Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Chi mi controlla il log?

Chi mi controlla il log? Opzioni
Topic Precedente · Topic Sucessivo
Kindofblue
Inviato: Wednesday, March 23, 2005 10:47:29 PM
Rank: Member

Iscritto dal : 3/23/2005
Posts: 0
Sono molto inesperto vorrei un parere da qualcuno che ci capisce, ho fatto la scannerizzazione con hijack e questo é il risultato:

Logfile of HijackThis v1.99.1
Scan saved at 22.47.10, on 23/03/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashserv.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\kernels32.exe
C:\Program Files\Windows TaskAd\WinTaskAd.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Windows TaskAd\WinSched.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Indexindicator.exe
C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
C:\DOCUME~1\VIK\IMPOST~1\Temp\asr.exe
C:\WINDOWS\Jpc.exe
C:\Documents and Settings\VIK\service.exe
C:\Documents and Settings\VIK\b21.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\Programmi\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\VIK\Desktop\antispyware\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {6A0B3E1D-7272-92AA-71CD-BD1C7C4883E3} - C:\WINDOWS\system32\cnoser.exe (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\boaebiae.dll
O2 - BHO: (no name) - {902F3F60-9EC6-8D16-D119-FCE4EEF046A7} - C:\WINDOWS\System32\xajogjpb.dll
O2 - BHO: (no name) - {A5020F60-B3F5-B822-FC29-CCC9DEC06B97} - C:\WINDOWS\System32\xajogjpb.dll
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\System32\saristar.dll (file missing)
O2 - BHO: (no name) - {F979F418-6A9A-C5B6-5BF3-67CB6C9923A7} - C:\WINDOWS\System32\goxaiec.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKLM\..\Run: [avast!] C:\Programmi\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\System32\Indexindicator.exe /check
O4 - HKLM\..\Run: [MEMreaload] C:\Programmi\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
O4 - HKLM\..\Run: [Suite] C:\WINDOWS\System32\SuiteOffices.exe /cleandb
O4 - HKLM\..\Run: [Reload] C:\Programmi\ServicePackFiles\reload.exe /reloadenterpice
O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\System32\Recalculate.exe /reloadenterpice
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [ThreadMode] C:\DOCUME~1\VIK\IMPOST~1\Temp\asr.exe
O4 - HKLM\..\Run: [glv] C:\WINDOWS\glv.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [Hlq] C:\WINDOWS\Jpc.exe
O4 - HKLM\..\Run: [Tpk] C:\WINDOWS\System32\Dug.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\Uht.exe
O4 - HKLM\..\Run: [Bev] C:\WINDOWS\Tjj.exe
O4 - HKLM\..\Run: [Dbv] C:\WINDOWS\Idb.exe
O4 - HKLM\..\Run: [Cvs] C:\WINDOWS\System32\Ort.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Abg.exe
O4 - HKLM\..\Run: [Qlh] C:\WINDOWS\System32\Cao.exe
O4 - HKLM\..\Run: [Btm] C:\WINDOWS\System32\Aqe.exe
O4 - HKLM\..\Run: [Qik] C:\WINDOWS\Ngf.exe
O4 - HKLM\..\Run: [Gqi] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Pcq] C:\WINDOWS\Idk.exe
O4 - HKLM\..\Run: [Haj] C:\WINDOWS\Npe.exe
