Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

mi controllate il log di hijack Opzioni
johnnyjo
Inviato: Friday, February 20, 2009 11:15:49 AM

Rank: Member

Iscritto dal : 5/1/2006
Posts: 27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:44, on 20/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Programmi\Analog Devices\Core\smax4pnp.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Programmi\CA\Protection Suite\Client\TPCC.exe
C:\PROGRA~1\CA\ETRUST~2\realmon.exe
C:\Programmi\Microsoft Security Adviser\msctrl.exe
C:\Programmi\Microsoft Security Adviser\msavsc.exe
C:\Programmi\Microsoft Security Adviser\msscan.exe
C:\Programmi\Microsoft Security Adviser\msiemon.exe
C:\Programmi\Microsoft Security Adviser\msfw.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\documents and settings\cannavacciuolo.ntpdc\impostazioni locali\dati applicazioni\aawkokw.exe
C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE
C:\Programmi\CA\eTrust PestPatrol Corporate Edition\PPMCActiveDetection.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Microsoft Security Adviser\mssadv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.it/ig/dell?hl=it&client=dell-row-rel&channel=it&ibd=2080201
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.it/hws/sb/dell-row-rel/it/side.html?channel=it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.it/hws/sb/dell-row-rel/it/side.html?channel=it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programmi\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [IAAnotif] "C:\Programmi\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programmi\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Programmi\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [CA Total Protection Control Center] "C:\Programmi\CA\Protection Suite\Client\TPCC.exe" -tray
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~2\realmon.exe -s
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MRT] "C:\WINDOWS\system32\MRT.exe" /R
O4 - HKLM\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe
O4 - HKLM\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe
O4 - HKLM\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe
O4 - HKLM\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe
O4 - HKLM\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [\YURC9.exe] C:\Windows\system32\YURC9.exe
O4 - HKCU\..\Run: [\YURCA.exe] C:\Windows\system32\YURCA.exe
O4 - HKCU\..\Run: [\YURCB.exe] C:\Windows\system32\YURCB.exe
O4 - HKCU\..\Run: [\YURCC.exe] C:\Windows\system32\YURCC.exe
O4 - HKCU\..\Run: [ANTIVIRUS] C:\Programmi\MSA\MSA.exe
O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe
O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe
O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe
O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe
O4 - HKCU\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe
O4 - HKCU\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe
O4 - HKCU\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe
O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe
O4 - HKCU\..\Run: [\YUR1EB.exe] C:\Windows\system32\YUR1EB.exe
O4 - HKCU\..\Run: [\YUR1EC.exe] C:\Windows\system32\YUR1EC.exe
O4 - HKCU\..\Run: [\YUR1ED.exe] C:\Windows\system32\YUR1ED.exe
O4 - HKCU\..\Run: [\YUR1EE.exe] C:\Windows\system32\YUR1EE.exe
O4 - HKCU\..\Run: [aawkokw] "c:\documents and settings\cannavacciuolo.ntpdc\impostazioni locali\dati applicazioni\aawkokw.exe" aawkokw
O4 - HKCU\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe
O4 - HKCU\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe
O4 - HKCU\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe
O4 - HKCU\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe
O4 - HKCU\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Client Zetafax.lnk = C:\Programmi\Zetafax\ZETAFAX.EXE
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Programmi\Microsoft Firewall Client\ISATRAY.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vesuviana.local
O17 - HKLM\Software\..\Telephony: DomainName = vesuviana.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E458134-EABC-4EE0-AB09-6BD0C3A8B2B5}: NameServer = 172.16.4.31,172.16.4.110
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vesuviana.local
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Programmi\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Programmi\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: PestPatrol Remote - Computer Associates International, Inc. - C:\WINDOWS\system32\ppRemoteService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programmi\File comuni\SureThing Shared\stllssvr.exe

