Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

messenger infetto

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

messenger infetto

Postdi lorenks » 06/10/06 01:10

ho la grande fortuna di avere un fratello curioso che quando usa messenger non si fa scrupolo di aprire qualsiasi link gli arrivi... e io faccio le 2 a mettere le toppe!

allora, da come mi ha spiegato ha cliccato su un link in inglese ke portava a un file tipo photo211.jpg, si è installato qualcosa e sono cominciate ad aprirsi le finestre di tutti i suoi contatti con lo stesso link...

ora ho dei file sul desktop come "c.exe, drsmartload1135a.exe, loadadv455.exe, nby.exe e Yinstall.exe" (l'ultimo dei quali me lo segnala come in uso quando provo a cancellarlo)

a parte Yinstall.exe, tutti si cancellano manualmente ma si ricreano ogni volta ke apro Live Messenger... che ovviamente non funziona..

poi ogni tanto mentre sono online si aprono da soli dei download di file .exe... insomma, tanto x cambiare mi si è infiltrato di tutto...

vi posto il log di hijackthis...

Logfile of HijackThis v1.99.1
Scan saved at 2.10.38, on 06/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\Apoint2K\Apntex.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
c:\drsmartload.exe
c:\drsmartload.exe
C:\Programmi\Mozilla Firefox\firefox.exe
c:\drsmartload.exe
c:\drsmartload.exe
c:\drsmartload.exe
c:\nwnmff_e23.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\drsmartload.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\qmuwkp.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\GEORGI~1\IMPOST~1\Temp\Rar$EX00.469\HijackThis.exe
C:\Programmi\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00005.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\System32\IEGuard1.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [zqi5da8c] RUNDLL32.EXE w01a9d7a.dll,n 0055da870000000a01a9d7a
O4 - HKLM\..\Run: [aqi5da8d] RUNDLL32.EXE w01aa1a0.dll,n 0055da880000000a01aa1a0
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e23.exe
O4 - HKCU\..\Run: [rasgate] c:\qmuwkp.exe -a
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00005.exe"
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.p0rt2.com
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {11111111-1111-1111-1111-117588341405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://213.173.190.180/manual/loaderMFC.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9D7F7865-C035-4177-A322-3A5B12D3A3D2} (Infos Control) - http://www.aliceadsl.it/alice/contents/ ... pcqsys.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056307.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6180EA75-C923-452B-838C-75320F7D3BB0}: NameServer = 85.37.17.16 85.38.28.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe


datemi una mano, ho un estremo bisogno di rimettere in funzione almeno Messenger al + presto!!! GRAZIE
Odi et Amo. Quare id faciam, fortasse requiris. Nescio, sed fieri sentio excrucior.
lorenks
Utente Senior
 
Post: 128
Iscritto il: 07/10/02 21:06

Sponsor
 

Postdi andorra24 » 06/10/06 09:43

Ciao, Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
c:\drsmartload.exe
c:\nwnmff_e23.exe
c:\qmuwkp.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'' :

F2 - REG:system.ini: Shell=explorer.exe "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00005.exe"
O2 - BHO: IEWebGuard Class - {1B77D30A-81C9-497A-8647-142F7511B1FB} - C:\WINDOWS\System32\IEGuard1.dll (file missing)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [zqi5da8c] RUNDLL32.EXE w01a9d7a.dll,n 0055da870000000a01a9d7a
O4 - HKLM\..\Run: [aqi5da8d] RUNDLL32.EXE w01aa1a0.dll,n 0055da880000000a01aa1a0
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e23.exe
O4 - HKCU\..\Run: [rasgate] c:\qmuwkp.exe -a
O4 - HKCU\..\Run: [shell] "C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00005.exe"
O15 - Trusted Zone: *.p0rt2.com (se non la conosci eliminala)
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1056307.exe
O23 - Service: Network Monitor - Unknown owner - C:\Programmi\Network Monitor\netmon.exe (file missing)

