Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

scuderia cavalli di troia Opzioni
solideo
Inviato: Friday, October 06, 2006 2:11:30 AM
Rank: Member

Iscritto dal : 1/12/2005
Posts: 0
ciao ho eseguiite le operazioni da te elendùcate e la scansione online ha evidenziato l'assenza di virus ma il sistema è infetto da diversi cavalli di troia tra i quali dropper, horse, lowzones. ByteVerify, addicker oltre che alcuni dialer...come faccio non vorrei formattare in quanto perderei programmi che non posso recuperare....grazie dell'aiuto che mi darete... allego il log da avvio normale...


Logfile of HijackThis v1.99.1
Scan saved at 2.02.12, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\Java\j2re1.4.2_02\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cbsi7msqlc.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_02\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Programmi\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ScaricaMP3] C:\Documents and Settings\Administrator\Dati applicazioni\ScaricaMP3[1].exe t
O4 - HKCU\..\Run: [Microsoft Security] C:\WINDOWS\system32\msantivir.exe
O4 - HKCU\..\Run: [idrocefalo.exe] C:\WINDOWS\system32\idrocefalo.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
O4 - Startup: Posta elettronica.lnk = ?
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: www.acquadirose.biz
O15 - Trusted Zone: www.acquadirose.com
O15 - Trusted Zone: www.analcord.com
O15 - Trusted Zone: www.cisiamodibrutto.com
O15 - Trusted Zone: www.coppiastrana.com
O15 - Trusted Zone: www.cywanstorage.biz
O15 - Trusted Zone: www.forteforte.com
O15 - Trusted Zone: www.gooogle.bz
O15 - Trusted Zone: www.nanobyte.biz
O15 - Trusted Zone: www.phishingfix.biz
O15 - Trusted Zone: www.playmore.biz
O15 - Trusted Zone: www.preferiti-windows.com
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.scalalap.com
O15 - Trusted Zone: www.sextriere.com
O15 - Trusted Zone: www.supermonica.biz
O15 - Trusted Zone: www.tuttaqualita.com
O15 - Trusted Zone: www.vispateresa.biz
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {381E86E3-E7CE-46FC-BA2C-E83D3B6E4309} - http://www.cywanstorage.biz/WWE/Catto.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {64F2AAC0-5677-4B53-99D0-E0CB73E7C95C} (SmartCardReader.UCSmartCardReader) - https://reseller.indexpoint.it/DWL/SmartCardReader.cab
O16 - DPF: {84F7129F-9451-4202-B2F9-929F047FC126} - http://www.what-you-want.biz/idro.exe
O16 - DPF: {8838BDA8-9C2E-480C-8926-3104C642D7E4} - http://www.gooogle.bz/cywtr.exe
O16 - DPF: {8D7D6D73-8BC2-488A-A035-64D708FC038F} - http://www.cywanstorage.biz/LNKSHR/Checkout.exe
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {96966B7C-CA72-4928-895B-1C2F0E5302A9} - http://www.cywanstorage.biz/CXDF2/pialla.exe
O16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} - http://www.gooogle.bz/lateshow.cab
O16 - DPF: {C470A05D-3001-4836-9E5E-ACBD12159691} (SmartCardReader.UCSmartCardReader) - https://reseller.indexpoint.it/dwl/SmartCardReader.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/ab98ec65/50310/1/xp/FreeAccess.ocx
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe

Sponsor
Inviato: Friday, October 06, 2006 2:11:30 AM

 
alfonso
Inviato: Friday, October 06, 2006 9:20:50 AM

Rank: AiutAmico

Iscritto dal : 10/5/2000
Posts: 19,132
Ciao ,
esegui queste operazioni

Disattiva il ripristino di configurazione, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=257&SH=N

Riavvia in modalità provvisoria, leggi qui come fare
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=344&SH=N

apri HIJAC THIS ed elimina come indicato in questo articolo
http://www.aiutamici.com/software/descrizione.asp?CodSw=1175
le righe che seguono.

