Condividi:        

Aiuto spyware

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Aiuto spyware

Postdi duskmax » 26/05/06 17:52

Salve a tutti, è da due giorni che ho constatato che sul mio computer ci sono degli spyware...ho letto la guida e ho già provato in tutti i modi ma non riesco ad eliminarli. A parte l'antivirus che seppur riconoscendoli, non me li elimina, ho provato con spybot e ad-aware...niente! In ultimo ho provato hijackthis e non ci ho capito molto...sigh! So solo che la pagina iniziale di Explorer mi indirizza su questo sito (http://www.securityuptodate.net/) e non riesco a mettere la mia pagina iniziale (probabilmente perchè ho l'IP cambiato 82.56.3.10, invece che quello di Alice)...se potete aiutarmi, vi ringrazio moltissimo.

Vi copio il Logfile of HijackThis v1.99.1

Logfile of HijackThis v1.99.1
Scan saved at 16.11.49, on 26/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Max\IMPOST~1\Temp\Rar$EX00.547\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.5000.1021\it\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5051445A-73CA-4671-AD64-65C59741FD32}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

Grazie mille per l'aiuto...

Saluti
duskmax
Newbie
 
Post: 3
Iscritto il: 26/05/06 17:38

Sponsor
 

Postdi Luke57 » 26/05/06 21:38

Ciao, scarica Cwshredder da qui:
http://www.trendmicro.com/ftp/products/ ... redder.exe
e lo metti sul desktop
Scarica Superantispyware versione free qui
http://www.wintricks.it/news2/article.php?ID=12465
Metti hijackthis in una cartella del disco fisso appositamente dedicata, tipo C\HJT, altrimenti il programma non può fare il backup delle voci rimosse (Copi il file .exe presente all'interno della cartella compressa)
1) Riavvia in modalità provvisoria
(Avviare il computer.Subito dopo il calcolo della RAM e prima che inizi a caricarsi Windows, iniziare a premere ripetutamente il tasto F8 sulla tastiera. Continuare a farlo fino a visualizzare il menu Opzioni avanzate di Windows. Usando i tasti freccia sulla tastiera, scorrere le opzioni e selezionare il menu Modalità Provvisoria, quindi premere Invio)
2) Rendi visibili file e cartelle nascosti:
da gestione del computer>strumenti>Opzioni Cartella
Seleziona Visualizza
Spunta "mostra file e cartelle nascoste"
Togli la spunta da "nascondi file di sistema protetti"
Click OK
3) Apri hijackthis, con tutte le applicazioni chiuse, premi ““open the misc tools section”, poi “open process manger”, individua ed evidenzia il,processo ( se non c’è, non ti preoccupare)
C:\WINDOWS\system32\dcomcfg.exe
Premi kill process
4) Torni alla pagina principale con back, premi “scan”, cerchi e spunti le seguenti voci:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
Premi fix checked
5) Esegui CWShredder.exe (apri il file, scegli “Fix”, non “Scan only).
Cerchi ed elimini i file:
C C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\hp100.tmp
6) Elimina poi tutti i file temporanei di windows temp e tmp (da start>cerca>tutti i file e cartelle, copi e incolli: *.temp;*.tmp, ed elimini tutti quelli trovati)
7) sulle opzioni Internet cancella la cache di IE ( sull’opzione elimina file temporanei spunta anche “elimina il contenuto non in linea”, i cookies, cronologia)
8 - svuota il cestino.
9) Da pannello di controllo.installazioni/applicazioni controlla che non vi siano programmi non installati da te (quelli sospetti, ovviamente)
10) Fai una scansione completa con superantispyware ( è un pò lunghina, ma efficace)
10) Riavvia e posta nuovo log per controllo che vi sono ancora alcune cose da verificare e altlre da dire.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi duskmax » 27/05/06 14:58

Ciao...grazie per la risposta, ma continuo ad avere problemi...ho fatto tutto quello che mi hai detto ma quando mi dici di eseguire CWShredder.exe ed eliminare i 2 file che mi hai elencato, il programma non li trova (non li vedo)...inoltre ho fatto la scansione con superantispyware e mi ha tovato 5 trojan (ho continuato e li ho eliminati, ma al riavvio tutto era come prima).

Ti posto il log che ho appena fatto girare su hijackthis.

Logfile of HijackThis v1.99.1
Scan saved at 15.50.21, on 27/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5051445A-73CA-4671-AD64-65C59741FD32}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

E infatti come vedi i 2 file ci sono ancora...come devo fare?

