da Win32:Trojan-gen e Win32:Adware chiamati "nome_casuale.dll" nella cartella system32, ma dopo essere stati eliminati ricompaiono bellamente.
6)L'ultima è che dopo che il pc ha deciso di spegnersi brutalmente per 2 volte di fila, lo schermo ha assunto una poco vivace tonalità verdino marcio che mi compromette il buon umore.

A parte le cacchiate posto subito il log di Hijackthis:

Logfile of HijackThis v1.99.1

Scan saved at 10.59.13, on 12/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

C:\Programmi\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Programmi\Sandboxie\SandboxieServer.exe

C:\WINDOWS\system32\svchost.exe

C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe

C:\Programmi\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

C:\Programmi\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe

C:\Programmi\iTunes\iTunesHelper.exe

C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\Rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

C:\Programmi\Sandboxie\Control.exe

C:\Programmi\Messenger\msmsgs.exe

C:\Programmi\iPod\bin\iPodService.exe

C:\Programmi\Java\jre1.6.0_05\bin\jucheck.exe

C:\PROGRA~1\WinZip\winzip32.exe

C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe "

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup

O4 - HKLM\..\Run: [UVS10 Preload] C:\Programmi\Ulead Systems\Ulead VideoStudio 10\uvPL.exe

O4 - HKLM\..\Run: [H2O] C:\Programmi\SyncroSoft\Pos\H2O\cledx.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QT Lite\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [74c4ed1b] rundll32.exe "C:\WINDOWS\system32\yvkylvbx.dll",b

O4 - HKLM\..\Run: [BM77f7de87] Rundll32.exe "C:\WINDOWS\system32\cnilnjfl.dll",s

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [SandboxieControl] C:\Programmi\Sandboxie\Control.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIC EE.EXE /FU "C:\DOCUME~1\ANDREA~1\IMPOST~1\Temp\E_S214F.tm p" /EF "HKCU"

O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe

O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe

O11 - Options group: [INTERNATIONAL] International*

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD738FE-335A-4334-B574-EE895ADE63D9}: NameServer = 85.37.17.4 85.38.28.70

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Sandboxie Service (SandboxU) - tzuk - C:\Programmi\Sandboxie\SandboxieServer.exe

O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Inizio già a ringraziare tutti quelli che vorranno aiutare un povero niubbetto come me

Discussione: Spam, google non funzionante, virtumonde e Win32 T.T

Strumenti discussione

Ricerca discussione

Visualizza

Hybrid View

Spam, google non funzionante, virtumonde e Win32 T.T

Permessi di invio