Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log per bloccaggio

Controllo log per bloccaggio Opzioni
Topic Precedente · Topic Sucessivo
alfius
Inviato: Thursday, January 19, 2006 7:47:11 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Ho qualche problema...grazie
Logfile of HijackThis v1.99.1
Scan saved at 19.41.29, on 19/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\SYSTEM32\Ati2evxx.exe
E:\WINDOWS\__P9HEPQKBJ.EXE
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\__P9HEPQKBJ.EXE
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\WINDOWS\soundman.exe
E:\Programmi\Microsoft IntelliPoint\point32.exe
E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programmi\Logitech\Video\LogiTray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\WINDOWS\atip.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\Logitech\Video\FxSvr2.exe
E:\Programmi\Logitech\SetPoint\KEM.exe
E:\Programmi\AnalogX\MaxMem\maxmem.exe
E:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\EuTransPro\EuTransWord.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Documents and Settings\alfio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://perso.photos-animaux.com/p22240,FRA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,,E:\WINDOWS\__P9HEPQKBJ.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AtiPanel] E:\WINDOWS\atip.exe
O4 - HKCU\..\Run: [LDM] \ProgramO4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: MaxMem.lnk = E:\Programmi\AnalogX\MaxMem\maxmem.exe
O4 - Startup: RegVac.lnk = E:\Program Files\RegVac\regvac.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11ead797c43a7e900206/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123535518871
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432682308
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/helpexpress/files/MotivePreQual.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak04.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.en-US.9.1.6.18.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88493D6-8218-4A43-A53F-BB474956BB8A}: NameServer = 212.216.112.112 212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
Torna in alto
 
Sponsor
Inviato: Thursday, January 19, 2006 7:47:11 PM

 
Torna in alto
 
alfonso
Inviato: Thursday, January 19, 2006 8:00:49 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.
==================================
F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,,E:\WINDOWS\__P9HEPQKBJ.EXE
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
__P9HEPQKBJ.EXE
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N
Collaboratore Aiutamici
Torna in alto
 
alfius
Inviato: Thursday, January 19, 2006 8:04:32 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Grazie ..aspettavo la risposta....vi farò sapere
per intanto grazie
Torna in alto
 
alfius
Inviato: Thursday, January 19, 2006 8:55:22 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Niente da fare , mi impedisce di cancellarlo ; dice che è utilizzato da un altro programma.
Ma mi chiedo ...siccome in contemporanea mi ha chiesto l'accesso atip.exe ..non è che è legato anche a questo file che non ho proprio idea a cosa serve ????
Faccio una scansione on line con simantec...non si sa mai
Torna in alto
 
alfonso
Inviato: Thursday, January 19, 2006 9:09:05 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Fai la scansione amtivirus on line come hai già detto
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym


Collaboratore Aiutamici
Torna in alto
 
alfius
Inviato: Thursday, January 19, 2006 9:13:21 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
L'ho bloccato a 4000 circa file perchè nea veva trovato uno ....adesso però lo rilancio per proseguire
ecoolo:
E:\WINDOWS\atip.exe è infettato con Download.Trojan
Torna in alto
 
alfius
Inviato: Thursday, January 19, 2006 11:02:53 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Ok è rimasto questo file da solo , il file ( che non so a che serve) porta la data di qualche giorno fa ...e negli stessi giorni è comparso un avviso di protezione (scudetto rosso) a proposito dell'aggiornamento automatico che risulta essere disattivato ed è impossibile attivarlo perchè dopo aver cliccato ritorna ad essere disinserito ( anche facendolo da altri punti ) non vorrei che fosse tutto legato insieme.
Che faccio ???
Torna in alto
 
alfonso
Inviato: Friday, January 20, 2006 11:35:41 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Elimina anche la riga

O4 - HKLM\..\Run: [AtiPanel] E:\WINDOWS\atip.exe

e il relativo file

atip.exe

insieme a quello già indicato, oppure rimandami il log aggiornato.

Collaboratore Aiutamici
Torna in alto
 
alfius
Inviato: Friday, January 20, 2006 1:43:32 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
ok ci provo
Torna in alto
 
alfius
Inviato: Friday, January 20, 2006 8:32:36 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Eccomi qua ma sconfitto :
Hijackthis ha portato via atip ma non il file malefico non toglie neppure la riga chiaramente in modalità provvisoria..sempre nella stessa modalità AD-Aware non ha trovato nulla, Avast idem , Etremover qualcosa ha portato via ma non lui, Simantec on line dice che sono protetto dall'esterno, la ricerca del virus sta girando ed ho superato il numero che ieri mi dava un file infetto, in Dos alla richiesta di DEL mi dice che non trova il file .....ma c'è io lo vedo ...
A questo punto non so cosa fare ...cambiare antivirus ??? o cosa ????
Torna in alto
 
alfius
Inviato: Friday, January 20, 2006 9:12:57 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
RegSeeker mi ha trovato 626 voci da cancellare .....tu che faresti ? gli do l'ok ? ho seguito le indicazioni del vostro link ...
Torna in alto
 
alfius
Inviato: Friday, January 20, 2006 9:23:19 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Adesso sono arrivati tre nuovi aggiornamenti uno di ad-aware, uno di spybot e uno di avast ..speriamo che uno di questi riesca a fare qualcosa
Torna in alto
 
