virus e dll autoreplicante

**angdeang** · 18-03-2013, 16:42

ho effettuato una scansione con HijackThis, di cui allego il log. Siete per caso in grado di riconoscere qualche segnale anomalo?
Grazie

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.37.36, on 18/03/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\alessandro\Documenti\Download\Spyrix Free Keylogger\spkl.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmi\AVG Secure Search\vprot.exe
C:\Programmi\McAfeeMOBK\WrapperTrayIcon.exe
C:\Programmi\File comuni\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\uTorrent\uTorrent.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Programmi\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Sky Italia\Sky Go Player\NDSPCShowServer.exe
C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe
C:\Programmi\File comuni\McAfee\Platform\mcuicnt.exe
C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programmi\File comuni\EPSON\EPW!3 SSRP\E_S50ST7.EXE
C:\Programmi\File comuni\EPSON\EPW!3 SSRP\E_S50RP7.EXE
C:\Programmi\Java\jre7\bin\jqs.exe
c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
C:\Programmi\File comuni\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Programmi\McAfee Online Backup\MOBKbackup.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\PROGRA~1\McAfee\MSC\McAPExe.exe
C:\Programmi\File comuni\McAfee\AMCore\mcshield.exe
C:\Programmi\File comuni\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\McAfee\MAT\McPvTray.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
c:\PROGRA~1\mcafee\SITEAD~1\saui.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.search.yahoo.com/search?fr=mcafee&p=%s%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: uTorrentBar_IT - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [StartCCC] "C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [vProt] "C:\Programmi\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Programmi\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McAfeeWrapperApplication] "C:\Programmi\McAfeeMOBK\WrapperTrayIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\File comuni\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [EPSON BX305 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIG JE.EXE /FU "C:\WINDOWS\TEMP\E_SDF.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [uTorrent] "C:\Programmi\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [PCShowServer] "C:\Documents and Settings\alessandro\Impostazioni locali\Dati applicazioni\Sky Italia\Sky Go Player\PCShowServerPMWrapper.exe"
O4 - HKLM\..\Policies\Explorer\Run: [localSPM] C:\Documents and Settings\alessandro\Documenti\Download\Spyrix Free Keylogger\spkl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Programmi\McAfee Security Scan\3.0.285\SSScheduler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programmi\File comuni\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: CSIScanner - Unknown owner - C:\Programmi\Prevx\prevx.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EPW!3 SSRP\E_S50ST7.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EPW!3 SSRP\E_S50RP7.EXE
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Programmi\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Programmi\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Programmi\File comuni\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: 1% (MOBKbackup) - McAfee, Inc. - C:\Programmi\McAfee Online Backup\MOBKbackup.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Programmi\File comuni\Mcafee\Platform\McSvcHost\McSvHost.exe
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Programmi\File comuni\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

--
End of file - 10287 bytes

Discussione: virus e dll autoreplicante

Strumenti discussione

Ricerca discussione

Visualizza

Visualizzazione discussione

Permessi di invio