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Scarica killbox da qui: http://www.killbox.net/downloads/KillBox.exe
Elimina i seguenti files:
C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
c:\drsmartload.exe
c:\nwnmff_e23.exe
c:\qmuwkp.exe
C:\Programmi\File comuni\Microsoft Shared\Web Folders\ibm00005.exe
C:\WINDOWS\System32\IEGuard1.dll
C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
C:\Programmi\Network Monitor\netmon.exe (elimina anche la cartella Network Monitor)

Fai una scansione con superantispyware:
http://www.superantispyware.com/downloa ... PYWAREFREE
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi lorenks » 06/10/06 23:51

nessun miglioramento... ho seguito tutte le istruzioni (cancellando anche altri file presenti in C:/ oltre a quelli dati: warebundlenewer.exe e ovvpecjh.exe) ma al riavvio del sistema la situazione era la stessa.. stessi file sul desktop e in C:/, stessa finestra di internet explorer che si apre da sola, stesse pubblicità che si aprono in firefox, messenger che non va... cosa faccio?

il log di hijackthis, se può servire...

Logfile of HijackThis v1.99.1
Scan saved at 0.49.05, on 07/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\Apoint2K\Apoint.exe
C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
C:\Programmi\QuickTime\qttask.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
C:\Programmi\EzButton\CPLDBL10.EXE
C:\Programmi\Apoint2K\Apntex.exe
C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\FILECO~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
c:\dfndrff_e24.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\WINDOWS\CROSOF~1\ping.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Programmi\Common Files\??mantec\?hkntfs.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\eMule\emule.exe
c:\qmuwkp.exe
C:\Documents and Settings\georgia pinna\Desktop\KillBox.exe
C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Documents and Settings\georgia pinna\Desktop\HijackThis.exe
C:\WINDOWS\system32\Yinstall.exe
C:\Programmi\File comuni\{C0D1302F-0AED-1040-1031-030512200027}\Update.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {D0EBF610-6AD1-3104-A6DE-121344DA31C7} - C:\WINDOWS\system32\bcf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Programmi\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Programmi\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programmi\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TPNF] C:\Programmi\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [HPWS myPrintMileage Agent] C:\Programmi\Hewlett-Packard\HP Deskjet 1280\Toolbox\mpm.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programmi\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [CPLDBL10] C:\Programmi\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e24.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e24.exe
O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Raer] "C:\WINDOWS\CROSOF~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Qxdizs] C:\Programmi\Common Files\??mantec\?hkntfs.exe
O4 - HKCU\..\Run: [rasgate] c:\qmuwkp.exe -a
O8 - Extra context menu item: &Download with &DAP - C:\Programmi\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\Programmi\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Programmi\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: *.rossoalice.it
O15 - Trusted Zone: *.rossoalice.virgilio.it
O16 - DPF: {11111111-1111-1111-1111-117588341405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://213.173.190.180/manual/loaderMFC.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9D7F7865-C035-4177-A322-3A5B12D3A3D2} (Infos Control) - http://www.aliceadsl.it/alice/contents/ ... pcqsys.ocx
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6180EA75-C923-452B-838C-75320F7D3BB0}: NameServer = 85.37.17.16 85.38.28.68
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\azctres.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Programmi\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
Odi et Amo. Quare id faciam, fortasse requiris. Nescio, sed fieri sentio excrucior.
lorenks
Utente Senior
 
Post: 128
Iscritto il: 07/10/02 21:06

Postdi lorenks » 07/10/06 01:04

ho fatto un altra scansione con superantispyware e stavolta ha rilevato ancora più oggetti della volta precedente... e in + mi sono accorto che l'auto-protect di Norton2005 è andata a farsi benedire! lo stato è su NON ATTIVO e se metto attiva mi dice che non può per un errore interno...

datemi una speranza...
Odi et Amo. Quare id faciam, fortasse requiris. Nescio, sed fieri sentio excrucior.
lorenks
Utente Senior
 
Post: 128
Iscritto il: 07/10/02 21:06

Postdi andorra24 » 07/10/06 01:09

Fai una scansione con questo tool di rimozione dell'adware look2me perche' ne sei affetto:
http://www.atribune.org/content/view/28/

