Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

log hijackthis da analizzare.. virus che si ricrea in continuazione Opzioni
barabba2
Inviato: Tuesday, April 29, 2008 4:01:35 PM
Rank: Newbie

Iscritto dal : 4/29/2008
Posts: 0
Salve a tutti..
Potete dare un'occhiata al log di hijackthis?
Ho un virus in una cartella di sistema che continua a riprodursi anche se lo cancello con avast!
Ecco a voi il log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.45.13, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
F:\Programmi\Alwil Software\Avast4\ashServ.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
F:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
F:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\HPZipm12.exe
F:\WINDOWS\system32\svchost.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
F:\WINDOWS\Explorer.EXE
F:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
F:\WINDOWS\system32\RUNDLL32.EXE
F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
F:\WINDOWS\SOUNDMAN.EXE
F:\WINDOWS\system32\rundll32.exe
F:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe
F:\programmi\u-storage tool2.91\ustorage.exe
F:\Programmi\SimpleCenter\bin\win\sclauncher.exe
F:\Programmi\Messenger\msmsgs.exe
F:\Programmi\Skype\Phone\Skype.exe
F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
F:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
F:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe
F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
F:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
F:\Programmi\PC Connectivity Solution\Transports\NclToBTSrv.exe
F:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
F:\Programmi\Skype\Plugin Manager\skypePM.exe
F:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
F:\Programmi\Alwil Software\Avast4\ashSimpl.exe
F:\Programmi\Mozilla Firefox\firefox.exe
F:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BANTAI USA & EZRAEL [AL - MUKHLIS STUDIO]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - F:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IAAnotif] "F:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] F:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NSLauncher] F:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [UStorag] f:\programmi\u-storage tool2.91\ustorage.exe sys_auto_run F:\Programmi\U-Storage Tool2.91
O4 - HKLM\..\Run: [sclauncher] F:\Programmi\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [XrayReader] F:\PROGRA~1\FIMETO~1\X-RAYD~1\XrayReader.exe
O4 - HKLM\..\Run: [mcafee] F:\WINDOWS\WIN31.dll.vbs
O4 - HKCU\..\Run: [MSMSGS] "F:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "F:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] F:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] F:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "F:\Programmi\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "F:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: LG SyncManager.lnk = F:\Programmi\LG PC Suite\LG PC Sync\LGSyncManager.exe
O4 - Global Startup: QuatoCalibrationLoader.lnk = F:\Programmi\Quato\iColorDisplay\QuatoCalibrationLoader.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192002142515
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = onemed.local
O17 - HKLM\Software\..\Telephony: DomainName = onemed.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{F029D4D4-D760-4571-9C0B-26A41E716B20}: NameServer = 212.216.112.112
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = onemed.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = onemed.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - F:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autorun CDROM Monitor - Unknown owner - F:\WINDOWS\system32\SupportAppMH\cdrom_mon.exe
O23 - Service: avast! Antivirus - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - F:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - F:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - F:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - F:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - F:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

--
End of file - 8741 bytes


Aspetto vostre notizie!
Sponsor
Inviato: Tuesday, April 29, 2008 4:01:35 PM

 
pidue
Inviato: Tuesday, April 29, 2008 10:37:07 PM

Rank: AiutAmico

Iscritto dal : 6/2/2005
Posts: 7,332
La scansione l'hai fatta in mod provvisoria?



r16
Inviato: Tuesday, April 29, 2008 10:49:01 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao barabba2 .
Non potevi darmi qualche indicazione in più?
Nome del virus,eventuale percorso,quale cartella del sistema......

Assicurati di avere accesso a file e cartelle nascosti
(Pannello di controllo-> Opzioni Cartella-> Visualizzazione)
1) Metti la spunta su: Visualizza file e cartelle nascoste
2) Togli la spunta: nascondi file protetti di sistema

Disattiva il ripristino configurazione di sistema http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80121

Se non sai "fixare"le voci,segui questa guida dettagliata: http://www.aiutaamici.com/software?ID=11175

Avvia in modalità provvisoria http://guide.aiutamici.com/guide?C1=7&C2=68&ID=80122

Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked
O4 - HKLM\..\Run: [mcafee] F:\WINDOWS\WIN31.dll.vbs

Dimmi se conosci questo programma:Programmi\Quato\iColorDisplay\QuatoCalibrationLoader.
exeSe NON lo conosci Fixa anche questa voce:
O4 - Global Startup: QuatoCalibrationLoader.lnk = F:\Programmi\Quato\iColorDisplay\QuatoCalibrationLoader.exe

Trova e cancella i file in rosso:
F:\WINDOWS\WIN31.dll.vbs

Sempre se NON conosci quel programma,cancella la cartella in rosso:
F:\Programmi\Quato\iColorDisplay\QuatoCalibrationLoader.exe

Scarica VIRIT :
http://www.tgsoft.it/italy/download.htm lo aggiorni (cliccando sulla parabola in alto) e lo fai girare in Modalità Provvisoria (è molto importante).
Scarica Norman Malware Cleaner http://download.norman.no/public/Norman_Malware_Cleaner.exe
Norman Malware Cleaner è abbastanza semplice da usare: ( anche questo lo fai girare in Modalità provvisoria)

Si avvia

si accetta la licenza

si clicca Start Scan

si attende la fine della scansione

Dai una pulita (registro compreso)con questo http://www.aiutaamici.com/software?ID=11223

Riavvia il computer.

Fai una scansione on-line con questo; http://housecall.trendmicro.com/it/

Ricordati di rinascondere le cartelle di sistema;
Riattiva il ripristino configurazione di sistema e, se tutto è a posto, creane uno nuovo.
OPSSS........magari prima di eseguire le mie istruzioni segui il consiglio di P2.









Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.