Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

AIUTO SPYWARE MALEDETTO MI ASSALE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi demodemo » 26/03/08 17:37

Ciao a tutti, sono nuovo di quì anche se spesso con ricerche che ho fatto google mi ha portato da voi, quindi ho deciso di iscrivermi e richiedere aiuto. Il mio problema è che mi si aprono siti web di scommesse, teledue ecc ecc, ho installato noscript ma niente, spybot prima trovava le infezioni ultimamente non le trova neanche. E' iniziato tutto circa due mesi fà installai paltakscene e avast mi trovò subito un' infezione e lo disinstallai subito. Ho fatto una scanzione adesso con hijackthis e vi riporto rapporto:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.13.09, on 26/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\bak\mssysmgr.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\demy\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.bearshare.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ie/def ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programmi\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Programmi\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {bd0e4d83-654e-4213-965b-fcbe887061f4} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\bak\mssysmgr.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Programmi\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Crea preferiti portatile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Crea preferiti portatile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 1015346656
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se4009.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8566992296
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://leccesalento.spaces.live.com/Pho ... nPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} - http://update.videoegg.com/Install/Wind ... lisher.exe
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install ... stallX.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF7EC52E-3307-40D6-841B-658E722A1A61}: NameServer = 85.37.17.49 85.38.28.91
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: WebGpu - Unknown owner - \\?\C:\Programmi\Windows NT\prn.exe (file missing)

--
End of file - 9724 bytes
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Sponsor
 

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi Luke57 » 26/03/08 18:22

Ciao, apri hijackthis, disconnesso da internet, con le applicazioni chiuse, premi "do a system scan and save a log file",
cerca e spunta le voci seguenti:
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programmi\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O1 - Hosts: 207.44.196.219 auto.search.msn.com #NETVISION
O23 - Service: WebGpu - Unknown owner - \\?\C:\Programmi\Windows NT\prn.exe (file missing)

premi fix checked.

Poi lancia questi due comandi, uno di seguito all'altro:
start>esegui>sc stop WebGpu (lo digiti nello spazio)>OK
start>esegui>sc delete WebGpu (lo digiti nello spazio)>OK

POi scarica combofix sul desktop
ComboFix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
disattiva l'antivirus


Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione che è piuttosto lenta, se spariscono le icone dal desktop è normale))
Segui le istruzioni e alla fine verrà generato un log (C:\combofix.txt).

Riavvia il pc, copia e incolla il contenuto del report in un post.
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi demodemo » 26/03/08 18:38

ComboFix 08-03-25.4 - demy 2008-03-26 18.31.09.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.813 [GMT 1:00]
Eseguito da: C:\Documents and Settings\demy\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\drijhz.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\drijhz_nav.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\drijhz_navps.dat
C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\matrix.dat

.
((((((((((((((((((((((((( Files Creati Da 2008-02-26 al 2008-03-26 )))))))))))))))))))))))))))))))))))
.

2008-03-26 12:00 . 2008-03-26 18:15 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-26 12:00 . 2008-03-26 12:00 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-25 21:40 . 2008-03-25 21:40 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-03-25 16:57 . 2008-03-25 17:02 <DIR> d-------- C:\Programmi\Maxthon2
2008-03-19 10:13 . 2008-03-19 10:13 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-03-12 19:06 . 2008-03-12 19:06 <DIR> d-------- C:\Programmi\MSXML 4.0
2008-03-11 06:04 . 2008-03-12 18:51 <DIR> d-------- C:\Programmi\Mozilla Firefox 3 Beta 4
2008-03-07 07:00 . 2008-03-07 07:00 <DIR> d-------- C:\Documents and Settings\LocalService\Documenti
2008-03-07 06:48 . 2008-03-07 06:48 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-03-06 16:46 . 2008-03-06 16:46 <DIR> d-------- C:\Programmi\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-25 16:22 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-03-20 15:34 --------- d-----w C:\Documents and Settings\demy\Dati applicazioni\Apple Computer
2008-03-19 05:20 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-16 07:48 --------- d-----w C:\Programmi\eMule
2008-03-07 06:29 --------- d-----w C:\Programmi\File comuni\Adobe
2008-03-07 06:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-03-06 15:46 --------- d-----w C:\Programmi\iTunes
2008-03-06 15:45 --------- d-----w C:\Programmi\QuickTime
2008-02-07 19:55 --------- d-----w C:\Programmi\Yahoo!
2008-02-07 18:24 --------- d-----w C:\Programmi\Common Files
2008-01-27 08:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-09-08 16:08 25,600 ----a-w C:\Documents and Settings\demy\usbsermptxp.sys
2007-09-08 16:08 22,768 ----a-w C:\Documents and Settings\demy\usbsermpt.sys
2007-09-01 17:17 65,896 ----a-w C:\Documents and Settings\demy\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 6,822 2008-03-26 17:35:24 C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.dat

----a-w 371,712 2008-03-06 10:50:16 C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.exe

----a-w 396,721 2008-03-12 18:44:33 C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_nav.dat

----a-w 1,171 2008-03-26 17:35:16 C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_navps.dat

----a-w 57,344 2005-07-07 17:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2008-01-11 21:16:38 C:\Programmi\Adobe\Reader 8.0\Reader\reader_sl.exe

----a-w 212,992 2005-02-26 00:28:03 C:\Programmi\Ahead\Nero PhotoShow\data\Xtras\bak\mssysmgr.exe

----a-w 267,048 2007-11-02 17:36:42 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-02-19 12:10:32 C:\Programmi\iTunes\iTunesHelper.exe