Apri hijackthis, premi su ''open the misc tools section'', poi premi ''open process manager'', individua le voci indicate sotto e premi ''kill process'':

c:\dfndrff_e24.exe
C:\WINDOWS\CROSOF~1\ping.exe
C:\Programmi\Common Files\??mantec\?hkntfs.exe
c:\qmuwkp.exe
C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
C:\WINDOWS\system32\Yinstall.exe
C:\Programmi\File comuni\{C0D1302F-0AED-1040-1031-030512200027}\Update.exe

Poi vai in basso e premi il tasto back e subito dopo il tasto scan. Metti la spunta nella casellina accanto alle voci indicate sotto e premi ''fix checked'':

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {D0EBF610-6AD1-3104-A6DE-121344DA31C7} - C:\WINDOWS\system32\bcf.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O3 - Toolbar: ToolBar888 - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
O4 - HKLM\..\Run: [explorer] C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_e24.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_e24.exe
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_e24.exe
O4 - HKCU\..\Run: [Raer] "C:\WINDOWS\CROSOF~1\ping.exe" -vt yazb
O4 - HKCU\..\Run: [Qxdizs] C:\Programmi\Common Files\??mantec\?hkntfs.exe
O4 - HKCU\..\Run: [rasgate] c:\qmuwkp.exe -a
O16 - DPF: {11111111-1111-1111-1111-117588341405} - mhtml:file://C:NO_SUCH_MHT.MHT!http://213.173.190.180/manual/loaderMFC.exe
O20 - Winlogon Notify: Extensions - C:\WINDOWS\system32\azctres.dll

Vai su start/risorse del computer/strumenti/opzioni cartella/visualizzazione e metti la spunta su visualizza cartelle file nascosti e togli la spunta da ''nascondi i file protetti di sistema''.

Con killbox elimina i seguenti files:
C:\Programmi\Common Files\??mantec\?hkntfs.exe (elimina la cartella ??mantec)
c:\qmuwkp.exe
C:\Documents and Settings\georgia pinna\Desktop\Yinstall.exe
C:\WINDOWS\system32\Yinstall.exe
C:\Programmi\File comuni\{C0D1302F-0AED-1040-1031-030512200027}\Update.exe
C:\WINDOWS\system32\bcf.dll
C:\Programmi\File comuni\{30D1302F-0AED-1040-1031-030512200027}\MyToolBar.dll
c:\\dfndrff_e24.exe
c:\\nwnmff_e24.exe
c:\\kybrdff_e24.exe
C:\WINDOWS\CROSOF~1\ping.exe
C:\WINDOWS\system32\azctres.dll

Fai una scansione con avg antispyware:
http://download.grisoft.cz/softw/70/fil ... 5.0.47.exe
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi lorenks » 07/10/06 15:57

sembra che la situazione si sia normalizzata... solo l'auto-protect di norton è rimasta disattivata e se nn voglio dover ricominciare da zero è meglio fare qualcosa... (ovviamente il supporto tecnico del sito della Symantec è completamente inutile...)

consigli?

ps: grazie cmq x tutto l'aiuto già dato!!
Odi et Amo. Quare id faciam, fortasse requiris. Nescio, sed fieri sentio excrucior.
lorenks
Utente Senior
 
Post: 128
Iscritto il: 07/10/02 21:06

Postdi andorra24 » 07/10/06 16:04

Avevi un allevamento di malware nel pc e non mi stupisce che il norton sia stato messo fuori uso. Secondo me l'ideale sarebbe togliere il norton e sostituirlo con qualcosa di meglio.
Ti consiglierei di fare una scansione antivirus online sul sito di bitdefender per vedere se hai qualche altro residuo da eliminare:

http://www.bitdefender.com/scan8/ie.html
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo


Torna a Sicurezza e Privacy


Topic correlati a "messenger infetto":

disinstallazione messenger
Autore: lydia
Forum: Discussioni
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti