|
|||||||
|
|
|
 |
|
|
Strumenti |
09-08-2007, 15:16
|
#1 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 273
|
infezione multipla
da quando il pc è stato spostato, e non si collega più con il router con firewall, sono invaso di visus (ora sn collegato con umts)
antivir mi rileva un bel pò di virus a ripetizione, principalmente exp.ani.gen tr/click.agent.np tr/spy.vbstat.b.1 tr/click.mnb tr/dldr.conhook.gen sono pericolosi? come li rimuovo? ho fatto scansioni e scansioni con antivir, un giro di spybot e un giro di ad-aware lavasoft.. ma il problema rimane. vorrei capire oltre che a rompere aprendo una finestra ogni tanto di ie, cosa altro fanno..?? |
|
|
|
09-08-2007, 15:26
|
#2 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
log di hijackthis (http://www.trendsecure.com/portal/en...HJTInstall.exe) lo installi lo lanci accetti la licenza, clikka il primo pulsante e posta il risultato
fai pio un scan completa con kaspersky
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
09-08-2007, 15:34
|
#3 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 273
|
ecco il log, ma kapersky lo devo fare online, intsllarlo? insoma che devo fare?
Logfile of HijackThis v1.99.1 Scan saved at 15.33.08, on 09/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16473) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe C:\Programmi\Unlocker\UnlockerAssistant.exe C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Programmi\Picasa2\PicasaMediaDetector.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\system32\LckFldService.exe C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Programmi\Skype\Phone\Skype.exe C:\Programmi\Raxco\PerfectDisk\PDAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\tcpsvcs.exe C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe C:\WINDOWS\System32\snmp.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programmi\NetMeter\NetMeter.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\RealVNC\VNC4\WinVNC4.exe C:\Programmi\Xdrive\Xdrive Desktop\XdriveService.exe C:\Programmi\aMSN\bin\wish.exe C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe C:\Programmi\Logitech\SetPoint\KEM.exe C:\Programmi\Mozilla Firefox\firefox.exe C:\Programmi\Raxco\PerfectDisk\PDEngine.exe C:\PROGRAMMI\LOGITECH\SETPOINT\KHALMNPR.EXE C:\Programmi\PC Connectivity Solution\ServiceLayer.exe C:\Programmi\PowerMenu\PowerMenu.exe C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe C:\WINDOWS\System32\svchost.exe C:\Programmi\PC Connectivity Solution\NclBTHandler.exe C:\Programmi\Skype\Plugin Manager\SkypePM.exe C:\Programmi\Quick ShutDown\qsd.exe C:\Programmi\D-Tools\daemon.exe C:\Programmi\Nokia\Nokia PC Suite 6\OneTouchAccess.exe C:\Programmi\SpeedFan\speedfan.exe C:\WINDOWS\system32\bpoubfaa.exe C:\Programmi\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE F:\Archivi e istallazioni\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mansellblog.home.services.spaces.live.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Programmi\Dealio\kb106\Dealio.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Programmi\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe O4 - HKLM\..\Run: [Picasa Media Detector] C:\Programmi\Picasa2\PicasaMediaDetector.exe O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [StartupDelayer] "C:\Programmi\r2 Studios\Startup Delayer\Startup Launcher.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup O4 - HKLM\..\Run: [au] C:\Programmi\Dealio\DealioAU.exe O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [StartCCC] C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [C:\Programmi\NetMeter\NetMeter.exe] C:\Programmi\NetMeter\NetMeter.exe O4 - Startup: PowerMenu.lnk = C:\Programmi\PowerMenu\PowerMenu.exe O4 - Global Startup: aMSN.lnk = C:\Programmi\aMSN\amsn.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Firefox Preloader.lnk = C:\Programmi\FirefoxPreloader\FirefoxPreloader.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programmi\Logitech\SetPoint\KEM.exe O8 - Extra context menu item: Compare Prices with &Dealio - C:\Programmi\Dealio\kb106\res\DealioSearch.html O8 - Extra context menu item: Download all links using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: Download all videos using BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddVideo.htm O8 - Extra context menu item: Download link using &BitComet - res://C:\Programmi\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm O8 - Extra context menu item: Save to &Xdrive - res://C:\Programmi\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mansellblog.spaces.live.com//...d/MsnPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/.../GAME_UNO1.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173462475203 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mansellblog.spaces.live.com/P...d/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{67631A60-5FC1-4340-9874-28A5581A607B}: NameServer = 193.70.152.25 193.70.192.25 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing) O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing) O23 - Service: PDAgent - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Programmi\Raxco\PerfectDisk\PDEngine.exe O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Programmi\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing) O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Programmi\RealVNC\VNC4\WinVNC4.exe" -service (file missing) O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Programmi\Windows Live\installer\WLSetupSvc.exe |
|
|
|
|
09-08-2007, 16:40
|
#4 |
|
Senior Member
Iscritto dal: Apr 2006
Messaggi: 22462
|
in hijackthis fixa questi
O23 - Service: DirectX Service (Biwox) - Unknown owner - C:\WINDOWS\system32\directx.exe (file missing) O23 - Service: DomainService - - C:\WINDOWS\system32\bpoubfaa.exe riavvia e poi con killbox cancella questo C:\WINDOWS\system32\bpoubfaa.exe
__________________
amd a64x2 4400+ sk939;asus a8n-sli; 2x1gb ddr400; x850 crossfire; 2 x western digital abys 320gb|| asus g1
Se striscia fulmina, se svolazza l'ammazza |
|
|
|
|
11-08-2007, 00:50
|
#5 |
|
Member
Iscritto dal: Apr 2006
Messaggi: 273
|
ho fatto ciò che mi hai detto, ma antivir continua a trovare virus, in C:\documentsandsetting/user/impostazionilocali/temp principalmente..
ho provato a fare una scansione con kapersky online, ma una volta trovati i virus non li leva, vuole essere pagato. non si trova un modo free di risolvere la questione? |
|
|
|
|
11-08-2007, 01:42
|
#6 |
|
Senior Member
Iscritto dal: Feb 2007
Città: Salerno......
Messaggi: 3259
|
ciao...puliamo il pc da temp e index dat.... fai una cosa prima disattiva il ripristino config di sistema se non sai come fare vedi QUI link
Pulita con CCleaner( QUI)disattivando dalle opzioni avanzate "cancella solo file più vecchi di 48 ore" oppure con ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 (è stand alone) Avvia ATF Cleaner (se usi Firefox o Opera, selezionali dal menu in alto) metti la spunta su "Select All" per ogni browser e clicca su "Empty Selected" poi scarica Superantispyware aggiornalo e fagli fare una "Perform complete scan" da "scan your computer" scarica a-squared Free 3.0 aggiornalo e fagli fare una scansione completa del sistema. facci sapere.
__________________
Opera disabilitazione script ed iframe  Recuperare le proprie password on line. Messenger: massima attenzione ai SITI TRUFFA | GUIDA:ShutdownTimer (Spegnimento auto pc) | Quando il centro sicurezza non riconosce i soft. Guida a Malwarebytes' Anti-Malware = tiemp bell e na volta...
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 09:27.
