Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

trojan VRT1 ed altro sul mio pc

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: Luke57, kadosh

trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 18:01

Aiuto per favore...
non riesco ad eliminare alcuni trojan sul mio pc che mi creano rallentamenti e problemi all'inizializzazione di alcuni programmi.
VRT1, ecayecay, ecc...
please
lascio qui il report di HijackThis
grazie



Logfile of HijackThis v1.99.1
Scan saved at 17.59.49, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\sarak\impostazioni locali\dati applicazioni\ecaecay.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\FinePixViewer\QuickDCF2.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
D:\DATI\Utility\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovarapido.com/?t=Q090820882&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Avast] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ecaecay] "c:\documents and settings\sarak\impostazioni locali\dati applicazioni\ecaecay.exe" ecaecay
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Programmi\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti link selezionati in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione a PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Programmi\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Programmi\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3428868140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programmi\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: jkkIBSKB - jkkIBSKB.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O20 - Winlogon Notify: winkpb32 - winkpb32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Gestione sessione di assistenza mediante desktop remoto (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Sponsor
 

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 01/11/09 18:31

Ciao, Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disconnettiti da internet e disattiva l'antivirus
Lascia lavorare il programma senza interferire (non installare la recovery console)
Allega il rapporto C:\ComboFix.txt nella tua risposta.
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 19:21

ciao grazie per l'interessamento, ma è più di mezz'ora che cerco di scaricare combofix da decine di link diversi e non ci riesce. Download Accelerator si blocca e mi impedisce di scaricare... tra l'altro ho già riavviato due volte che mi si è impallato il pc. C'è un modo per avere il programma?
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 01/11/09 19:43

shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 19:58

grazie avevo trovato altrove pure... infine.
Ecco il report:


