Condividi:        

CTFMOM.EXE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

CTFMOM.EXE

Postdi thethunder » 24/09/07 22:54

Salve a tutti..
potete darmi una mano per eliminare il file in oggetto?

Grazie e un saluto.

Logfile of HijackThis v1.99.1
Scan saved at 23.44.07, on 24/09/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Programmi\Cisco Systems\VPN Client\vpngui.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Windows Update Firewall System] ctfmom.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\RunServices: [Windows Update Firewall System] ctfmom.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINNT\system32\E_S4C.tmp"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O4 - Global Startup: VPN Client.lnk = C:\Programmi\Cisco Systems\VPN Client\vpngui.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 5792291509
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = boero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{15789B5C-7A60-4FA4-A21F-4544F00701ED}: NameServer = 10.1.1.40,10.1.1.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{489DDCD4-2A43-4D79-9A13-CBBE726DEFF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = boero.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{15789B5C-7A60-4FA4-A21F-4544F00701ED}: NameServer = 10.1.1.40,10.1.1.41
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = boero.it
O20 - Winlogon Notify: NavLogon - C:\WINNT\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
thethunder
Utente Senior
 
Post: 104
Iscritto il: 12/08/06 10:13

Sponsor
 

Postdi Luke57 » 25/09/07 08:23

Ciao, scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip


Poi avvia il file Avenger.exe. (applicazioni chiuse e antivirus disattivato)
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:

Files to delete:
C:\WINDOWS\system32\ctfmom.exe


registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | Windows Update Firewall System
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices | Windows Update Firewall System



Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e allega il file C:\Avenger.txt
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi thethunder » 26/09/07 18:24

Ciao Luke,intanto ti ringrazio.Purtroppo non posso allegarti il report di Avenger perchè è comparso un mess.che mi avvertiva che il file era inesistente(?).
Ti allego comunque il log ti Hjackthis e attendo una tua risposta.
Grazie e a presto.

Logfile of HijackThis v1.99.1
Scan saved at 19.14.51, on 26/09/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINNT\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
C:\WINNT\system32\HPZipm12.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Programmi\RealVNC\WinVNC\WinVNC.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_SICN03.EXE
C:\Programmi\WinZip\WZQKPICK.EXE
C:\WINNT\system32\notepad.exe
C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
C:\Programmi\Cisco Systems\VPN Client\vpngui.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... _homepage/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinVNC] "C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [EPSON Stylus COLOR 480] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_SICN03.EXE /A "C:\WINNT\system32\E_S4C.tmp"
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINNT\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Programmi\Sitecom\Sitecom Wireless Network USB Adapter Turbo G WL-172\Installer\WLANUTL.EXE
O4 - Global Startup: VPN Client.lnk = C:\Programmi\Cisco Systems\VPN Client\vpngui.exe
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://test.catalog.update.microsoft.co ... 5792291509
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescan ... roinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = boero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{15789B5C-7A60-4FA4-A21F-4544F00701ED}: NameServer = 10.1.1.40,10.1.1.41
O17 - HKLM\System\CCS\Services\Tcpip\..\{489DDCD4-2A43-4D79-9A13-CBBE726DEFF2}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = boero.it
O17 - HKLM\System\CS1\Services\Tcpip\..\{15789B5C-7A60-4FA4-A21F-4544F00701ED}: NameServer = 10.1.1.40,10.1.1.41
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = boero.it
O20 - Winlogon Notify: NavLogon - C:\WINNT\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programmi\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINNT\system32\ibmpmsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programmi\RealVNC\WinVNC\WinVNC.exe" -service (file missing)
thethunder
Utente Senior
 
Post: 104
Iscritto il: 12/08/06 10:13

Postdi thethunder » 26/09/07 18:27

Trovato la risposta di Avenger!
La allego e scusa.
Fammi sapere.
Grazie.

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hriyaevi

*******************

Script file located at: \??\C:\WINNT\system32\khelrjjm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Deletion of file C:\WINDOWS\system32\ctfmom.exe failed!
Status: 0xc000014f
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Windows Update Firewall System deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices|Windows Update Firewall System deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
thethunder
Utente Senior
 
Post: 104
Iscritto il: 12/08/06 10:13


Torna a Sicurezza e Privacy

Chi c’è in linea

Visitano il forum: Nessuno e 25 ospiti