----a-w 132,496 2007-09-24 23:11:35 C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe

----a-w 286,720 2007-10-19 19:16:26 C:\Programmi\QuickTime\bak\QTTask.exe
----a-w 385,024 2008-01-31 22:13:08 C:\Programmi\QuickTime\QTTask.exe

----a-w 4,662,776 2006-11-30 20:49:04 C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe

----a-w 15,360 2004-08-19 22:39:35 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 22:39:35 C:\WINDOWS\system32\ctfmon.exe

----a-w 155,648 2001-07-09 09:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\Ahead\NEROPH~2\data\Xtras\bak\mssysmgr.exe" [2005-02-26 01:28 212992]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"ccleaner"="C:\Programmi\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"wpljofvws"="c:\documents and settings\demy\impostazioni locali\dati applicazioni\bak\wpljofvws.exe" [2008-03-06 11:50 371712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-01-18 19:53 185896]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 23:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-12-30 10:33:20 212992]
BlueSoleil.lnk - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleil.exe [2006-09-05 10:21:01 1011712]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2799:UDP"= 2799:UDP:Altova License Metering Port (UDP)
"2799:TCP"= 2799:TCP:Altova License Metering Port (TCP)

R3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2008-01-02 02:12]
S4 WebGpu;WebGpu;"\\?\C:\Programmi\Windows NT\prn.exe" []

.
Contenuto della cartella 'Scheduled Tasks'
"2008-03-20 15:27:23 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-03-26 17:03:35 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2E11ADCE-7854-4366-9328-A6439F485716}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 18:34:17
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-03-26 18.36.05
ComboFix-quarantined-files.txt 2008-03-26 17:35:44
.
2008-03-25 20:40:12 --- E O F ---
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi Luke57 » 26/03/08 19:43

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
Decomprimi l'archivio
Avvia il file avenger.exe

All'interno del box bianco,copia e incolla le scritte seguenti:

files to move:
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe | C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe | C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Ahead\Nero PhotoShow\data\Xtras\bak\mssysmgr.exe | C:\Programmi\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\QuickTime\bak\QTTask.exe | C:\Programmi\QuickTime\QTTask.exe
C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe | C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\bak\ctfmon.exe | C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\bak\NeroCheck.exe | C:\WINDOWS\system32\NeroCheck.exe

files to delete:
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.exe
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_nav.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_navps.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.exe
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_nav.dat
C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_navps.dat


Clicca sul pulsante Execute


Il pc dovrebbe riavviarsi da solo, se così non fosse riavvialo manualmente.
Allega poi il log generato da avenger, lo trovi in C:\avenger.txt è un file di testo.

Poi apri regedit (start>esegui>regedit>OK
aperto l'editor del registro, cliccando sul segno + accanto alle singole voci, segui questo percorso:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
click sulla crtella RUn, se all'interno sulla parte destra trovi questa voce:
wpljofvws"="c:\documents and settings\demy\impostazioni locali\dati applicazioni\bak\wpljofvws.exe
click tasto dx su di essa e scegli Elimina.
Chiudi il registro
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi demodemo » 26/03/08 20:07

ho fatto il procedimento da te indicatomi digitando regedit su esegui ma quella voce nn l' ho trovata, ecco rapporto avanger:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File move operation "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe|C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" completed successfully.
File move operation "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" completed successfully.
File move operation "C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe" completed successfully.
File move operation "C:\Programmi\Ahead\Nero PhotoShow\data\Xtras\bak\mssysmgr.exe|C:\Programmi\Ahead\Nero PhotoShow\data\Xtras\mssysmgr.exe" completed successfully.
File move operation "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" completed successfully.
File move operation "C:\Programmi\QuickTime\bak\QTTask.exe|C:\Programmi\QuickTime\QTTask.exe" completed successfully.
File move operation "C:\Programmi\Yahoo!\Messenger\bak\YahooMessenger.exe|C:\Programmi\Yahoo!\Messenger\YahooMessenger.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\ctfmon.exe|C:\WINDOWS\system32\ctfmon.exe" completed successfully.
File move operation "C:\WINDOWS\system32\bak\NeroCheck.exe|C:\WINDOWS\system32\NeroCheck.exe" completed successfully.
File "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.dat" deleted successfully.
File "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws.exe" deleted successfully.
File "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_nav.dat" deleted successfully.
File "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\bak\wpljofvws_navps.dat" deleted successfully.

Error: file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.dat" not found!
Deletion of file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.exe" not found!
Deletion of file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_nav.dat" not found!
Deletion of file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_nav.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_navps.dat" not found!
Deletion of file "C:\Documents and Settings\demy\Impostazioni locali\Dati applicazioni\wpljofvws_navps.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi demodemo » 26/03/08 20:14

quelli ke nn esistono sicuramente li ho eliminati seguendo consiglio forum, grazie mo starò a vedere ke succede t farò sapere
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari

Re: AIUTO SPYWARE MALEDETTO MI ASSALE

Postdi demodemo » 28/03/08 17:13

sembra ritornato il pc di una volta bello liscio e veloce, t ringrazio
Avatar utente
demodemo
Utente Junior
 
Post: 83
Iscritto il: 26/03/08 17:15
Località: lecce e bari


Torna a Sicurezza e Privacy


Topic correlati a "AIUTO SPYWARE MALEDETTO MI ASSALE":

Aiuto urgente!!!
Autore: templare77
Forum: Software Windows
Risposte: 1

Chi c’è in linea

Visitano il forum: Nessuno e 4 ospiti