Ciao, per caso vi risulta che il file xmvk.exe sia un trojan horse?
Se si come posso eliminarlo?
Ho Ad-aware 2007 e avast! antivirus.
Grazie, ciao.
Ciao, per caso vi risulta che il file xmvk.exe sia un trojan horse?
Se si come posso eliminarlo?
Ho Ad-aware 2007 e avast! antivirus.
Grazie, ciao.
Scarica Hijackthis e mettilo in un cartella dedicata (tipo: c:\programmi\Hijackthis).
Lancialo, clicca sul tasto "Do a system scan and save a log file" e posta il file di testo ottenuto.
per toglierti il dubbio invia il file ad un sevizio di scansione online:
http://www.virustotal.com/
Leggi il REGOLAMENTO!
E' molto complicato, un mucchio di input e output, una quantità di informazioni, un mucchio di elementi da considerare, ho una quantità di elementi da tener presente...
Drugo
Ecco il log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\bak\shutz.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Creative\Shared Files\CTDevSrv.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Raxco\PerfectDisk\PDSched.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\explorer.exe
C:\Programmi\eMule\eMule.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O1 - Hosts: 207.46.106.80 www.download.windowsupdate.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.615. 5858\swg.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [Shtz] C:\bak\shutz.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [TClockEx] C:\Programmi\TClockEx\TCLOCKEX.EXE
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programmi\ICQ6\ICQ.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1184338868328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1184338456109
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.easyaccesssite.com/11129-23.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab
O16 - DPF: {FD163A9A-A3D8-4F7D-8224-32F81AC29EDA} (VPlayer Control) - http://video.vividas.com/CDN1/5029_p...vivid_ocx.jpeg
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7518388-2006-4899-80C3-9DC3ACF0B31D}: NameServer = 212.216.112.112,212.216.172.62
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Programmi\Creative\Shared Files\CTDevSrv.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Programmi\F-Secure Internet Security\Anti-Virus\fsgk32st.exe (file missing)
O23 - Service: DirectX Service (Fogyx) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: FSMA - Unknown owner - C:\Programmi\F-Secure Internet Security\Common\FSMA32.EXE (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDSched.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Print Spooler Service (vwtehjodi1iyyy7a) - Unknown owner - C:\WINDOWS\system32\xmvk.exe (file missing)
posta il report di FindAWF (scegli opzione "1").. poi passiamo al log..
bak folders foundOriginariamente inviato da Deifobe
posta il report di FindAWF (scegli opzione "1").. poi passiamo al log..
~~~~~~~~~~~
Il volume nell'unit… C Š XP Pro
Numero di serie del volume: D039-B8E8
Directory di C:\BAK
30/07/2000 13:44 28.672 shutz.exe
1 File 28.672 byte
2 Directory 84.396.654.592 byte disponibili
Il volume nell'unit… C Š XP Pro
Numero di serie del volume: D039-B8E8
Directory di C:\WINDOWS\BAK
0 File 0 byte
2 Directory 84.396.654.592 byte disponibili
Il volume nell'unit… C Š XP Pro
Numero di serie del volume: D039-B8E8
Directory di C:\PROGRA~1\TCLOCKEX\BAK
09/03/2000 01:15 89.088 TCLOCKEX.EXE
1 File 89.088 byte
2 Directory 84.396.650.496 byte disponibili
Il volume nell'unit… C Š XP Pro
Numero di serie del volume: D039-B8E8
Directory di C:\PROGRA~1\FILECO~1\REAL\UPDATE~1\BAK
21/03/2006 01:30 180.269 realsched.exe
1 File 180.269 byte
2 Directory 84.396.650.496 byte disponibili
Il volume nell'unit… C Š XP Pro
Numero di serie del volume: D039-B8E8
Directory di C:\PROGRA~1\GOOGLE\GOOGLE~2\121128~1.546\BAK
25/01/2007 18:59 171.448 GoogleToolbarNotifier.exe
1 File 171.448 byte
2 Directory 84.396.650.496 byte disponibili
Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~
28672 30 Jul 2000 "C:\bak\shutz.exe"
89088 9 Mar 2000 "C:\Programmi\TClockEx\TCLOCKEX.EXE"
89088 9 Mar 2000 "C:\Programmi\TClockEx\bak\TCLOCKEX.EXE"
467894 17 Nov 2005 "E:\Utilities\Files d'installazione\tclockex.exe"
180269 21 Mar 2006 "C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe"
69632 12 Sep 2007 "C:\Programmi\Google\Google Earth\googleearth.exe"
68856 1 Apr 2007 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleT oolbarNotifier.exe"
4997120 21 Sep 2006 "C:\Programmi\Google\Google Video Player\GoogleVideoPlayer.exe"
124912 9 Aug 2007 "C:\Programmi\Google\Google Updater\GoogleUpdater.exe"
26694 17 Oct 2007 "C:\WINDOWS\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe"
124912 9 Aug 2007 "C:\WINDOWS\Temp\gis17f5a6d\GoogleUpdater.exe"
124152 1 Apr 2007 "C:\WINDOWS\Temp\gis2252e83\GoogleUpdater.exe"
125176 16 May 2007 "C:\WINDOWS\Temp\gisf8ae89\GoogleUpdater.exe"
608936 21 Mar 2006 "C:\Programmi\File comuni\Real\GToolbar\GoogleToolbarInstaller.exe"
138680 16 May 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
124912 9 Aug 2007 "C:\Programmi\Google\Google Updater\2.2.940.34809\GoogleUpdaterRestartManager. exe"
171448 25 Jan 2007 "C:\Programmi\Google\GoogleToolbarNotifier\1.2.112 8.5462\bak\GoogleToolbarNotifier.exe"
26694 15 Oct 2007 "C:\WINDOWS\system32\config\systemprofile\Dati applicazioni\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756 B57CAB4E6A8B.exe"
13736064 6 Sep 2006 "E:\Utilities\Files d'installazione\GoogleEarthWin.exe"
end of report
Scarica Scarica Avenger
Eseguilo e seleziona l'opzione "Input Script Manually".
Clicca sulla lente d'ingrandimento e all'interno della finestra "Wiew/edit script", nel box bianco, copia/incolla:
Clicca sul pulsante "Done", poi sul semaforo verde. Rispondi 2 volte Yes.folders to delete:
C:\WINDOWS\Temp
files to delete:
C:\Programmi\TClockEx\TCLOCKEX.EXE
files to move:
C:\bak\shutz.exe | C:\shutz.exe
C:\Programmi\TClockEx\bak\TCLOCKEX.EXE | C:\Programmi\TClockEx\TCLOCKEX.EXE
C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe | C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
Il pc dovrebbe riavviarsi da solo, altrimenti riavvialo tu.
Posta il report rilasciato.
...
:x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___
Permessi di invio
Rispondi quotando