==================================
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
-
O4 - HKLM\..\Run: [fix] C:\WINDOWS\system32\thecat.exe
-
O4 - HKCU\..\Run: [ScaricaMP3] C:\Documents and Settings\Administrator\Dati applicazioni\ScaricaMP3[1].exe t
O4 - HKCU\..\Run: [Microsoft Security] C:\WINDOWS\system32\msantivir.exe
O4 - HKCU\..\Run: [idrocefalo.exe] C:\WINDOWS\system32\idrocefalo.exe
O4 - HKCU\..\Run: [wke.exe] C:\WINDOWS\system32\wke.exe
-
O15 - Trusted Zone: www.acquadirose.biz
O15 - Trusted Zone: www.acquadirose.com
O15 - Trusted Zone: www.analcord.com
O15 - Trusted Zone: www.cisiamodibrutto.com
O15 - Trusted Zone: www.coppiastrana.com
O15 - Trusted Zone: www.cywanstorage.biz
O15 - Trusted Zone: www.forteforte.com
O15 - Trusted Zone: www.gooogle.bz
O15 - Trusted Zone: www.nanobyte.biz
O15 - Trusted Zone: www.phishingfix.biz
O15 - Trusted Zone: www.playmore.biz
O15 - Trusted Zone: www.preferiti-windows.com
O15 - Trusted Zone: www.ricercadoppia.com
O15 - Trusted Zone: www.scalalap.com
O15 - Trusted Zone: www.sextriere.com
O15 - Trusted Zone: www.supermonica.biz
O15 - Trusted Zone: www.tuttaqualita.com
O15 - Trusted Zone: www.vispateresa.biz
-
O16 - DPF: {381E86E3-E7CE-46FC-BA2C-E83D3B6E4309} - http://www.cywanstorage.biz/WWE/Catto.exe
-
O16 - DPF: {64F2AAC0-5677-4B53-99D0-E0CB73E7C95C} (SmartCardReader.UCSmartCardReader) - https://reseller.indexpoint.it/DWL/SmartCardReader.cab
O16 - DPF: {84F7129F-9451-4202-B2F9-929F047FC126} - http://www.what-you-want.biz/idro.exe
O16 - DPF: {8838BDA8-9C2E-480C-8926-3104C642D7E4} - http://www.gooogle.bz/cywtr.exe
O16 - DPF: {8D7D6D73-8BC2-488A-A035-64D708FC038F} - http://www.cywanstorage.biz/LNKSHR/Checkout.exe
-
O16 - DPF: {96966B7C-CA72-4928-895B-1C2F0E5302A9} - http://www.cywanstorage.biz/CXDF2/pialla.exe
O16 - DPF: {9F5BB9E1-31AE-4A13-8734-15CED0F60A3D} - http://www.gooogle.bz/lateshow.cab
O16 - DPF: {C470A05D-3001-4836-9E5E-ACBD12159691} (SmartCardReader.UCSmartCardReader) - https://reseller.indexpoint.it/dwl/SmartCardReader.cab
O16 - DPF: {EC52F7A4-27A7-4319-9BA1-E7FE5C90D3AC} - http://td8eau9td.com/ab98ec65/50310/1/xp/FreeAccess.ocx
==================================


Elimina i file in rosso nei percorsi indicati
==================================
C:\WINDOWS\system32\<font color=red><b>thecat.exe </font id=red></b>
C:\Documents and Settings\Administrator\Dati applicazioni\<font color=red><b>ScaricaMP3[1].exe</font id=red></b>
C:\WINDOWS\system32\<font color=red><b>msantivir.exe </font id=red></b>
C:\WINDOWS\system32\<font color=red><b>idrocefalo.exe </font id=red></b>
C:\WINDOWS\system32\<font color=red><b>wke.exe </font id=red></b>
==================================


Vai a PANNELLO DI CONTROLLO e clicca su OPZIONI INTERNET
nella finestra che si apre clicca i tre pulsanti
ELIMINA COOKIES - ELIMINA FILE - CANCELLA CRONOOLOGIA
poi clicca il pulsante PAGINA PREDEFINITA e su OK

al termine utilizza i programmi AD-AWARE e SPYBOT indicati in questo articolo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=388&SH=N

sempre in modalità provvisoria fai una scansione Antivirus

quindi riavvia il computer e controlla se il problema e risolto, se e tutto OK riattiva il ripristino configurazione disattivato all'inizio di questa procedura e crea un nuovo punto di ripristino, leggi qui alla voce 8
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=170&SH=N

Fai una scansione antivirus on line da questo indirizzo
http://security.symantec.com/sscv6/default.asp?productid=globalsites&langid=it&venid=sym

Nel sistema non é presente un Firewall, installa questo
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=56
e disattiva l'inutile firewall di XP, leggi qui
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=160&SH=N

Hai due antivirus installati, Avast e AVG, disinstalla entrambi e reinstalla quello che preferisci, ma uno solo dei due.

Utilizza questo programma
http://www.aiutamici.com/software/view.asp?tipo=home&CodSw=1041

Edited by - alfonso on 10/06/2006 09:21:43

Collaboratore Aiutamici
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.