piccolo aiuto [Archivio] - Hardware Upgrade Forum

View Full Version : piccolo aiuto

xamm63

19-04-2006, 15:09

salve ragazzi come al solito avrei bisogno di un piccolo aiuto: :mc:
navigo con fire fox ed ogni tanto vengo rindirizzato a questa pagina:http://popunder.paypopup.com/default.php?serverfile=&siteid=BundleWare&subid=

e poi e' un continuo che limewire parte da solo ....aiutoooooo

*Nexus*

19-04-2006, 15:13

Fai una scansione con ewido, con il tuo antivirus, posta un log di hijackthis e immuniza il sistema con spywareblaster ;)

xamm63

19-04-2006, 15:14

Logfile of HijackThis v1.99.1
Scan saved at 16.37.15, on 19/04/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWSB\SYSTEM\KERNEL32.DLL
C:\WINDOWSB\SYSTEM\MSGSRV32.EXE
C:\WINDOWSB\SYSTEM\SPOOL32.EXE
C:\WINDOWSB\SYSTEM\MPREXE.EXE
C:\WINDOWSB\SYSTEM\MSTASK.EXE
C:\WINDOWSB\SYSTEM\mmtask.tsk
C:\WINDOWSB\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWSB\EXPLORER.EXE
C:\WINDOWSB\RUNDLL32.EXE
C:\WINDOWSB\TASKMON.EXE
C:\WINDOWSB\SYSTEM\SYSTRAY.EXE
C:\WINDOWSB\SYSTEM\RMCTRL.EXE
C:\PROGRAMMI\FILE COMUNI\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWSB\SYSTEM\WMIEXE.EXE
C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\WINDOWS\MOUSEPAD12.EXE
C:\WINDOWSB\CMD\COMMAND.EXE
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\MESSENGER\MSMSGS.EXE
C:\WINDOWSB\SYSTEM\PSTORES.EXE
C:\ESM2\STMS.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
C:\WINDOWSB\SYSTEM\WINOA386.MOD
C:\ESM2\EBRR.EXE
C:\WINDOWSB\SYSTEM\DDHELP.EXE
C:\WINDOWSB\SYSTEM\STIMON.EXE
C:\DOCUMENTI\PROGRAMMI\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWSB\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWSB\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWSB\SYSTEM\rmctrl.exe
O4 - HKLM\..\Run: [BtStart] C:\Programmi\WIDCOMM\Software Bluetooth\bin\btstart.exe
O4 - HKLM\..\Run: [Multimedia Key] C:\PROGRA~2\MED280NT\DriBat32.EXE DKBoot.INI
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWSB\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] WINLOG.EXE
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe
O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe
O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWSB\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [] WINLOG.EXE
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [MSMSGS] C:\PROGRA~1\MESSEN~1\msmsgs.exe /background
O4 - HKCU\..\Run: [NBJ] "C:\PROGRAMMI\AHEAD\NERO BACKITUP\NBJ.EXE"
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O4 - Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Startup: EPSON Background Monitor.lnk = C:\ESM2\STMS.exe
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: @btrez.dll,-4015@1040,Invia a Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017@1040,Invia a &Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie.htm
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

*Nexus*

19-04-2006, 15:42

fixa:

C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\WINDOWSB\CMD\COMMAND.EXE
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\PROGRAMMI\TOOLBAR888\TOOLBAR888.DLL
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHance

Comunque è caldamente consigliata anche un scansione con un buon antivirus e un buon antispyware ;)

marcocappe

19-04-2006, 15:56

Fai una scansione con Ewido e poi fixa queste voci:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
TOOLBAR888.DLL
O4 - HKLM\..\Run: [winupdates] C:\Programmi\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [winsupdater] C:\Programmi\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [] WINLOG.EXE
O4 - HKLM\..\Run: [winupdate] C:\Programmi\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKLM\..\Run: [keyboard] C:\WINDOWS\KEYBOARD12.exe
O4 - HKLM\..\Run: [mousepad] C:\WINDOWS\MOUSEPAD12.exe
O4 - HKLM\..\Run: [newname] C:\WINDOWS\NEWNAME12.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWSB\cmd\command.exe
O4 - HKLM\..\Run: [webHancer Agent] C:\Programmi\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Programmi\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [Microsoft Startup Manager] C:\WINDOWSB\SYSTEM\sysservice.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [] WINLOG.EXE
O4 - HKLM\..\RunServices: [p2pnetworking] P2PNETWORKING.EXE
O4 - HKCU\..\Run: [services32] C:\Programmi\File comuni\Windows\mc-110-12-0000137.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer

Cancella questi file se ancora presenti dopo la scansione:
C:\PROGRAMMI\WEBHANCER\PROGRAMS\WHAGENT.EXE
C:\PROGRAMMI\WINUPDATES\WINUPDATES.EXE
C:\PROGRAMMI\FILE COMUNI\WINDOWS\SERVICES32.EXE
C:\WINDOWSB\CMD\COMMAND.EXE

e questi se non sai a cosa fanno riferimento:
C:\WINDOWS\MOUSEPAD12.EXE
C:\WINDOWS\KEYBOARD12.exe
C:\WINDOWS\NEWNAME12.exe
e le relative voci di Hijackthis

marcocappe

19-04-2006, 16:02

C'è anche un fix per il webhancer che forse può tornare utile:
http://securityresponse.symantec.com/avcenter/FixWebHancer.exe