Start Time= 01/11/2009 19.40.35,18

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2009-11-01 17:44:30 ( .D... ) "C:\Programmi\uGambol"
2009-10-24 17:19:22 ( .D... ) "C:\Documents and Settings\Sarak\Dati applicazioni\Arda Software"
2009-10-11 18:22:34 ( .D... ) "C:\Programmi\ContrastMaster"
2009-10-11 18:08:56 ( .D... ) "C:\Programmi\LightMachine"
2009-10-02 19:01:58 25198016 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2009-09-25 17:41:26 856064 ( A.... ) "C:\WINDOWS\system32\divx_xx0c.dll"
2009-09-25 17:41:26 856064 ( A.... ) "C:\WINDOWS\system32\divx_xx07.dll"
2009-09-25 17:41:26 847872 ( A.... ) "C:\WINDOWS\system32\divx_xx0a.dll"
2009-09-25 17:41:26 843776 ( A.... ) "C:\WINDOWS\system32\divx_xx16.dll"
2009-09-25 17:41:26 839680 ( A.... ) "C:\WINDOWS\system32\divx_xx11.dll"
2009-09-25 17:41:26 696320 ( A.... ) "C:\WINDOWS\system32\DivX.dll"
2009-09-15 11:59:36 1279968 ( A.... ) "C:\WINDOWS\system32\aswBoot.exe"
2009-09-15 11:53:02 97480 ( A.... ) "C:\WINDOWS\system32\AvastSS.scr"
2009-09-11 15:17:34 136192 ( A.... ) "C:\WINDOWS\system32\msv1_0.dll"
2009-09-04 22:03:04 58880 ( A.... ) "C:\WINDOWS\system32\msasn1.dll"
2009-08-29 08:56:22 1208832 ( A.... ) "C:\WINDOWS\system32\urlmon.dll"
2009-08-29 08:56:22 916480 ( A.... ) "C:\WINDOWS\system32\wininet.dll"
2009-08-29 08:56:20 5940224 ( A.... ) "C:\WINDOWS\system32\mshtml.dll"
2009-08-29 08:56:20 206848 ( A.... ) "C:\WINDOWS\system32\occache.dll"
2009-08-29 08:56:14 1985536 ( A.... ) "C:\WINDOWS\system32\iertutil.dll"
2009-08-29 08:56:14 594432 ( A.... ) "C:\WINDOWS\system32\msfeeds.dll"
2009-08-29 08:56:14 55296 ( A.... ) "C:\WINDOWS\system32\msfeedsbs.dll"
2009-08-29 08:56:14 25600 ( A.... ) "C:\WINDOWS\system32\jsproxy.dll"
2009-08-29 08:56:12 184320 ( A.... ) "C:\WINDOWS\system32\iepeers.dll"
2009-08-29 08:56:10 11069440 ( A.... ) "C:\WINDOWS\system32\ieframe.dll"
2009-08-29 08:56:06 387584 ( A.... ) "C:\WINDOWS\system32\iedkcs32.dll"
2009-08-28 11:37:12 192512 ( A.... ) "C:\WINDOWS\system32\ie4uinit.exe"
2009-08-26 09:00:32 247326 ( A.... ) "C:\WINDOWS\system32\strmdll.dll"
2009-08-20 14:09:06 1193832 ( A.... ) "C:\WINDOWS\system32\FM20.DLL"
2009-08-06 18:24:18 327896 ( A.... ) "C:\WINDOWS\system32\wucltui.dll"
2009-08-06 18:24:18 209632 ( A.... ) "C:\WINDOWS\system32\wuweb.dll"
2009-08-06 18:24:10 44768 ( A.... ) "C:\WINDOWS\system32\wups2.dll"
2009-08-06 18:24:10 35552 ( A.... ) "C:\WINDOWS\system32\wups.dll"
2009-08-06 18:24:06 53472 ( A.... ) "C:\WINDOWS\system32\wuauclt.exe"
2009-08-06 18:24:04 96480 ( A.... ) "C:\WINDOWS\system32\cdm.dll"
2009-08-06 18:23:54 575704 ( A.... ) "C:\WINDOWS\system32\wuapi.dll"
2009-08-06 18:23:46 1929952 ( A.... ) "C:\WINDOWS\system32\wuaueng.dll"
2009-08-06 18:23:46 274288 ( A.... ) "C:\WINDOWS\system32\mucltui.dll"
2009-08-06 18:23:46 215920 ( A.... ) "C:\WINDOWS\system32\muweb.dll"
2009-08-05 09:59:34 205312 ( A.... ) "C:\WINDOWS\system32\mswebdvd.dll"
2009-08-04 21:56:08 2192896 ( A.... ) "C:\WINDOWS\system32\ntoskrnl.exe"
2009-08-04 18:26:10 2069760 ( A.... ) "C:\WINDOWS\system32\ntkrnlpa.exe"
2009-08-03 14:07:42 403816 ( A.... ) "C:\WINDOWS\system32\OGACheckControl.dll"
2009-08-03 14:07:42 322928 ( A.... ) "C:\WINDOWS\system32\OGAAddin.dll"
2009-08-03 14:07:42 230768 ( A.... ) "C:\WINDOWS\system32\OGAEXEC.exe"
2007-05-17 12:43:08 2990 ( A.... ) "C:\Programmi\irunin.ini"
2007-05-17 12:42:32 22012 ( A.... ) "C:\Programmi\irunin.dat"
2007-05-17 12:42:32 7623 ( A.... ) "C:\Programmi\irunin.lng"
2007-01-18 14:18:40 761 ( A.... ) "C:\Programmi\sites.xml"
2006-06-29 19:40:20 548864 ( A.... ) "C:\Programmi\FTPWanderer.exe"
2006-04-24 11:59:36 1150976 ( A.... ) "C:\Programmi\DVDDecrypter.exe"
2000-02-08 17:16:20 49826 ( A.... ) "C:\Programmi\GenesisConfig.dat"
2000-01-28 13:40:10 476160 ( A.... ) "C:\Programmi\genV2PRO.8bf"
1999-12-15 16:25:46 2166381 ( A.... ) "C:\Programmi\genv2pro.chm"


