Home News Guide Hardware Download Forum Glossario

Condividi:        

help me!!! e1xplorer ha colpito anche me!!!

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Regole del forum
Rispondi al post

help me!!! e1xplorer ha colpito anche me!!!

Postdi cortomalteseit » 09/06/06 07:24

Ciao,
credo di esser vittima pure io di e1xplorer....
non riesco a liberarmi di due avvisi a forma di punto esclamativo e di triangolo nell area di notifica. In più compare spesso una finestra che dice critical error: system in danger, e mi si chiede di cliccare su ok per accedere a speciali offerte... ma li mortacci loro!!!!!!!
inoltre sul desktop mi compare un icona "adware reviews"...
il tentativo di rimuovere qualcosa è stato fatto: scansioni varie con avast, mcafee, spyware search&destroy, free spyware scanner, cwshredder, ecc. ecc., ma il problema permane. avevo il file spoolsvc.exe e l ho eliminato; avevo anche un file sospetto nei file comuni, denominato ibm0001.exe e ho cancellato pure questo!!!!... non so più cosa fare... help me!!!!
vi invio il logfile di HijackThis, sicuramente potrete capirne di più!!! grazie mille, siete mitici!
:?: :?: :?:

Logfile of HijackThis v1.99.1
Scan saved at 18.05.58, on 08/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Free Spyware Scanner\SpyWatcher.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\WINDOWS\wupdmgr.exe
C:\WINDOWS\osaupd.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Daniele Maltese\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://arianna.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.libero.it
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programmi\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\Programmi\Free Spyware Scanner\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download &All by FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: FreshDownload - {AF52CF6D-796E-41DA-89A5-067797BC0CDA} - C:\Programmi\FreshDevices\FreshDownload\fd.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
cortomalteseit
Utente Junior
 
Post: 16
Iscritto il: 16/01/06 13:16
Top
Sponsor
 

Postdi Luke57 » 09/06/06 07:52

Ciao, utilizza smitfraudfix, qui:
http://www.manuali.net/forum/showthread ... adid=42395
link e utilizzo by Lucas. Dovrebbe sistemarti le cose.
Inserisci in un post il rapporto prodotto dal programma.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi cortomalteseit » 09/06/06 20:47

Caro Luke,
intanto ti ringrazio per l'attenzione. ho fatto come mi hai consigliato, utilizzando il programma SmitFraudFix v2.56. purtroppo non è cambiato nulla... :( compaiono ancora quelle fastidiosissime finestre di avviso di system alert spyware e quei simboli nellarea di notifica. puoi consigliarmi qualcos'altro? te ne sarei veramente grato.
Grazie, ecco di seguito il report della scansione.
Ciao


Scan done at 20.56.42,01, 09/06/2006
Run from C:\Documents and Settings\Daniele Maltese\Desktop\smit\SmitfraudFix
OS: Microsoft Windows XP [Versione 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\alexaie.dll Deleted
C:\WINDOWS\alxie328.dll Deleted
C:\WINDOWS\blue-bg.gif Deleted
C:\WINDOWS\close-bar.gif Deleted
C:\WINDOWS\drsmartload95a.exe Deleted
C:\WINDOWS\loadadv728.exe Deleted
C:\WINDOWS\osaupd.exe Deleted
C:\WINDOWS\remove-spyware-btn.gif Deleted
C:\WINDOWS\susp.exe Deleted
C:\WINDOWS\warning-bar-ico.gif Deleted
C:\WINDOWS\win-sec-center-logo.gif Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\questmod.dll Deleted
C:\WINDOWS\system32\runsrv32.dll Deleted
C:\WINDOWS\system32\runsrv32.exe Deleted
C:\WINDOWS\system32\shell386.exe Deleted
C:\WINDOWS\system32\udpmod.dll Deleted
C:\WINDOWS\system32\winapi32.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Reboot

C:\WINDOWS\system32\winsrv32.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» End
cortomalteseit
Utente Junior
 
Post: 16
Iscritto il: 16/01/06 13:16
Top

Postdi Luke57 » 10/06/06 08:31

Ciao, smitfraud ti ha eliminato i file incriminati. Scarica superantispyware versione frre da qui:
http://www.wintricks.it/news2/article.php?ID=12465
lo aggiorni e fai una scansione completa.
Allega poi un altro log sdi hiajckthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi cortomalteseit » 10/06/06 11:48

:D

Luke, non ci sono parole per ringraziarti...
credo di aver risolto tutti i problemi. SUPERAntiSpyware Scan ha trovato una montagna di munnezze!!! :eeh:
ti posto il logfile di hijackthis per controllo.
Se noti qualcos'altro di strano, ti prego di farmi sapere. Ti ringrazio tantissimo, ciao


Logfile of HijackThis v1.99.1
Scan saved at 12.44.11, on 10/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Programmi\Alwil Software\Avast4\ashDisp.exe
C:\Programmi\Free Spyware Scanner\SpyWatcher.exe
C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Microsoft ActiveSync\WCESMgr.exe
C:\Programmi\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\Programmi\FreshDevices\FreshDownload\fdiebar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [avast!] "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Spy Watcher] "C:\Programmi\Free Spyware Scanner\SpyWatcher.exe" -S
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programmi\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download &All by FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - file://C:\Programmi\FreshDevices\FreshDownload\fdiectx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programmi\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: FreshDownload - {AF52CF6D-796E-41DA-89A5-067797BC0CDA} - C:\Programmi\FreshDevices\FreshDownload\fd.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.libero.it
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BACF4E9-5CD2-4741-A38B-145087DAF44E}: NameServer = 85.37.17.39 85.38.28.71
O20 - Winlogon Notify: SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Programmi\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programmi\File comuni\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe
cortomalteseit
Utente Junior
 
Post: 16
Iscritto il: 16/01/06 13:16
Top

Postdi Luke57 » 10/06/06 12:14

Ciao, apri hijackthis, premi "do a system scan only", cerchi e spunti la voce:
O4 - Startup: PowerReg Scheduler.exe
premi fix checked.
Per il resto, il log mi pare a posto.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10
Top

Postdi cortomalteseit » 10/06/06 15:47

Fatto!!! il sistema sembra come nuovo!!! in effetti l'avevo trascurato un pò... :roll:
Grazie, ciao!
cortomalteseit
Utente Junior
 
Post: 16
Iscritto il: 16/01/06 13:16
Top
Rispondi al post

Torna a Sicurezza e Privacy


Topic correlati a "help me!!! e1xplorer ha colpito anche me!!!":

Importare anche gli url con selenium
Autore: aggittoriu 		Forum: Applicazioni Office Windows
Risposte: 3
Mouse sempre alimentato, anche con notebook spento
Autore: franco11 		Forum: Assistenza Hardware
Risposte: 6
ricerca file anche nelle sottocartelle
Autore: deniel69 		Forum: Applicazioni Office Windows
Risposte: 3
Excel: problema file bloccato anche se non risulta aperto
Autore: valle1975 		Forum: Applicazioni Office Windows
Risposte: 2
TROVARE NOME COGNOME ANCHE SE INVERTITO
Autore: scanacc 		Forum: Applicazioni Office Windows
Risposte: 6

Chi c’è in linea

Visitano il forum: Nessuno e 83 ospiti