|
| HOMEPAGE | INDICE FORUM | REGOLAMENTO | ::. | NEI PREFERITI | .:: | RSS Forum | RSS News | NEWS web | NEWS software | |
| PUBBLICITA' | | | ARTICOLI | WIN XP | VISTA | WIN 7 | REGISTRI | SOFTWARE | MANUALI | RECENSIONI | LINUX | HUMOR | HARDWARE | DOWNLOAD | | | CERCA nel FORUM » | |
11-06-2006, 21.51.17 | #1 |
Newbie
Registrato: 11-06-2006
Messaggi: 4
|
Win32:Sality-D-DLL [Wrm] ...
Logfile of HijackThis v1.99.1 Scan saved at 21.11.38, on 11/06/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\RunDll32.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Ahead\InCD\InCD.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programmi\Logitech\Video\LogiTray.exe C:\Programmi\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe D:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Messenger\msmsgs.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\wuauclt.exe C:\WINDOWS\System32\wuauclt.exe F:\incoming\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [DAEMON Tools] "d:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149520084919 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37840.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F6DEE9-2A21-4112-8119-28126CBDFCFB}: NameServer = 85.37.17.6 85.38.28.89 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
___________________________________
tess... |
11-06-2006, 22.42.39 | #2 |
Junior Member
Registrato: 14-05-2005
Loc.: Palermo
Messaggi: 57
|
Ciao, dal tuo log non emerge nulla di grave. Ci sono solo queste 2 da fixare:
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm Fai una scansione con ewido anti-malware: http://download.ewido.net/ewido-setup.exe |
12-06-2006, 13.04.43 | #3 |
Newbie
Registrato: 11-06-2006
Messaggi: 4
|
niente da fare mi sa che il worm persiste cmq ho fatto girare ewido e ha corretto un po di cose.. uff..
riporto il log di hijackthis Logfile of HijackThis v1.99.1 Scan saved at 13.05.21, on 12/06/2006 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\Sygate\SPF\smc.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\Programmi\Alwil Software\Avast4\ashServ.exe d:\Programmi\ewido anti-malware\ewidoctrl.exe d:\Programmi\ewido anti-malware\ewidoguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\RunDll32.exe C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\LVCOMSX.EXE C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\Programmi\Logitech\Video\LogiTray.exe C:\Programmi\MessengerPlus! 3\MsgPlus.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe D:\Programmi\DAEMON Tools\daemon.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe C:\WINDOWS\System32\ctfmon.exe C:\Programmi\Logitech\Video\FxSvr2.exe C:\WINDOWS\System32\wuauclt.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [DAEMON Tools] "d:\Programmi\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb1 0.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] C:\Programmi\Logitech\Video\ManifestEngine.exe boot O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149520084919 O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37840.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{C9F6DEE9-2A21-4112-8119-28126CBDFCFB}: NameServer = 85.37.17.6 85.38.28.89 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - d:\Programmi\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - d:\Programmi\ewido anti-malware\ewidoguard.exe O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Programmi\Sygate\SPF\smc.exe
___________________________________
tess... |
12-06-2006, 13.18.49 | #4 |
Junior Member
Registrato: 14-05-2005
Loc.: Palermo
Messaggi: 57
|
Il log e' pulito. Rispondi a queste domande per favore:
1) e' avast che ti rileva questo presunto worm? 2) hai fatto una scansione con bitdefender online? Cosa ti ha trovato? 3) ho visto nel tuo log che hai il MessengerPlus! 3. Ti sei ricordato di escludere lo sponsor durante il setup? Scarica questo tool antivirus e fai una scansione: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe |
14-06-2006, 17.03.33 | #5 |
Newbie
Registrato: 11-06-2006
Messaggi: 4
|
ho risolto con drweb! ha trovato due tre cosette e le ha curate!
grazie mille! ciao!
___________________________________
tess... |
14-06-2006, 19.27.04 | #6 | |
Junior Member
Registrato: 14-05-2005
Loc.: Palermo
Messaggi: 57
|
Quota:
|
|
Utenti attualmente attivi che stanno leggendo questa discussione: 1 (0 utenti e 1 ospiti) | |
Strumenti discussione | |
|
|
Discussioni simili | ||||
Discussione | Autore discussione | Forum | Risposte | Ultimo messaggio |
.:: Removal Tools AntiVirus - Update ::. | Giorgius | Sicurezza&Privacy | 282 | 03-01-2010 16.21.05 |
[VIRUS] Win32:sality-D-DLL [WRM] | TuQuoQue | Sicurezza&Privacy | 41 | 17-08-2006 13.01.58 |
--> W32/Swen@MM - McAfee segnala rischio medio <-- | Bico Bico | Sicurezza&Privacy | 27 | 25-09-2003 10.28.19 |
Worm.W32/Opaserv.Y@SMB - Rischio 4 - Update | Giorgius | Sicurezza&Privacy | 4 | 25-09-2003 10.27.10 |