O4 - HKLM\..\Run: [Hkd] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Kue] C:\WINDOWS\Tpk.exe
O4 - HKLM\..\Run: [Snr] C:\WINDOWS\System32\Gmr.exe
O4 - HKLM\..\Run: [Pkl] C:\WINDOWS\System32\Ejq.exe
O4 - HKLM\..\Run: [Kff] C:\WINDOWS\System32\Knj.exe
O4 - HKLM\..\Run: [Iog] C:\WINDOWS\System32\Vgs.exe
O4 - HKLM\..\Run: [Hlk] C:\WINDOWS\Giq.exe
O4 - HKLM\..\Run: [Iqo] C:\WINDOWS\Cac.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Ful.exe
O4 - HKLM\..\Run: [Fbm] C:\WINDOWS\Urh.exe
O4 - HKLM\..\Run: [Jjn] C:\WINDOWS\Gks.exe
O4 - HKLM\..\Run: [Ovf] C:\WINDOWS\System32\Ogq.exe
O4 - HKLM\..\Run: [Hrr] C:\WINDOWS\Pmu.exe
O4 - HKLM\..\Run: [Irc] C:\WINDOWS\Vcb.exe
O4 - HKLM\..\Run: [Qpd] C:\WINDOWS\Edm.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Okk.exe
O4 - HKLM\..\Run: [Gvv] C:\WINDOWS\Ijr.exe
O4 - HKLM\..\Run: [Rjb] C:\WINDOWS\Eif.exe
O4 - HKLM\..\Run: [Kkh] C:\WINDOWS\Ufm.exe
O4 - HKLM\..\Run: [Pks] C:\WINDOWS\Bmg.exe
O4 - HKLM\..\Run: [Gvn] C:\WINDOWS\Dte.exe
O4 - HKLM\..\Run: [Fip] C:\WINDOWS\Dhd.exe
O4 - HKLM\..\Run: [Iju] C:\WINDOWS\System32\Bdg.exe
O4 - HKLM\..\Run: [Sut] C:\WINDOWS\Omd.exe
O4 - HKLM\..\Run: [Dlm] C:\WINDOWS\System32\Vpn.exe
O4 - HKLM\..\Run: [Jmt] C:\WINDOWS\Vab.exe
O4 - HKLM\..\Run: [Itg] C:\WINDOWS\Fia.exe
O4 - HKLM\..\Run: [Lsu] C:\WINDOWS\System32\Jcq.exe
O4 - HKLM\..\Run: [Aue] C:\WINDOWS\System32\Ijq.exe
O4 - HKLM\..\Run: [Crd] C:\WINDOWS\Ttr.exe
O4 - HKLM\..\Run: [Qda] C:\WINDOWS\System32\Bje.exe
O4 - HKLM\..\Run: [Frj] C:\WINDOWS\System32\Pie.exe
O4 - HKLM\..\Run: [Lqg] C:\WINDOWS\System32\Tte.exe
O4 - HKLM\..\Run: [Bfn] C:\WINDOWS\System32\Jbs.exe
O4 - HKLM\..\Run: [Mkh] C:\WINDOWS\Bpl.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Tpk] C:\WINDOWS\System32\Dug.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\Uht.exe
O4 - HKCU\..\Run: [Bev] C:\WINDOWS\Tjj.exe
O4 - HKCU\..\Run: [Dbv] C:\WINDOWS\Idb.exe
O4 - HKCU\..\Run: [Cvs] C:\WINDOWS\System32\Ort.exe
O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Abg.exe
O4 - HKCU\..\Run: [Qlh] C:\WINDOWS\System32\Cao.exe
O4 - HKCU\..\Run: [Btm] C:\WINDOWS\System32\Aqe.exe
O4 - HKCU\..\Run: [Qik] C:\WINDOWS\Ngf.exe
O4 - HKCU\..\Run: [Gqi] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Pcq] C:\WINDOWS\Idk.exe
O4 - HKCU\..\Run: [Haj] C:\WINDOWS\Npe.exe
O4 - HKCU\..\Run: [Hkd] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Kue] C:\WINDOWS\Tpk.exe
O4 - HKCU\..\Run: [Snr] C:\WINDOWS\System32\Gmr.exe
O4 - HKCU\..\Run: [Pkl] C:\WINDOWS\System32\Ejq.exe
O4 - HKCU\..\Run: [Kff] C:\WINDOWS\System32\Knj.exe
O4 - HKCU\..\Run: [Iog] C:\WINDOWS\System32\Vgs.exe
O4 - HKCU\..\Run: [Hlk] C:\WINDOWS\Giq.exe
O4 - HKCU\..\Run: [Iqo] C:\WINDOWS\Cac.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Ful.exe
O4 - HKCU\..\Run: [Fbm] C:\WINDOWS\Urh.exe
O4 - HKCU\..\Run: [Jjn] C:\WINDOWS\Gks.exe
O4 - HKCU\..\Run: [Ovf] C:\WINDOWS\System32\Ogq.exe
O4 - HKCU\..\Run: [Hrr] C:\WINDOWS\Pmu.exe
O4 - HKCU\..\Run: [Irc] C:\WINDOWS\Vcb.exe
O4 - HKCU\..\Run: [Qpd] C:\WINDOWS\Edm.exe
