Condividi:        

win32-Agent-AJP[tool]

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

win32-Agent-AJP[tool]

Postdi haruki » 24/07/06 15:07

Salve,

AVAST mi avverte:

win32-Agent-AJP[tool]

che fare?

grazie
haruki
Newbie
 
Post: 4
Iscritto il: 24/07/06 15:02
Località: roma

Sponsor
 

Postdi andorra24 » 24/07/06 15:35

Ciao, qui c'e' il caso di un utente col tuo stesso malware trovato da avast, dagli un'occhiata:

http://www.pc-facile.com/forum/viewtopic.php?t=48141
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi haruki » 24/07/06 15:45

è esattamente lo stesso problema di fen, mi sono letto tutto ho fatto lo scan con hijack, ho letto anche i consigli, ma mi fermo qui, non sono molto ferrato e ci capisco poco.
posso inviarti la lista di hijack
grazie

Logfile of HijackThis v1.99.1
Scan saved at 16.33.42, on 24/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\ASUS\ASUS Live Update\ALU.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\PeerGuardian2\pg2.exe
C:\Programmi\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ATKKBService.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Net Nanny\nnsvc.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Programmi\WinAce\WinAce.exe
C:\DOCUME~1\GIANPA~1\IMPOST~1\Temp\~AceTemp\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programmi\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Programmi\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NNLL] C:\Programmi\Net Nanny\nnll.exe
O4 - HKLM\..\Run: [NNTray] C:\Programmi\Net Nanny\nnstart.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Programmi\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PowerBar] "C:\Programmi\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe" /AtBootTime
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Programmi\eMule\emule.exe -AutoStart
O4 - Global Startup: ASUS ChkMail.lnk = C:\Programmi\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {F5BC716E-2650-4B08-9235-C110CF95017F} (Connessione Tiscali) - http://selfcare.tiscali.it/scripts/onec ... iscali.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{083E68CD-A5B1-4621-8604-1C28CB67D3FD}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{083E68CD-A5B1-4621-8604-1C28CB67D3FD}: NameServer = 192.168.1.1
O20 - Winlogon Notify: IntelWireless - C:\Programmi\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NNSvc - Looksmart, Ltd. - C:\Programmi\Net Nanny\nnsvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
haruki
Newbie
 
Post: 4
Iscritto il: 24/07/06 15:02
Località: roma

Postdi andorra24 » 24/07/06 15:55

Dimmi una cosa, conosci queste 2 voci del tuo log?

C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi haruki » 24/07/06 15:59

no non ne so nulla
haruki
Newbie
 
Post: 4
Iscritto il: 24/07/06 15:02
Località: roma

Postdi andorra24 » 24/07/06 16:09

haruki ha scritto:no non ne so nulla

OK, allora e' meglio controllare se quei 2 files exe sono puliti.

C:\Programmi\File comuni\Teleca Shared\CapabilityManager.exe
C:\Programmi\File comuni\Teleca Shared\Generic.exe

Scansiona il file CapabilityManager.exe e poi il file Generic.exe su http://www.virustotal.com

Il tuo log di hijackthis per il resto e' pulitissimo e non c'e' nulla di strano. Ti consiglio qualche scansione:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
http://www.grisoft.cz/softw/70/filedir/ ... 0.172b.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi haruki » 24/07/06 16:15

farò come dici e ti ringrazio tantissimo
haruki
Newbie
 
Post: 4
Iscritto il: 24/07/06 15:02
Località: roma


Torna a Sicurezza e Privacy


Topic correlati a "win32-Agent-AJP[tool]":

Tool Carica batteria
Autore: tattare
Forum: Software Windows
Risposte: 9
trojan win32/sirefef
Autore: marzianu
Forum: Sicurezza e Privacy
Risposte: 27

Chi c’è in linea

Visitano il forum: Nessuno e 42 ospiti