Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log per favore

controllo log per favore Opzioni
Topic Precedente · Topic Sucessivo
bobbyKeller
Inviato: Thursday, February 09, 2006 2:44:06 PM
Rank: Member

Iscritto dal : 2/9/2006
Posts: 0
ho a che fare con il famigerato se.dll ho provato di tutto,ho cancellato alcune righe che pensavo potessero essere il problema(in modalita' provvisoria)comunque poi ritornano sempre
comunque cosa dovrei eliminare?

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\AALVOL.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\SYSTEM\MSYSTEM.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAMMI\CRAZY BROWSER\CRAZY BROWSER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ewizard.cc/cn/?r=f6e31777a72fc023&pin=314
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Virgilio
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {39331F41-C854-11D9-82E2-4445B7D228B8} - C:\WINDOWS\SYSTEM\OBAJ.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Hidserv] Hidserv.exe run
O4 - HKLM\..\Run: [IOMON98.EXE] C:\Programmi\VirusBuster\IOMON98.EXE
O4 - HKLM\..\Run: [AtiCwd32] Aticwd32.exe
O4 - HKLM\..\Run: [AtiKey] Atitask.exe
O4 - HKLM\..\Run: [MAGICKB] MagStart.exe
O4 - HKLM\..\Run: [ATIGART] c:\ati\gart\atigart.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAMMI\FILE COMUNI\EACCELERATION\DOWNLOAD.EXE -k
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\SYSTEM\QTTASK.EXE
O4 - HKLM\..\Run: [AVGCtrl] C:\PROGRAMMI\AVPERSONAL\AVGCtrl.EXE /min
O4 - HKLM\..\Run: [F-STOPW.EXE] C:\Programmi\FSI\F-Prot\F-STOPW.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [VsecomrEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSEcomR.EXE
O4 - HKLM\..\Run: [AVPCC] C:\PROGRA~1\ANTIVI~1\_avpcc.exe
O4 - HKLM\..\Run: [AvconsoleEXE] C:\Programmi\Network Associates\McAfee VirusScan\avconsol.exe /minimize
O4 - HKLM\..\Run: [Vshwin32EXE] C:\Programmi\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\Run: [VsStatEXE] C:\Programmi\Network Associates\McAfee VirusScan\VSSTAT.EXE /SHOWWARNING
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [System Backup] msystem.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Vshwin32EXE] C:\Programmi\Network Associates\McAfee VirusScan\VSHWIN32.EXE
O4 - HKLM\..\RunServices: [IOMON98.EXE] C:\Programmi\VirusBuster\IOMON98.EXE
O4 - HKLM\..\RunServices: [AVPCC Service] C:\PROGRA~1\ANTIVI~1\avpcc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Attune Download] C:\PROGRA~2\AVEO\ATTUNE\UPDATER1\ATTUNEL.EXE
O4 - HKCU\..\Run: [Trash it Scheduler] C:\PROGRAMMI\TRASH IT!\Trash it Scheduler.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAMMI\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [eZulaMain] C:\PROGRA~1\ezula\eZulaMain.exe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Webshots.lnk = C:\Programmi\Webshots\WebshotsTray.exe
O4 - Startup: C6 Client.LNK = C:\TinMessenger\TinMessenger.exe
O4 - Startup: GStartup.lnk = C:\Programmi\File comuni\Microsoft Shared\MSINFO\MSINFO32.EXE
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download with GetRight - C:\Programmi\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Programmi\GetRight\GRbrowse.htm
O9 - Extra button: Microsoft AntiSpyware helper - {99B763C0-E7E5-11D9-82E3-D9AE2871C236} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99B763C0-E7E5-11D9-82E3-D9AE2871C236} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {DF44A780-09B5-11DA-82E3-C8323422C763} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF44A780-09B5-11DA-82E3-C8323422C763} - C:\WINDOWS\SYSTEM\WLDR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {99B763C0-E7E5-11D9-82E3-D9AE2871C236} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {99B763C0-E7E5-11D9-82E3-D9AE2871C236} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {DF44A780-09B5-11DA-82E3-C8323422C763} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {DF44A780-09B5-11DA-82E3-C8323422C763} - C:\WINDOWS\SYSTEM\WLDR.DLL (HKCU)
O12 - Plugin for .dat: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O12 - Plugin for .tvt: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/vie/55/200010smau.home
O16 - DPF: {AE775D48-49AA-11D1-8F1C-00C04FB67063} (MS Investor Ticker) - http://fdl.msn.com/public/investor/v5/ticker.cab
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\C78RYT2P\epl2[1].cab
O18 - Filter: text/html - {39331F40-C854-11D9-82E2-4445D89E8D23} - C:\WINDOWS\SYSTEM\OBAJ.DLL
O18 - Filter: text/plain - {39331F40-C854-11D9-82E2-4445D89E8D23} - C:\WINDOWS\SYSTEM\OBAJ.DLL
Torna in alto
 