--
End of file - 8413 bytes
Sponsor
Inviato: Friday, February 20, 2009 11:15:49 AM

 
shapiro
Inviato: Friday, February 20, 2009 12:40:40 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

sei pieno di infezioni

scarica Avenger da qui

http://swandog46.geekstogo.com/avenger.zip

lo installi e lo lanci

Copi e incolli nella finestra: "Input script here" il testo in rosso così come lo vedi scritto:


files to delete:
C:\Programmi\Microsoft Security Adviser\msctrl.exe
C:\Programmi\Microsoft Security Adviser\msavsc.exe
C:\Programmi\Microsoft Security Adviser\msscan.exe
C:\Programmi\Microsoft Security Adviser\msiemon.exe
C:\Programmi\Microsoft Security Adviser\msfw.exe
C:\Programmi\Microsoft Security Adviser\mssadv.exe
C:\Programmi\Microsoft Security Adviser\msctrl.exe


Spunta "Automatically disable any rootkits found"

clicca sul pulsante "Execute"
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente

posta il log di avenger che trovi in c:\




Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

O4 - HKLM\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe

O4 - HKLM\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe

O4 - HKLM\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe

O4 - HKLM\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe

O4 - HKLM\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe

O4 - HKCU\..\Run: [\YURC9.exe] C:\Windows\system32\YURC9.exe

O4 - HKCU\..\Run: [\YURCA.exe] C:\Windows\system32\YURCA.exe

O4 - HKCU\..\Run: [\YURCB.exe] C:\Windows\system32\YURCB.exe

O4 - HKCU\..\Run: [\YURCC.exe] C:\Windows\system32\YURCC.exe

O4 - HKCU\..\Run: [ANTIVIRUS] C:\Programmi\MSA\MSA.exe

O4 - HKCU\..\Run: [\YUR2.exe] C:\Windows\system32\YUR2.exe

O4 - HKCU\..\Run: [\YUR3.exe] C:\Windows\system32\YUR3.exe

O4 - HKCU\..\Run: [\YUR4.exe] C:\Windows\system32\YUR4.exe

O4 - HKCU\..\Run: [\YUR5.exe] C:\Windows\system32\YUR5.exe

O4 - HKCU\..\Run: [\YUR6.exe] C:\Windows\system32\YUR6.exe

O4 - HKCU\..\Run: [\YUR7.exe] C:\Windows\system32\YUR7.exe

O4 - HKCU\..\Run: [\YUR8.exe] C:\Windows\system32\YUR8.exe

O4 - HKCU\..\Run: [\YUR9.exe] C:\Windows\system32\YUR9.exe

O4 - HKCU\..\Run: [\YUR1EB.exe] C:\Windows\system32\YUR1EB.exe

O4 - HKCU\..\Run: [\YUR1EC.exe] C:\Windows\system32\YUR1EC.exe

O4 - HKCU\..\Run: [\YUR1ED.exe] C:\Windows\system32\YUR1ED.exe

O4 - HKCU\..\Run: [\YUR1EE.exe] C:\Windows\system32\YUR1EE.exe

O4 - HKCU\..\Run: [aawkokw] "c:\documents and settings\cannavacciuolo.ntpdc\impostazioni locali\dati applicazioni\aawkokw.exe" aawkokw

O4 - HKCU\..\Run: [msctrl.exe] C:\Programmi\Microsoft Security Adviser\msctrl.exe

O4 - HKCU\..\Run: [msavsc.exe] C:\Programmi\Microsoft Security Adviser\msavsc.exe

O4 - HKCU\..\Run: [msscan.exe] C:\Programmi\Microsoft Security Adviser\msscan.exe

O4 - HKCU\..\Run: [msiemon.exe] C:\Programmi\Microsoft Security Adviser\msiemon.exe

O4 - HKCU\..\Run: [msfw.exe] C:\Programmi\Microsoft Security Adviser\msfw.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1




Scarica http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe e installalo.
Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows
=> scegli modalità provvisoria
(usa il tasto freccia ^

esegui Navilog1 e scegli l'opzione 4, inserisci il nome aawkokw e confermalo ridigitandolo quando richiesto.

A questo punto, ripulirà il pc dai file infetti.
Quando finisce, riavvia il pc in modalità normale

Da modalità normale, svuota C:\WINDOWS\Prefetch

Ripulisci con CCleaner i file temporanei e cookie (eseguilo 2 volte).

http://www.filehippo.com/download_ccleaner/





scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum











johnnyjo
Inviato: Friday, February 20, 2009 3:06:38 PM

Rank: Member

Iscritto dal : 5/1/2006
Posts: 27
ti ringrazio! ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.