O4 - HKCU\..\Run: [Hvr] C:\WINDOWS\System32\Okk.exe
O4 - HKCU\..\Run: [Gvv] C:\WINDOWS\Ijr.exe
O4 - HKCU\..\Run: [Rjb] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Kkh] C:\WINDOWS\Ufm.exe
O4 - HKCU\..\Run: [Pks] C:\WINDOWS\Bmg.exe
O4 - HKCU\..\Run: [Gvn] C:\WINDOWS\Dte.exe
O4 - HKCU\..\Run: [Fip] C:\WINDOWS\Dhd.exe
O4 - HKCU\..\Run: [Iju] C:\WINDOWS\System32\Bdg.exe
O4 - HKCU\..\Run: [Sut] C:\WINDOWS\Omd.exe
O4 - HKCU\..\Run: [Dlm] C:\WINDOWS\System32\Vpn.exe
O4 - HKCU\..\Run: [Jmt] C:\WINDOWS\Vab.exe
O4 - HKCU\..\Run: [Itg] C:\WINDOWS\Fia.exe
O4 - HKCU\..\Run: [Lsu] C:\WINDOWS\System32\Jcq.exe
O4 - HKCU\..\Run: [Aue] C:\WINDOWS\System32\Ijq.exe
O4 - HKCU\..\Run: [Crd] C:\WINDOWS\Ttr.exe
O4 - HKCU\..\Run: [Qda] C:\WINDOWS\System32\Bje.exe
O4 - HKCU\..\Run: [Frj] C:\WINDOWS\System32\Pie.exe
O4 - HKCU\..\Run: [Lqg] C:\WINDOWS\System32\Tte.exe
O4 - HKCU\..\Run: [Bfn] C:\WINDOWS\System32\Jbs.exe
O4 - HKCU\..\Run: [Mkh] C:\WINDOWS\Bpl.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmes0522.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmes0522.dll (file missing)
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987519} - C:\SEX212it\SEX212it.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\MSMSGS.EXE
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
O16 - DPF: Yahoo! Chat - http://cs6.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:C:\arct.chm::/painter.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://spystream.babenet.com/cabs/videox.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_EN_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://67.15.5.151/ProWeb016.CAB
O16 - DPF: {3CA95C27-2150-4E4A-93A3-D557C88EBF2D} - http://beta.anywebcam.com/awc/MGT.ocx
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://67.19.178.84/hhctrl.ocx
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {7A32634B-029C-4836-A023-528983982A49} - http://fdl.msn.com/public/chat/msnchat42.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B3A5878E-5B4C-4D12-9156-4D7FD8D0AF6C} - http://akamai.downloadv3.com/binaries/one2one/one2oneSvcEN.cab
O16 - DPF: {BDA25AB2-5805-49CE-9C98-29FCDDF652EB} - http://beta.anywebcam.com/awc/GM.ocx
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://67.15.5.151/ProWeb604.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E8E72919-8219-4337-9260-7DD62C782AEF} - http://beta.anywebcam.com/awc/MGET.ocx
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - https://selfcare.tiscali.it/scripts/oneclick/ConnessioneTiscali.cab
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://www.desktoplife.net/adulti.exe
O16 - DPF: {FFFF0068-0001-101A-A3C9-08002B2F49FB} - http://www.foto-gratis-di.com/go/pornynetd26.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E7A9EA4A-8D14-487C-A6AA-6148C0058945}: NameServer = 217.141.255.204 151.99.125.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashserv.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmi\Panda Software\Panda Antivirus Titanium\PAVSRV51.EXE (file missing)