Sponsor
Inviato: Thursday, February 09, 2006 2:44:06 PM

 
Torna in alto
 
alfonso
Inviato: Thursday, February 09, 2006 3:06:01 PM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.motor-search.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://c:\windows\TEMP\se.dll/spage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = http://www.motor-search.info/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ewizard.cc/cn/?r=f6e31777a72fc023&pin=314
-
O2 - BHO: (no name) - {39331F41-C854-11D9-82E2-4445B7D228B8} - C:\WINDOWS\SYSTEM\OBAJ.DLL
-
O4 - HKLM\..\Run: [MAGICKB] MagStart.exe
-
O4 - HKLM\..\Run: [AtiPTA] Atiptaaa.exe
-
O4 - HKLM\..\Run: [Eac_Download] C:\PROGRAMMI\FILE COMUNI\EACCELERATION\DOWNLOAD.EXE -k
-
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
-
O4 - HKLM\..\Run: [AVPCC] C:\PROGRA~1\ANTIVI~1\_avpcc.exe
-
O4 - HKLM\..\Run: [WildTangent CDA] "C:\Programmi\WildTangent\Apps\CDA\GameDrvr.exe" /startup C:\PROGRA~1\WILDTA~1\APPS\CDA\CDAENG~1.DLL
-
O4 - HKLM\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
-
O4 - HKLM\..\Run: [System Backup] msystem.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
-
O4 - HKLM\..\RunServices: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
O4 - HKCU\..\Run: [Attune Download] C:\PROGRA~2\AVEO\ATTUNE\UPDATER1\ATTUNEL.EXE
O4 - HKCU\..\Run: [Trash it Scheduler] C:\PROGRAMMI\TRASH IT!\Trash it Scheduler.exe
-
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - HKCU\..\Run: [eZulaMain] C:\PROGRA~1\ezula\eZulaMain.exe
O4 - HKCU\..\Run: [Windows Security Assistant] C:\WINDOWS\system32\rundll32.vbe
-
O14 - IERESET.INF: START_PAGE_URL=http://gw.virgilio.it/vie/55/200010smau.home
-
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {D22AC3EF-B7D8-11D5-A281-005056BF0101} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {45231111-1111-1111-1111-111111113458} - file://C:\WINDOWS\Tempor~1\Content.IE5\C78RYT2P\epl2[1].cab
O18 - Filter: text/html - {39331F40-C854-11D9-82E2-4445D89E8D23} - C:\WINDOWS\SYSTEM\OBAJ.DLL
O18 - Filter: text/plain - {39331F40-C854-11D9-82E2-4445D89E8D23} - C:\WINDOWS\SYSTEM\OBAJ.DLL
==================================

Con la funzione CERCA di Windows, cerca ed elimina questi file,
==================================
se.dll
spage.html
OBAJ.DLL
MagStart.exe
Atiptaaa.exe
DOWNLOAD.EXE
istsvc.exe
DNSCLEANER.EXE
_avpcc.exe
GameDrvr.exe
CDAENG~1.DLL
rundll32.vbe
msystem.exe
ATTUNEL.EXE
Trash it Scheduler.exe
WP.EXE
eZulaMain.exe
epl2[1].cab
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

Fai una scansione con questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1286

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym
se vengono rilevati virus ti consiglio di formattare il disco fisso e reinstallare tutto

se il sistema e pulito dai virus installa i seguenti programmi

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56

Nel sistema non é presente un Antivirus, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=728
Collaboratore Aiutamici
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log per favore


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.