Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

di nuovo con i vrus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

di nuovo con i vrus

Postdi monoscopio » 14/01/06 15:48

eccomi di nuovo, ho provato a leggere un po' di messaggi sul forum, e ho fatto un po' da solo, ma non ho risolto niente, ho cancellato da system32 il file MSX.dll. ed il KABOOM.dll ma mi ritrovo ancora che mi si disattiva il firewall nonostante che lo riattivo, l'AVG mi trova il virus Troian HorseBackDoor.generic NFP e nonostante lo elimino, ad ogni riaccensione me lo ritrova di nuovo.

come faccio??

Logfile of HijackThis v1.99.1
Scan saved at 15.40.34, on 14/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Logitech\SetPoint\KEM.exe
C:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: MSX - {037CE595-57CB-4EB5-9775-97BC112F3BB3} - C:\WINDOWS\system32\msx.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Site Update Watcher - {A853979C-2A9A-4ACB-8975-5740A7E26CB4} - C:\WINDOWS\system32\kaboom.dll (file missing)
O2 - BHO: IE Agent - {CC56A1F3-9B83-45FF-8CB6-D58959492F0F} - C:\WINDOWS\system32\kaboom.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IEAgent update check] C:\WINDOWS\system32\iewatch.exe
O4 - HKLM\..\Run: [rusto] "C:\Documents and Settings\IO\Impostazioni locali\Temp\Nuova cartella\s33k.3.exe"
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\{AE23BD68-DE82-4AA7-95C7-392598BB09E7}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: offline-8876480 - {D77C74F4-8213-4988-AB3F-103CACEEF3DA} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Sponsor
 

Postdi Dylan666 » 14/01/06 15:52

Da modalità provvisoria leva questi:

O4 - HKLM\..\Run: [IEAgent update check] C:\WINDOWS\system32\iewatch.exe

O4 - HKLM\..\Run: [rusto] "C:\Documents and Settings\IO\Impostazioni locali\Temp\Nuova cartella\s33k.3.exe"

O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe


Più tutte le voci (file missing)
Avatar utente
Dylan666
Moderatore
 
Post: 38040
Iscritto il: 18/11/03 16:46

Postdi monoscopio » 14/01/06 17:16

ho fatto tutto da mod provv, ma non capisco perchè nel nuovo log, mi compare il icqchk.exe anche se nel system32 non c'è piu.

comunque mawg mi ha trovato il troian horse back door.generic .nho, prima era nfp.

il firewall, viene sempre eliminato. :( :(

Logfile of HijackThis v1.99.1
Scan saved at 17.06.04, on 14/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\ATI Multimedia\main\launchpd.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATI DeviceDetect] C:\Programmi\ATI Multimedia\\Program Files\ATI Multimedia\main\ATIDtct.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Programmi\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programmi\File comuni\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [runapp] C:\WINDOWS\system32\icqchk.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Programmi\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O18 - Protocol: offline-8876480 - {D77C74F4-8213-4988-AB3F-103CACEEF3DA} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25

Postdi Luke57 » 14/01/06 17:34

Ciao, è un problema recente che colpisce i computer infetti da kaboom, sembra che per risolvere occorra il programma Regrun, guarda in questa discussione:
http://www.swzone.it/forum/showthread.p ... 592&page=6
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi monoscopio » 14/01/06 18:43

grazie, guardero'

devo riuscire !!!! :x
monoscopio
Utente Junior
 
Post: 65
Iscritto il: 12/01/06 22:25


Torna a Sicurezza e Privacy


Topic correlati a "di nuovo con i vrus":

Nuovo user
Autore: djbrake1977
Forum: Forum off-topic
Risposte: 0
Nuovo Pc
Autore: Kamui
Forum: Assistenza Hardware
Risposte: 32
Nuovo iscritto
Autore: briscola
Forum: Forum off-topic
Risposte: 0
PC Nuovo
Autore: nikola9099
Forum: Consigli per gli acquisti
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 13 ospiti