alfonso
Inviato: Saturday, January 21, 2006 9:01:16 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Regseeker pulisce il registro dalle voci inutili, puoi dare ok, ma non centra nulla ne con virus ne con spyware

inserisci il log aggiornato.
Collaboratore Aiutamici
Torna in alto
 
alfius
Inviato: Saturday, January 21, 2006 2:00:13 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Eccolo qui, mi chiedo però visto che su google se ne parla da dicembre possibile che nessuno di questi programmi adatti alloscopo non abbiano aggiornato i malware ?
ok...dai...ecco il log.
Logfile of HijackThis v1.99.1
Scan saved at 13.58.05, on 21/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\__P9HEPQKBJ.EXE
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\__P9HEPQKBJ.EXE
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\WINDOWS\soundman.exe
E:\Programmi\Microsoft IntelliPoint\point32.exe
E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programmi\Logitech\Video\LogiTray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\Logitech\SetPoint\KEM.exe
E:\Programmi\AnalogX\MaxMem\maxmem.exe
E:\Programmi\Logitech\Video\FxSvr2.exe
E:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Documents and Settings\alfio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://perso.photos-animaux.com/p22240,FRA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=E:\WINDOWS\SYSTEM32\Userinit.exe,,E:\WINDOWS\__P9HEPQKBJ.EXE
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [LDM] \ProgramO4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: MaxMem.lnk = E:\Programmi\AnalogX\MaxMem\maxmem.exe
O4 - Startup: RegVac.lnk = E:\Program Files\RegVac\regvac.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11ead797c43a7e900206/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123535518871
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432682308
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/helpexpress/files/MotivePreQual.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak04.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.en-US.9.1.6.18.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88493D6-8218-4A43-A53F-BB474956BB8A}: NameServer = 212.216.112.112 212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
Torna in alto
 
alfonso
Inviato: Sunday, January 22, 2006 12:23:43 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
F2 - REG:system.ini: UserInit=E:\WINDOWS\SYSTEM32\Userinit.exe,,E:\WINDOWS\__P9HEPQKBJ.EXE
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
__P9HEPQKBJ.EXE
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Se il file non si elimina dalla modalità provvisoria, prova a usare questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1173
Collaboratore Aiutamici
Torna in alto
 
alfius
Inviato: Sunday, January 22, 2006 2:45:58 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Grazie ci riprovo ...stamattina non partiva più neanche explorer e outlook....non usciva fuori la mascherina di collegamento alla rete.....speriamo bene...
Torna in alto
 
alfius
Inviato: Sunday, January 22, 2006 6:01:39 PM
Rank: Member

Iscritto dal : 11/24/2001
Posts: 2
Tutto Ok..come sempre non lasciate mai nella c@@@ gli amici !!!!
Alfonso mi permetti un paio di riflessioni...visto che sto ogni giorno al pc potrebbero essere di aiuto ad altri.
Il maledetto entra con atip perchè nessuno darebbe mai l'ok a zone alarm ad un file con quel nome mentre atip...potrebbe essere qualcosa di buono ....era lui che modificava la settatura del upgrade automatico di xp infatti dopo l'eliminazione del file con l'ultimo programmino è andato a posto da solo o meglio io ho settato l'automatismo ed è rimasto stabile sul verde.
Chiaramente la riga F3........ l'ho tolta successivamente in modalità provvisoria ahhh..inoltre per qualche motivo incomprensibile a me....e senza che io abbia ripristinato la configurazione del sistema......l'ho trovata già inserita ...boh....comunque il file non c'è più ed adesso ti posto l'ultimo log

Logfile of HijackThis v1.99.1
Scan saved at 18.01.03, on 22/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
E:\Programmi\Alwil Software\Avast4\ashServ.exe
E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\WINDOWS\soundman.exe
E:\Programmi\Microsoft IntelliPoint\point32.exe
E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Programmi\Logitech\Video\LogiTray.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\rundll32.exe
E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
E:\Programmi\File comuni\Real\Update_OB\realsched.exe
E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
E:\Programmi\Logitech\SetPoint\KEM.exe
E:\Programmi\AnalogX\MaxMem\maxmem.exe
E:\Programmi\Logitech\SetPoint\KHALMNPR.EXE
E:\Programmi\Logitech\Video\FxSvr2.exe
E:\Programmi\Internet Explorer\iexplore.exe
E:\Documents and Settings\alfio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.it/0SEITIT/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://perso.photos-animaux.com/p22240,FRA.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programmi\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] E:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CamMonitor] E:\Programmi\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] E:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "E:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Programmi\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [LDM] \ProgramO4 - HKCU\..\Run: [LogitechSoftwareUpdate] E:\Programmi\Logitech\Video\ManifestEngine.exe boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "E:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: MaxMem.lnk = E:\Programmi\AnalogX\MaxMem\maxmem.exe
O4 - Startup: RegVac.lnk = E:\Program Files\RegVac\regvac.exe
O4 - Global Startup: Logitech SetPoint.lnk = E:\Programmi\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - E:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programmi\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - E:\Programmi\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/11ead797c43a7e900206/netzip/RdxIE601_it.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123535518871
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137432682308
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://help.virgilio.it/helpexpress/files/MotivePreQual.cab
O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} - http://pak04.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.en-US.9.1.6.18.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A88493D6-8218-4A43-A53F-BB474956BB8A}: NameServer = 212.216.112.112 212.216.172.62
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - E:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log per bloccaggio


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.