((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Avast"="C:\\Programmi\\Alwil Software\\Avast4\\ashDisp.exe"
"ZoneAlarm Client"="\"C:\\Programmi\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"nwiz"="nwiz.exe /install"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Adobe Reader Speed Launcher"="\"C:\\Programmi\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=dword:000000ff
"NoDriveAutoRun"=dword:03ffffff
"HonorAutoRunSetting"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Google Update"="\"C:\\Documents and Settings\\Sarak\\Impostazioni locali\\Dati applicazioni\\Google\\Update\\GoogleUpdate.exe\" /c"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"ecaecay"="\"c:\\documents and settings\\sarak\\impostazioni locali\\dati applicazioni\\ecaecay.exe\" ecaecay"
"DownloadAccelerator"="\"C:\\Programmi\\DAP\\DAP.EXE\" /STARTUP"
"Skype"="\"C:\\Programmi\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runonce\CTStartup]
"CTStartup"="\"C:\\Programmi\\Creative\\Splash Screen\\CTEaxSpl.EXE\" /play"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=dword:00000000
"HideLogoffScripts"=dword:00000000
"RunLogonScriptSync"=dword:00000001
"RunStartupScriptSync"=dword:00000001
"HideStartupScripts"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Precaricatore Browseui"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Daemon di cache delle categorie di componenti"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-616249376-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-484763869-616249376-839522115-1003UA.job
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\WGASetup.job

Completion time: 01/11/2009 19.47.10,56
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 01/11/09 20:10

c'e' qualcosa che non mi convince.....combofix non ha trovato infezioni e comunque dovresti fare una nuova scansione con hijackthis, quello che hai e' superato da tempo

scaricalo da qui e posta il risultato

http://www.trendsecure.com/portal/en-US ... kthis.php#
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 20:16

ecco il nuovo report:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.16.31, on 01/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\sarak\impostazioni locali\dati applicazioni\ecaecay.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\FinePixViewer\QuickDCF2.exe
C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\verclsid.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Sarak\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trovarapido.com/?t=Q090820882&s=h
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programmi\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SBCONVERT - {A1056498-D09A-41E4-864B-505EDD640D9E} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~2\Toolbar\grabber.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Programmi\Xi\NetXfer\NXToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Programmi\ZoneAlarmSB\bar\2.bin\SPYBLOCK.DLL
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Programmi\SpeedBit Video Downloader\Toolbar\SpeedBitVideoDownloader.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Avast] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sarak\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ecaecay] "c:\documents and settings\sarak\impostazioni locali\dati applicazioni\ecaecay.exe" ecaecay
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Programmi\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Nikon Monitor.lnk = C:\Programmi\File comuni\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
O4 - Global Startup: ExifLauncher2.lnk = C:\Programmi\FinePixViewer\QuickDCF2.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Clean Traces - C:\Programmi\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti link selezionati in PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti selezione a PDF esistente - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Programmi\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: Salva oggetto con NetXfer - C:\Programmi\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: Salva tutti gli oggetti con NetXfer - C:\Programmi\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Scarica i video con Free Download Manager - file://C:\Programmi\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Programmi\Opanda\IExif 2.3\IExifCom.htm
O9 - Extra button: (no name) - {44EFB53C-C965-43CF-9F45-52242D134187} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3428868140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/sho ... wflash.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: jkkIBSKB - jkkIBSKB.dll (file missing)
O20 - Winlogon Notify: winkpb32 - winkpb32.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 13658 bytes
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 20:23

Forse anche il ComboFix che ho usato non era aggiornato... ma il link che mi hai dato mi richiedeva la password e quindi non potevo scaricarlo.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 01/11/09 20:24

Scarica e installa http://www.malwarebytes.org/mbam/program/mbam-setup.exe Aggiornalo e fai una scansione completa del computer. Posta il rapporto ottenuto. Per ora non rimuovere nessuna eventuale minaccia rilevata

esegui anche questo programma da modalita' provisoria

http://normanasa.vo.llnwd.net/o29/publi ... leaner.exe

Finita la scansione, rimuovi i files infetti trovati e posta il log che viene generato sul desktop.
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 01/11/09 21:30

sto facendo la scansione completa con Malwarebytes, solo che è aggiornato a metà ottobre perché l'aggiornamento al sito ora era impossibile per problemi interni.
Ci vorrà molto tempo, quindi credo che entrambe le operazioni potrò effettuarle questa notte o domani addirittura.
Ha per ora trovato 3 elementi infetti, dovrò lasciarli stare senza eliminarli? Me lo confermi?
Grazie e spero di venirne fuori.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 01/11/09 21:42

quando termina malwarebytes non eliminare niente- lo farai dopo che avro' visto il report
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 12:17

Qui il report della scansione con Malwarebytes... compare finalmente anche quell'ecayecay che chiede autorizzazione a ZoneAlarm ad ogni avvio di internet.