Grazie a chi mi risponderà.


Edited by - Kindofblue on 03/23/2005 22:48:11
Torna in alto
 
Sponsor
Inviato: Wednesday, March 23, 2005 10:47:29 PM

 
Torna in alto
 
alfonso
Inviato: Wednesday, March 23, 2005 11:33:44 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

1) Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

2) riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono, (nel caso le righe da eliminare non compaiono in modalità provvisoria, eliminale dalla modalità normale e riavvia il computer).

==================================
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.e-finder.cc/search/ (obfuscated)
-
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.e-finder.cc/search/ (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\System\blank.htm
-
R3 - URLSearchHook: (no name) - {6A0B3E1D-7272-92AA-71CD-BD1C7C4883E3} - C:\WINDOWS\system32\cnoser.exe (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: (no name) - {6DA975EA-CBB4-411B-97C0-DB0A892BF2C1} - C:\WINDOWS\System32\boaebiae.dll
O2 - BHO: (no name) - {902F3F60-9EC6-8D16-D119-FCE4EEF046A7} - C:\WINDOWS\System32\xajogjpb.dll
O2 - BHO: (no name) - {A5020F60-B3F5-B822-FC29-CCC9DEC06B97} - C:\WINDOWS\System32\xajogjpb.dll
O2 - BHO: Saristar - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE50} - C:\WINDOWS\System32\saristar.dll (file missing)
O2 - BHO: (no name) - {F979F418-6A9A-C5B6-5BF3-67CB6C9923A7} - C:\WINDOWS\System32\goxaiec.dll
-
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
-
O4 - HKLM\..\Run: [Indexindicator] C:\WINDOWS\System32\Indexindicator.exe /check
O4 - HKLM\..\Run: [MEMreaload] C:\Programmi\ServicePackFiles\MEMreaload.exe /checkmouse /updateratio
O4 - HKLM\..\Run: [Suite] C:\WINDOWS\System32\SuiteOffices.exe /cleandb
O4 - HKLM\..\Run: [Reload] C:\Programmi\ServicePackFiles\reload.exe /reloadenterpice
O4 - HKLM\..\Run: [Diesel] C:\WINDOWS\System32\Recalculate.exe /reloadenterpice
O4 - HKLM\..\Run: [EnergyPlugIn] C:\Programmi\EnergyPlugIn\EnergyPlugin.exe
O4 - HKLM\..\Run: [ThreadMode] C:\DOCUME~1\VIK\IMPOST~1\Temp\asr.exe
O4 - HKLM\..\Run: [glv] C:\WINDOWS\glv.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [Hlq] C:\WINDOWS\Jpc.exe
O4 - HKLM\..\Run: [Tpk] C:\WINDOWS\System32\Dug.exe
O4 - HKLM\..\Run: [Hai] C:\WINDOWS\Uht.exe
O4 - HKLM\..\Run: [Bev] C:\WINDOWS\Tjj.exe
O4 - HKLM\..\Run: [Dbv] C:\WINDOWS\Idb.exe
O4 - HKLM\..\Run: [Cvs] C:\WINDOWS\System32\Ort.exe
O4 - HKLM\..\Run: [Seb] C:\WINDOWS\System32\Abg.exe
O4 - HKLM\..\Run: [Qlh] C:\WINDOWS\System32\Cao.exe
O4 - HKLM\..\Run: [Btm] C:\WINDOWS\System32\Aqe.exe
O4 - HKLM\..\Run: [Qik] C:\WINDOWS\Ngf.exe
O4 - HKLM\..\Run: [Gqi] C:\WINDOWS\System32\Eef.exe
O4 - HKLM\..\Run: [Pcq] C:\WINDOWS\Idk.exe
O4 - HKLM\..\Run: [Haj] C:\WINDOWS\Npe.exe
O4 - HKLM\..\Run: [Hkd] C:\WINDOWS\System32\Mqr.exe
O4 - HKLM\..\Run: [Kue] C:\WINDOWS\Tpk.exe
O4 - HKLM\..\Run: [Snr] C:\WINDOWS\System32\Gmr.exe
