Utility
Home Messaggi odierni FAQ Ricerca avanzata Lo staff del forum Regolamento Utenti Archivio
Visualizzazione dei risultati da 1 a 3 su 3

Discussione: Win32:Agent-AEJ [Trj]

  1. 17-07-2006, 09:04 #1
    eloderma
    eloderma non è in linea
    Utente di HTML.it L'avatar di eloderma
    Registrato dal
    Jul 2002
    Messaggi
    729

    Win32:Agent-AEJ [Trj]

    ho questo trojan: Win32:Agent-AEJ [Trj]

    almeno così mi dice avast, mi manda mail a raffica, che faccio?

    ecco il log do hijack this:

    Logfile of HijackThis v1.99.1
    Scan saved at 9.28.06, on 17/07/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    C:\Programmi\Alwil Software\Avast4\ashServ.exe
    C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Tablet.exe
    C:\WINDOWS\Explorer.EXE
    C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
    C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
    C:\Program Files\Aspire Arcade\PCMService.exe
    C:\Programmi\CRW\shwicon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    E:\Programmi\CD Drives\tray.exe
    E:\Picasa2\PicasaMediaDetector.exe
    C:\Programmi\QuickTime\qttask.exe
    E:\Programmi\Adobe\Acrobat\Distillr\Acrotray.exe
    C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\svchost.exe
    E:\Programmi\Post-It\PsnLite.exe
    C:\WINDOWS\system32\WTablet\TabUserW.exe
    E:\PROGRA~1\Post-It\PSNGive.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Alberto.PORTATILEAB\Desktop\HijackThis.ex e

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tiscali.it/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.it
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Programmi\Adobe\Acrobat\ActiveX\AcroIEHelper.dl l
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Programmi\Adobe\Acrobat\Acrobat\AcroIEFavClient .dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Programmi\Adobe\Acrobat\Acrobat\AcroIEFavClient .dll
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLCL32.EXE
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Aspire Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [ShowIcon_Chander_CRW Series Driver v1.17r019] C:\Programmi\CRW\shwicon.exe -t"Chander\CRW Series Driver v1.17r019"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [tray.exe] "E:\Programmi\CD Drives\tray.exe"
    O4 - HKLM\..\Run: [Picasa Media Detector] E:\Picasa2\PicasaMediaDetector.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [JobHisInit] C:\Programmi\RMClient\JobHisInit.exe
    O4 - HKLM\..\Run: [MplSetUp] C:\Programmi\RMClient\MplSetUp.exe
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Programmi\Adobe\Acrobat\Distillr\Acrotray. exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Desktop Calendar] E:\Programmi\Desktop Calendar\CanDesk.exe 9
    O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
    O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check(3).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV0 3.EXE
    O4 - Global Startup: Post-it® Software Notes Lite.lnk = E:\Programmi\Post-It\PsnLite.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
    O4 - Global Startup: Avvio veloce di Adobe Acrobat.lnk = ?
    O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://E:\Programmi\Adobe\Acrobat\Acrobat\AcroIEFavClient .dll/AcroIECapture.html
    O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://E:\Programmi\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://E:\Programmi\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://E:\Programmi\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converti in Adobe PDF - res://E:\Programmi\Adobe\Acrobat\Acrobat\AcroIEFavClient .dll/AcroIECapture.html
    O8 - Extra context menu item: Converti nel file PDF esistente - res://E:\Programmi\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Converti selezione in Adobe PDF - res://E:\Programmi\Adobe\Acrobat\Acrobat\AcroIEFavClient .dll/AcroIECapture.html
    O8 - Extra context menu item: Converti selezione in file PDF esistente - res://E:\Programmi\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Sothink SWF Catcher - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - E:\Programmi\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programmi\ICQLite\ICQLite.exe
    O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - E:\Programmi\ICQLite\ICQLite.exe
    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programmi\File comuni\SourceTec\SWF Catcher\InternetExplorer.htm
    O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.it
    O17 - HKLM\System\CCS\Services\Tcpip\..\{91997DCB-AEBC-43F7-928A-D647E7EBEE53}: NameServer = 82.186.204.35,212.216.112.222
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F24E53F4-7601-4729-8E84-86523D4C96E8}: NameServer = 82.186.204.35,212.216.112.222
    O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Programmi\Tiscali\dlls\tiscalifilter.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
    O23 - Service: Windows Log - Unknown owner - C:\WINDOWS\system32\nvsvcd.exe
    Rispondi quotando Rispondi quotando
  2. 17-07-2006, 10:07 #2
    holifay
    holifay non è in linea
    Utente di HTML.it L'avatar di holifay
    Registrato dal
    May 2005
    Messaggi
    1,330
    Se non vuoi che ti chiudano subito il post, segui questa guida, poi se non risolvi, riposta il log. Fatto in modo corretto. http://forum.html.it/forum/showthrea...hreadid=811189

    Ciao
    Pensi di avere un file infetto? Invialo a SuspectFile
    Rispondi quotando Rispondi quotando
  3. 17-07-2006, 10:11 #3
    eloderma
    eloderma non è in linea
    Utente di HTML.it L'avatar di eloderma
    Registrato dal
    Jul 2002
    Messaggi
    729
    ok
    Rispondi quotando Rispondi quotando
« Discussione precedente | Prossima discussione »

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  

Regole del Forum

Powered by vBulletin® Version 4.2.1
Copyright © 2026 vBulletin Solutions, Inc. All rights reserved.