Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

Aiuto!!! Smitfraud!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Aiuto!!! Smitfraud!!!

Postdi alessandro.aleale » 22/08/07 13:52

Anch'io purtroppo ho dei problemi con questo c.... di smitfraud!! Qualcuno cortesemente me lo può risolvere?


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14.50.22, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Prgrmm\BlueSoleil\BTNtService.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Prgrmm\Mozilla Firefox\firefox.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\psimreal.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\avciman.exe
C:\Programmi\Prgrmm\ACDSee32\ACDSee32.exe
C:\Downld\HiJackThis_v2.exe
C:\Downld\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Prgrmm\Fdm\iefdmcks.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Prgrmm\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Prgrmm\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{423CD134-6E59-45A2-804B-9A525805D925}: NameServer = 85.37.17.11 85.38.28.69
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\Prgrmm\BlueSoleil\BTNtService.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--
End of file - 5737 bytes
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Sponsor
 

Postdi alessandro.aleale » 22/08/07 14:18

ho usato lo smitfraudfix in modalità provvisoria, ma non è servito praticamente a niente!!!! :x

comunque questo è il rapport:

SmitFraudFix v2.133

Scan done at 15.11.59,90, 22/08/2007
Run from C:\Downld\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4233ac08-a2c4-4742-a0b4-83719613d62c}"="grassily"

[HKEY_CLASSES_ROOT\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{4233ac08-a2c4-4742-a0b4-83719613d62c}\InProcServer32]
@="C:\WINDOWS\system32\ilmpjy.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi alessandro.aleale » 22/08/07 14:29

..e questo è il logfile di hijackthis dopo aver usato lo smitfraudfix:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.27.23, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Prgrmm\BlueSoleil\BTNtService.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Prgrmm\ACDSee32\ACDSee32.exe
C:\Programmi\Prgrmm\Mozilla Firefox\firefox.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Downld\HiJackThis_v2.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\psimreal.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O2 - BHO: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Prgrmm\Fdm\iefdmcks.dll
O3 - Toolbar: Coolstreaming Tool-Bar v1.0 Toolbar - {bd0e4d83-654e-4213-965b-fcbe887061f4} - C:\Programmi\Coolstreaming_Tool-Bar_v1.0\tbCool.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Prgrmm\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Prgrmm\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} - http://www.coolstreaming.us/consolle/plug-in/tvants.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{423CD134-6E59-45A2-804B-9A525805D925}: NameServer = 85.37.17.11 85.38.28.69
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: grassily - {4233ac08-a2c4-4742-a0b4-83719613d62c} - C:\WINDOWS\system32\ilmpjy.dll (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\Prgrmm\BlueSoleil\BTNtService.exe
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--
End of file - 5725 bytes
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi Luke57 » 22/08/07 14:49

Scarica The Avenger
http://swandog46.geekstogo.com/avenger.zip

estrai l’archivio nel desktop.

Poi avvia il file Avenger.exe.
Seleziona l'opzione Input Script Manually, clicca sulla lente di ingrandimento e all'interno dello spazio bianco copia ed incolla questo script:


folders to delete:
C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}


Clicca sul pulsante Done
Adesso clicca sul semaforo con la luce verde
Rispondi Yes 2 volte
Il pc si dovrebbe riavviare,se non si riavvia,riavvialo manualmente

Al riavvio collegati e posta il contenuto del file C:\Avenger.txt

Poi apri hijackthis, premi " do a system scan only", cerchi e spunti le voci seguenti:
O4 - HKCU\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'Default user')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [{8052C7EC-067C-1040-0706-040411050027}] "C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027}\Update.exe" te-110-12-0000073 (User 'Default user')

premi fix checked
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alessandro.aleale » 22/08/07 15:11

ok adesso ci provo.
Grazie per aver risposto
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi alessandro.aleale » 22/08/07 15:17

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\temddqic

*******************

Script file located at: \??\C:\sfcwipiw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmi\File comuni\{8052C7EC-067C-1040-0706-040411050027} deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi alessandro.aleale » 22/08/07 15:19

nulla di fatto!!
i poppupp continuano ad uscire ed il mio mouse sembra sempre impazzito!!! :x
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi alessandro.aleale » 22/08/07 15:33

Cmq questo è il mio nuovo log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.32.24, on 22/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
C:\Programmi\Panda Software\Panda Antivirus 2007\AVENGINE.EXE
C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe
C:\Programmi\Prgrmm\ACDSee32\ACDSee32.exe
C:\Programmi\Prgrmm\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Downld\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programmi\Prgrmm\Fdm\iefdmcks.dll
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Prgrmm\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scarica con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dllink.htm
O8 - Extra context menu item: Scarica selezionati con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlselected.htm
O8 - Extra context menu item: Scarica tutto con Free Download Manager - file://C:\Programmi\Prgrmm\Fdm\dlall.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Prgrmm\Java\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Prgrmm\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{423CD134-6E59-45A2-804B-9A525805D925}: NameServer = 85.37.17.11 85.38.28.69
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsCtrls.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programmi\Panda Software\Panda Antivirus 2007\PsImSvc.exe

--
End of file - 3427 bytes
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45

Postdi Luke57 » 22/08/07 15:37

Il log non mostra niente (l'hai fatto dalla mod.provvisoria?), comunque non ho la bacchetta magica ;)
scarica system scan da qui:
http://www.suspectfile.com/systemscan
mettilo sul desktop, spunti tutte le caselle, premi scan now.
Al termine della scansione, vai in C:\suspectfile e carica la cartella .zip che trovi su questo sito:
http://www.sendmefile.com/
fai l’upload della cartella .zip e inserisci nel tuo post successivo il link che ti sarà fornito per poterlo vedere.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Postdi alessandro.aleale » 22/08/07 15:43

dalla modalità provvisoria ho fatto solo l' operazione dello smitfraudfix
alessandro.aleale
Utente Junior
 
Post: 57
Iscritto il: 22/08/07 13:45


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto!!! Smitfraud!!!":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 1 ospite