O4 - HKLM\..\Run: [Pkl] C:\WINDOWS\System32\Ejq.exe
O4 - HKLM\..\Run: [Kff] C:\WINDOWS\System32\Knj.exe
O4 - HKLM\..\Run: [Iog] C:\WINDOWS\System32\Vgs.exe
O4 - HKLM\..\Run: [Hlk] C:\WINDOWS\Giq.exe
O4 - HKLM\..\Run: [Iqo] C:\WINDOWS\Cac.exe
O4 - HKLM\..\Run: [Qtc] C:\WINDOWS\System32\Ful.exe
O4 - HKLM\..\Run: [Fbm] C:\WINDOWS\Urh.exe
O4 - HKLM\..\Run: [Jjn] C:\WINDOWS\Gks.exe
O4 - HKLM\..\Run: [Ovf] C:\WINDOWS\System32\Ogq.exe
O4 - HKLM\..\Run: [Hrr] C:\WINDOWS\Pmu.exe
O4 - HKLM\..\Run: [Irc] C:\WINDOWS\Vcb.exe
O4 - HKLM\..\Run: [Qpd] C:\WINDOWS\Edm.exe
O4 - HKLM\..\Run: [Hvr] C:\WINDOWS\System32\Okk.exe
O4 - HKLM\..\Run: [Gvv] C:\WINDOWS\Ijr.exe
O4 - HKLM\..\Run: [Rjb] C:\WINDOWS\Eif.exe
O4 - HKLM\..\Run: [Kkh] C:\WINDOWS\Ufm.exe
O4 - HKLM\..\Run: [Pks] C:\WINDOWS\Bmg.exe
O4 - HKLM\..\Run: [Gvn] C:\WINDOWS\Dte.exe
O4 - HKLM\..\Run: [Fip] C:\WINDOWS\Dhd.exe
O4 - HKLM\..\Run: [Iju] C:\WINDOWS\System32\Bdg.exe
O4 - HKLM\..\Run: [Sut] C:\WINDOWS\Omd.exe
O4 - HKLM\..\Run: [Dlm] C:\WINDOWS\System32\Vpn.exe
O4 - HKLM\..\Run: [Jmt] C:\WINDOWS\Vab.exe
O4 - HKLM\..\Run: [Itg] C:\WINDOWS\Fia.exe
O4 - HKLM\..\Run: [Lsu] C:\WINDOWS\System32\Jcq.exe
O4 - HKLM\..\Run: [Aue] C:\WINDOWS\System32\Ijq.exe
O4 - HKLM\..\Run: [Crd] C:\WINDOWS\Ttr.exe
O4 - HKLM\..\Run: [Qda] C:\WINDOWS\System32\Bje.exe
O4 - HKLM\..\Run: [Frj] C:\WINDOWS\System32\Pie.exe
O4 - HKLM\..\Run: [Lqg] C:\WINDOWS\System32\Tte.exe
O4 - HKLM\..\Run: [Bfn] C:\WINDOWS\System32\Jbs.exe
O4 - HKLM\..\Run: [Mkh] C:\WINDOWS\Bpl.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels32.exe
-
O4 - HKCU\..\Run: [Tpk] C:\WINDOWS\System32\Dug.exe
O4 - HKCU\..\Run: [Hai] C:\WINDOWS\Uht.exe
O4 - HKCU\..\Run: [Bev] C:\WINDOWS\Tjj.exe
O4 - HKCU\..\Run: [Dbv] C:\WINDOWS\Idb.exe
O4 - HKCU\..\Run: [Cvs] C:\WINDOWS\System32\Ort.exe
O4 - HKCU\..\Run: [Seb] C:\WINDOWS\System32\Abg.exe
O4 - HKCU\..\Run: [Qlh] C:\WINDOWS\System32\Cao.exe
O4 - HKCU\..\Run: [Btm] C:\WINDOWS\System32\Aqe.exe
O4 - HKCU\..\Run: [Qik] C:\WINDOWS\Ngf.exe
O4 - HKCU\..\Run: [Gqi] C:\WINDOWS\System32\Eef.exe
O4 - HKCU\..\Run: [Pcq] C:\WINDOWS\Idk.exe
O4 - HKCU\..\Run: [Haj] C:\WINDOWS\Npe.exe
O4 - HKCU\..\Run: [Hkd] C:\WINDOWS\System32\Mqr.exe
O4 - HKCU\..\Run: [Kue] C:\WINDOWS\Tpk.exe
O4 - HKCU\..\Run: [Snr] C:\WINDOWS\System32\Gmr.exe
O4 - HKCU\..\Run: [Pkl] C:\WINDOWS\System32\Ejq.exe
O4 - HKCU\..\Run: [Kff] C:\WINDOWS\System32\Knj.exe
O4 - HKCU\..\Run: [Iog] C:\WINDOWS\System32\Vgs.exe
O4 - HKCU\..\Run: [Hlk] C:\WINDOWS\Giq.exe
O4 - HKCU\..\Run: [Iqo] C:\WINDOWS\Cac.exe
O4 - HKCU\..\Run: [Qtc] C:\WINDOWS\System32\Ful.exe
O4 - HKCU\..\Run: [Fbm] C:\WINDOWS\Urh.exe
O4 - HKCU\..\Run: [Jjn] C:\WINDOWS\Gks.exe
O4 - HKCU\..\Run: [Ovf] C:\WINDOWS\System32\Ogq.exe
O4 - HKCU\..\Run: [Hrr] C:\WINDOWS\Pmu.exe
O4 - HKCU\..\Run: [Irc] C:\WINDOWS\Vcb.exe
O4 - HKCU\..\Run: [Qpd] C:\WINDOWS\Edm.exe
O4 - HKCU\..\Run: [Hvr] C:\WINDOWS\System32\Okk.exe
O4 - HKCU\..\Run: [Gvv] C:\WINDOWS\Ijr.exe
O4 - HKCU\..\Run: [Rjb] C:\WINDOWS\Eif.exe
O4 - HKCU\..\Run: [Kkh] C:\WINDOWS\Ufm.exe
O4 - HKCU\..\Run: [Pks] C:\WINDOWS\Bmg.exe
O4 - HKCU\..\Run: [Gvn] C:\WINDOWS\Dte.exe
O4 - HKCU\..\Run: [Fip] C:\WINDOWS\Dhd.exe
O4 - HKCU\..\Run: [Iju] C:\WINDOWS\System32\Bdg.exe
O4 - HKCU\..\Run: [Sut] C:\WINDOWS\Omd.exe
O4 - HKCU\..\Run: [Dlm] C:\WINDOWS\System32\Vpn.exe
O4 - HKCU\..\Run: [Jmt] C:\WINDOWS\Vab.exe
O4 - HKCU\..\Run: [Itg] C:\WINDOWS\Fia.exe
O4 - HKCU\..\Run: [Lsu] C:\WINDOWS\System32\Jcq.exe
O4 - HKCU\..\Run: [Aue] C:\WINDOWS\System32\Ijq.exe
O4 - HKCU\..\Run: [Crd] C:\WINDOWS\Ttr.exe
O4 - HKCU\..\Run: [Qda] C:\WINDOWS\System32\Bje.exe
O4 - HKCU\..\Run: [Frj] C:\WINDOWS\System32\Pie.exe
O4 - HKCU\..\Run: [Lqg] C:\WINDOWS\System32\Tte.exe
O4 - HKCU\..\Run: [Bfn] C:\WINDOWS\System32\Jbs.exe
O4 - HKCU\..\Run: [Mkh] C:\WINDOWS\Bpl.exe
-
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmes0522.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmes0522.dll (file missing)
O9 - Extra button: Erotic - {8E65B894-C2E9-11D5-BCD3-00E018987519} - C:\SEX212it\SEX212it.exe (file missing)
-
O13 - DefaultPrefix:
O13 - WWW Prefix:
O14 - IERESET.INF: START_PAGE_URL=http://www.olidata.it
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.vxiframe.biz
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O15 - Trusted Zone: *.crazywinnings.com (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.topconverting.com (HKLM)
O15 - Trusted Zone: *.vxiframe.biz (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 66.197.161.149
O15 - Trusted IP range: 66.197.161.149 (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone (HKLM)
-
O16 - DPF: {15320607-1001-1831-1000-118599957123} - ms-its:C:\arct.chm::/painter.exe
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://spystream.babenet.com/cabs/videox.cab
-
O16 - DPF: {31F11DFA-3A23-4BC0-89B4-2FB3FB43525B} (Pro_Web016.ProWeb016) - http://67.15.5.151/ProWeb016.CAB
O16 - DPF: {3CA95C27-2150-4E4A-93A3-D557C88EBF2D} - http://beta.anywebcam.com/awc/MGT.ocx
O16 - DPF: {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} (HHCtrl Object) - http://67.19.178.84/hhctrl.ocx
-
O16 - DPF: {BDA25AB2-5805-49CE-9C98-29FCDDF652EB} - http://beta.anywebcam.com/awc/GM.ocx
O16 - DPF: {C7CF4846-0324-4B83-B810-C4BF61029E02} (Pro_Web04.ProWeb604) - http://67.15.5.151/ProWeb604.CAB
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {E8E72919-8219-4337-9260-7DD62C782AEF} - http://beta.anywebcam.com/awc/MGET.ocx
-
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://www.desktoplife.net/adulti.exe
O16 - DPF: {FFFF0068-0001-101A-A3C9-08002B2F49FB} - http://www.foto-gratis-di.com/go/pornynetd26.exe
-
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
-
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Programmi\Panda Software\Panda Antivirus Titanium\PAVSRV51.EXE (file missing)
==================================