Grazie ancora...ciao
duskmax
Newbie
 
Post: 3
Iscritto il: 26/05/06 17:38

Postdi Luke57 » 27/05/06 15:37

Ciao, in questo link:
http://www.manuali.net/forum/showthread ... adid=42395
segui le istruzioni di Lucas relative all'uso di smitfraudfix.
Posta poi il rapporto del programma + un altro log di hijackthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi duskmax » 27/05/06 18:31

Ciao..ho fatto come mi hai detto e IE ora mi funziona!

Ecco qua il rapporto di SmitFraudFix:

SmitFraudFix v2.49

Scan done at 19.17.54,39, 27/05/06
Run from C:\Documents and Settings\Max\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600]
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

E quello che ho appena fatto girare su hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 19.28.46, on 27/05/06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe
C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\HPQ\shared\hpqwmi.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Programmi\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Programmi\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Programmi\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/do ... se5059.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZI ... b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5051445A-73CA-4671-AD64-65C59741FD32}: NameServer = 85.37.17.41 85.38.28.83
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Programmi\HPQ\shared\hpqwmi.exe
O23 - Service: Servizio iPod (iPodService) - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe

Grazie mille ancora per l'aiuto e ciao!
duskmax
Newbie
 
Post: 3
Iscritto il: 26/05/06 17:38

Postdi Luke57 » 27/05/06 20:12

Ciao, il log pare a posto, adesso. Vai nel sito della Java e aggiornala alla versione 6 ( mi sembra che sia l'ultima). Disistalli quella che hai e installi la nuova, scegliendo la versione off line.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Postdi no place to hide » 12/06/06 12:29

ciao a tutti, utilizzo questa discussione senza stare ad aprirne un altra...

ho fatto una scansione con panda via internet, qui

http://www.pandasoftware.com/activescan ... ncipal.htm

e mi ha rilevato 36 spyware :aaah ma nn me li ha disinfettati.. faccio una passata con spybot e ad-aware. rifaccio la scansione con panda ma mi dice che ho ancora una trentina di spyware nella seguente cartella

C:\Documents and Settings\Proprietario\Datiapplicazioni\
Mozilla\Firefox\Profiles\h3sw5uow.default\

vado a controllare nella cartella ma trovo solo un file chiamato cookies.txt lo cancello ma niente. faccio una ricerca su google e provo ad usare spywareterminator e superantispyware ma nn trovano niente...

rifaccio una scansione con panda e questo qui è il risultato

Spyware:Cookie/2o7 Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.2o7.net/]
Spyware:Cookie/PointRoll Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Adtech Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.adtech.de/]
Spyware:Cookie/adultfriendfinder Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/Falkag Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Serving-sys Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/BurstNet Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.com.com/]
Spyware:Cookie/cs.sexcounter Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Go Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.go.com/]
Spyware:Cookie/Com.com Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.google.com.br/]
Spyware:Cookie/PayCounter Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.paycounter.com/]
Spyware:Cookie/Overture Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/QuestionMarket Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/WUpd Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Serving-sys Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Statcounter Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Com.com Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.terra.com.br/]
Spyware:Cookie/Toplist Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tradedoubler Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/Tribalfusion Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.uol.com.br/]
Spyware:Cookie/Xiti Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Zedo Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[.zedo.com/]
Spyware:Cookie/YieldManager Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Falkag Non Disinfettato C:\Documents and Settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\h3sw5uow.default\cookies.txt[as1.falkag.de/]

come posso fare a toglierli??? :?:
no place to hide
Utente Junior
 
Post: 37
Iscritto il: 13/12/05 17:09

Postdi andorra24 » 12/06/06 12:40

Svuota i cookies di firefox andando su strumenti/opzioni/privacy/cookie. Poi visto che si tratta di tracking cookies immunizza con spywareblaster.
andorra24
Utente Senior
 
Post: 2742
Iscritto il: 21/05/06 15:44
Località: Palermo

Postdi no place to hide » 12/06/06 18:44

grazie
no place to hide
Utente Junior
 
Post: 37
Iscritto il: 13/12/05 17:09


Torna a Sicurezza e Privacy


Topic correlati a "Aiuto spyware":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3
aiuto x mobili
Autore: MarioLombardi
Forum: Forum off-topic
Risposte: 8

Chi c’è in linea

Visitano il forum: Nessuno e 94 ospiti