Malwarebytes' Anti-Malware 1.41
Versione del database: 2775
Windows 5.1.2600 Service Pack 3

02/11/2009 12.13.52
mbam-log-2009-11-02 (12-13-48).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 115626
Tempo trascorso: 38 minute(s), 43 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 8
Valori di registro infetti: 3
Elementi dato del registro infetti: 0
Cartelle infette: 1
File infetti: 6

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{eec73ea5-1367-49d1-93f4-ca1d8c22e9f9} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkpb32 (Trojan.Dialer) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live-Player (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> No action taken.

Valori di registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecaecay (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013 (Trojan.Agent) -> No action taken.

File infetti:
c:\documents and settings\Sarak\impostazioni locali\dati applicazioni\ecaecay.exe (Trojan.Agent.H) -> No action taken.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Sarak\MediaTubeCodec_ver1.1463.0.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\BM9bd015d6.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM9bd015d6.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winkpb32.dll (Trojan.Dialer) -> No action taken.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 12:22

ho questo Vundo da togliere in effetti perché mi rallenta tanto e mi apre finestre assurde... poi questo non meglio identificato ecayecay... spero mi possa dire cosa fare.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 02/11/09 12:51

ciao

ecayecay e' il virus navipromo, ma credo che ci sia altro

elimina quello che ha trovato malwarebytes e prova a lanciare combofix

scaricalo da qui, non andare in giro per il web alla ricerca di versioni obsolete

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 13:13

Ciao Shel e grazie mille...
ho eliminato i file infetti con Malwerbytes e al riavvio è sparita la richiesta di ecayecay ma continua quella di WinLogon e non capisco perché. Avast mi ha trovato altri due VRT... numerati 8 e 9.
Ora però debbo dirti che non riesco in alcun modo a scaricare il Combo da quel link... così come non riesco a scaricare la versione aggiornata di Norman Malware Cleaner... ma solo una piccola vecchia.
A questo punto credo che ci sia qualche problema relativo a ciò sul mio pc.
Come faccio?
Intanto ho scaricato, per precauzione futura, una copia di VundoFix.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 02/11/09 13:17

prova a scaricarlo dal link che ti hop ostato ieri, dovresti riuscirci
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 13:27

lo sto scaricando ma per farlo ho dovuto disattivare Download Accelerator... è lì il problema e non capisco il perché.
Ora scansiono.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi shel » 02/11/09 13:32

per scaricare combofix hai bisogno di Download Accelerator??
shel
Utente Senior
 
Post: 1320
Iscritto il: 29/08/08 21:56

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 14:31

ciao,
ora ho disattivato download accelerator che uso automaticamente per ogni download perché non mi fa scaricare i programmi aggiornati (?).
Riprovo di nuovo a scaricare il combofix perché mi ha fatto apparire una schermata di alert dicendomi che potrebbe essere corrotto a causa di un virus (vitur mi pare) che non lo fa funzionare.
Boh... ho diecimila problemi e non ne capisco la causa.
Intanto avast continua a segnalarmi malware.
Riprovo.
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Re: trojan VRT1 ed altro sul mio pc

Postdi S4R4K » 02/11/09 14:45

Quando faccio partire ComboFix mi appare questa schermata:

<img src="http://img97.imageshack.us/i/immaginebg.png/">
S4R4K
Utente Junior
 
Post: 93
Iscritto il: 16/01/07 03:07

Prossimo

Torna a Sicurezza e Privacy


Topic correlati a "trojan VRT1 ed altro sul mio pc":


Chi c’è in linea

Visitano il forum: Nessuno e 10 ospiti