Con la funzione TROVA di Windows, cerca ed elimina questi file,

==================================
cnoser.exe
kernels32.exe
boaebiae.dll
xajogjpb.dll
saristar.dll
goxaiec.dll
WinTaskAd.exe
Indexindicator.exe
MEMreaload.exe
SuiteOffices.exe
reload.exe
Recalculate.exe
EnergyPlugin.exe
asr.exe
glv.exe
Jpc.exe
Dug.exe
Uht.exe
Tjj.exe
Idb.exe
Ort.exe
Abg.exe
Cao.exe
Aqe.exe
Ngf.exe
Eef.exe
Idk.exe
Npe.exe
Mqr.exe
Tpk.exe
Gmr.exe
Ejq.exe
Knj.exe
Vgs.exe
Giq.exe
Cac.exe
Ful.exe
Urh.exe
Gks.exe
Ogq.exe
Pmu.exe
Vcb.exe
Edm.exe
Okk.exe
Ijr.exe
Eif.exe
Ufm.exe
Bmg.exe
Dte.exe
Dhd.exe
Bdg.exe
Omd.exe
Vpn.exe
Vab.exe
Fia.exe
Jcq.exe
Ijq.exe
Ttr.exe
Bje.exe
Pie.exe
Tte.exe
Jbs.exe
Bpl.exe
yhexbmes0522.dll
SEX212it.exe
painter.exe
==================================

SVUOTA la cartella C:\DOCUME~1\VIK\IMPOST~1\Temp

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura.


Rimanda il log aggiornato per controllare se hai eliminato tutto.



Collaboratore Aiutamici
Torna in alto
 
Kindofblue
Inviato: Wednesday, March 23, 2005 11:45:10 PM
Rank: Member

Iscritto dal : 3/23/2005
Posts: 0
Ok Alfonso, grazie mille.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Chi mi controlla il log?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.