Condividi:        

mi sono beccato il webpopup

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

mi sono beccato il webpopup

Postdi nelluzzo » 01/06/06 15:56

mi sono beccato il webpopup e non riesco ad eliminarlo il log di hijackthis è:
Logfile of HijackThis v1.99.1
Scan saved at 16.35.41, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.alicebusiness.it/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grecanicarea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.alicebusiness.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice Business
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mouse Gestures - {872FD14E-C8C2-42AB-803A-9B437F375CB3} - C:\WINDOWS\system32\wbcfinder.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 235_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{76DABE22-19CD-4C43-8511-D7FEAAEA8F61}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

cosa devo fare??
grazie per l'aiuto...
nelluzzo
Newbie
 
Post: 4
Iscritto il: 01/06/06 15:47

Sponsor
 

Postdi andorra24 » 01/06/06 16:21

Ciao, fixa queste voci:

O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 235_it.exe

Poi devi controllare questa voce:

O2 - BHO: Mouse Gestures - {872FD14E-C8C2-42AB-803A-9B437F375CB3} - C:\WINDOWS\system32\wbcfinder.dll

scansiona questo file wbcfinder.dll su http://www.virustotal.com e se risulta infetta lo elimini.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

grazie...

Postdi nelluzzo » 06/06/06 11:17

grazie...sembra che ciò funzioni....
almeno così pare...tutta la mattinata a testare...provando a navigare in vari siti....e non è comparso niente...
speriamo che duri...
grazie di nuovo
buon tutto
nelluzzo
Newbie
 
Post: 4
Iscritto il: 01/06/06 15:47

Re: mi sono beccato il webpopup

Postdi de lux » 18/06/06 17:03

nelluzzo ha scritto:mi sono beccato il webpopup e non riesco ad eliminarlo il log di hijackthis è:
Logfile of HijackThis v1.99.1
Scan saved at 16.35.41, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.alicebusiness.it/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grecanicarea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.alicebusiness.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice Business
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mouse Gestures - {872FD14E-C8C2-42AB-803A-9B437F375CB3} - C:\WINDOWS\system32\wbcfinder.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 235_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{76DABE22-19CD-4C43-8511-D7FEAAEA8F61}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

cosa devo fare??
grazie per l'aiuto...
de lux
Newbie
 
Post: 2
Iscritto il: 18/06/06 17:00

Postdi Luke57 » 18/06/06 18:18

Ciao scarica deldomains da qui:
http://www.mvps.org/winhelp2002/DelDomains.inf
e mettilo sul desktop.

Scarica ATF cleaner da qui:
http://www.atribune.org/ccount/click.php?id=1
(per eliminare i file temporanei)
e mettilo sul desktop.

Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)

rendi visibili file e cartelle nascosti:
da esplora risorse, seleziona strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click Ok

Apri hijackthis, premi “ do a system scan only”, cerchi e metti la spunta nella casellina accanto alle singole voci:
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: Mouse Gestures - {872FD14E-C8C2-42AB-803A-9B437F375CB3} - C:\WINDOWS\system32\wbcfinder.dll C:\WINDOWS\system32\wbcfinder.dll
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 235_it.exe
Premi fix checked.

Cerchi ed elimini i seguenti file e cartelle:
C:\WINDOWS\system32\wbcfinder.dll
C:\Programmi\E-nrgyPlus---- > la cartella

Esegui deldomains con un click con il tasto dx del mouse e scegliendo Installa (fa tutto da sé)

Poi avvia ATFCleaner. Clicca sul menu main e poi seleziona la casella Select All. Adesso clicca sul pulsante Empty selected e aspetta il messaggio Done Cleaning!.

Da pannello di controllo, installazioni\applicazioni, elimini i programmi sospetti non installati da te, in particolare E-nrgyPlus.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi andorra24 » 18/06/06 18:48

Non ho capito perche' l'utente de lux ha quotato il log di hijackthis di nelluzzo che tra l'altro era stato risolto. :-?
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi Luke57 » 18/06/06 18:52

andorra24 ha scritto:Non ho capito perche' l'utente de lux ha quotato il log di hijackthis di nelluzzo che tra l'altro era stato risolto. :-?

Ciao, mi ha fatto anche pensare per la soluzione, forse hanno i log speculari ;)
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi andorra24 » 18/06/06 18:54

Luke57 ha scritto:Ciao, mi ha fatto anche pensare per la soluzione, forse hanno i log speculari ;)

Forse e' lo stesso utente che usa 2 nick pero' mi pare strano che abbia quotato un vecchio log invece di postarne uno fresco.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Re: mi sono beccato il webpopup

Postdi de lux » 18/06/06 20:29

nelluzzo ha scritto:mi sono beccato il webpopup e non riesco ad eliminarlo il log di hijackthis è:
Logfile of HijackThis v1.99.1
Scan saved at 16.35.41, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Temp\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.alicebusiness.it/search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.grecanicarea.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.alicebusiness.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice Business
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 200.73.174.154 STORAGE.HOSTANCE.NET
O1 - Hosts: 200.73.174.154 STORAGE-TASP.COM
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Mouse Gestures - {872FD14E-C8C2-42AB-803A-9B437F375CB3} - C:\WINDOWS\system32\wbcfinder.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [E-nrgyPlus] C:\Programmi\E-nrgyPlus\E-nrgyPlus.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ibmmessages] C:\Programmi\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java142\jre\bin\NPJPI142.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: *.energy-factor.com
O15 - Trusted Zone: *.hardcorefantasyland.com
O15 - Trusted Zone: *.hardfootballbabes.com
O15 - Trusted Zone: http://www.hastalavista.it
O15 - Trusted Zone: http://www.superspots.biz
O16 - DPF: {FFFF0001-0001-101A-A3C9-08002B2F49FC} - http://download.energy-factor.com/diale ... 235_it.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{76DABE22-19CD-4C43-8511-D7FEAAEA8F61}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Programmi\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Servizio Auto-Protect di Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe

cosa devo fare??
grazie per l'aiuto...
Codice: Seleziona tutto
[quote][/quote]
de lux
Newbie
 
Post: 2
Iscritto il: 18/06/06 17:00

Postdi Alexsandra » 18/06/06 20:43

Credo che non sappia come si fà a postare

@ de lux
clicca su questo link che trovi le info per postare http://www.pc-facile.com/forum/faq.php?mode=bbcode
- Il primo fondamento della sicurezza non e' la tecnologia, ma l'attitudine mentale.

Win7 + Office 2003 Ita
Avatar utente
Alexsandra
Utente Senior
 
Post: 2358
Iscritto il: 09/01/06 20:31

grazie...

Postdi nelluzzo » 19/06/06 09:09

ale, de lux e andorra,
grazie mille per l'interessamento, il problema in effetti era stato già risolto...tuttavia evidenzia la serietà, la competenza, l'autorevolezza del forum e di chi lo anima, soprattutto nel rendere fruibile a tutti in modo semplice informazioni tecniche dettagliate.
grazie ...
un abbraccio
nelluzzo
Newbie
 
Post: 4
Iscritto il: 01/06/06 15:47


Torna a Sicurezza e Privacy


Topic correlati a "mi sono beccato il webpopup":


Chi c’è in linea

Visitano il forum: Nessuno e 53 ospiti