AIUTO VIRUS! [Archivio] - Hardware Upgrade Forum

Mist1987

19-08-2005, 14:29

Salve a tutti, mi sono appena iscritto a questo forum, e spero di poter avere una mano a risolvere il mio problema...

Ecco qual è la situazione

Ieri, un virus è risucito a superare le difese del nostro firewall (zonealarm) e si è insidiato sul nostro computer. All'inizio è apparso sul desktop un programma denominato m00, impossibile da eliminare. Stamattina, poi, con il computer spento durante la notte, è apparso un collegamento a Internet denominato exsplorer... e la pagina iniziale era cambiata.

A questo punto, abbiamo cercato quantomeno di capire cosa fosse, e una scansione dal sito di zonelabs ha rilevato questi due spyware:

MS Media Player ID

Component:

HKUS\DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

HKCU\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

e inoltre dopo un po' aveva trovato anche un

tracking cookies

al quale ai component corrispondeva

http:// *** bravenet *** . com (eliminate gli spazi e gli asterischi)

Questo però lo abbiamo eliminato manualmente dai cookies, dopodichè siamo riusciti ad eliminare anche i due file sul desktop accenati prima.

Comunque sia, i due spyware vengono sempre rilevati sul nostro computer...

A questo punto, cercando qualche possibilità di salvezza su internet, abbiamo trovato hijackthis, e quindi abbiamo fatto il log e questo e ciò che ne risulta....

Logfile of HijackThis v1.99.1
Scan saved at 13.57.21, on 19/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\syshelp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\syshelp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Adesso però non abbiamo idea di cos'altro fare.

Vi ringrazio per tutto l'aiuto possibile...

Ah, la pagina a cui si collega è

www.

redfunny.com?3615

PS: Adesso ha trovato un altro tracking cookies con component

://imrworldwide.com/cgi-bin

con http prima di 2 punti...

andorra24

19-08-2005, 14:31

Fai una scansione con ewido: http://download.ewido.net/ewido-setup.exe
e una con bitdefender:http://www.bitdefender.com/scan8/ie.html

andorra24

19-08-2005, 14:35

Fixa:
C:\WINDOWS\System32\syshelp.exe
O4 - HKLM\..\Run: [Systems] C:\WINDOWS\System32\syshelp.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: www.redfunny.com
O15 - Trusted Zone: www.skymasters.biz

Mist1987

19-08-2005, 14:47

---------------------------------------------------------
ewido security suite - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 14.45.13, 19/08/2005
+ Report-Checksum: 21749619

+ Risultati scansione:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Pulito con Backup
C:\Documents and Settings\Proprietario\Cookies\proprietario@atdmt[1].txt -> Spyware.Cookie.Atdmt : Pulito con Backup
C:\Documents and Settings\Proprietario\Cookies\proprietario@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Pulito con Backup
C:\Documents and Settings\Proprietario\Cookies\proprietario@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Pulito con Backup
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\help.chm -> Dialer.Generic : Pulito con Backup
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\help2.chm -> Dialer.Generic : Pulito con Backup
C:\WINDOWS\system32\sysfind.exe -> Dialer.Generic : Pulito con Backup
C:\WINDOWS\system32\sysprint.exe -> Dialer.Generic : Pulito con Backup

::Fine Rapporto

Questo è il rapporto di Ewido

Devo eliminare i file in quarantena?

andorra24

19-08-2005, 14:55

Questo è il rapporto di Ewido

Devo eliminare i file in quarantena?
Ewido ti ha eliminato cio' che ha trovato e ti ha fatto il backup. Che files hai in quarantena?

Mist1987

19-08-2005, 15:16

Ewido ti ha eliminato cio' che ha trovato e ti ha fatto il backup. Che files hai in quarantena?

spyware cookie (quelli di prima) e poi 4 dialer: 2 impostazioni locali temporanee (help.chm e help2.chen) e 2 in C\windows\system32\syfind.exe

e

C\windows\system32\sysprint.exe

infine

HKLM\software\microsoft\internetexplorer\extensions\{c95fee080-8f5d-11d2-a20b-00a003c157a}

di tipo spyware.alexa

Devo eliminarli?

Mist1987

19-08-2005, 15:18

Bit defender invece non ha trovato niente...

andorra24

19-08-2005, 15:18

Si, eliminali

Mist1987

19-08-2005, 15:23

ho rifatto hijack ma alcuni file di prima non li trova...
questo è il nuovo log

Logfile of HijackThis v1.99.1
Scan saved at 15.22.32, on 19/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
C:\Programmi\Ahead\InCD\InCDsrv.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\ewido\security suite\ewidoguard.exe
C:\Programmi\ewido\security suite\ewidoctrl.exe
C:\Programmi\ewido\security suite\SecuritySuite.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programmi\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Programmi\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O4 - Global Startup: ZoneAlarm.lnk = C:\Programmi\Zone Labs\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Programmi\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Programmi\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

andorra24

19-08-2005, 15:27

Il log e' pulito. :)

Mist1987

19-08-2005, 15:44

Il log e' pulito. :)

Fiuuu... Grazie mille!

Ma il fatto è che mi segnala ancora questi spyware al sito della zonelabs

MS Media Player ID

Component:

HKUS\DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

HKCU\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

E inoltre ci sono ancora dei cookies spyware.

Questi li posso eliminare manualmente, però è ricomparso il collegamento a exsplorer e vi è anche tra i preferiti. Quando ho provato a eliminarlo, mi ha cambiato la pagina iniziale...

andorra24

19-08-2005, 15:48

Fiuuu... Grazie mille!

Ma il fatto è che mi segnala ancora questi spyware al sito della zonelabs

MS Media Player ID

Component:

HKUS\DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

HKCU\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

E inoltre ci sono ancora dei cookies spyware.

Questi li posso eliminare manualmente, però è ricomparso il collegamento a exsplorer e vi è anche tra i preferiti. Quando ho provato a eliminarlo, mi ha cambiato la pagina iniziale...

I tracking cookies te li puoi tranquillamente eliminare manualmente oppure usando uno dei tanti programmini di pulizia in circolazione. Per quanto riguarda le altre cose hai provato anche a scansionare con Spybot e Adaware?

Mist1987

19-08-2005, 15:51

I tracking cookies te li puoi tranquillamente eliminare manualmente oppure usando uno dei tanti programmini di pulizia in circolazione.

Fatto! Con il primo metrodo.

Sono anche riuscito a eliminare il collegamento ai preferiti senza che mi cambiasse la pagina iniziale.

Per quanto riguarda le altre cose hai provato anche a scansionare con Spybot e Adaware?

ehm... credo... :mc: non li ho! :doh:

:help:

andorra24

19-08-2005, 15:55

Spybot lo trovi qua:http://dw.com.com/redir?pid=10401314&merid=104443&mfgid=104443&ltype=dl_dlnow&lop=btn&edId=3&siteId=4&oId=3040-8022_4-10401314&ontId=8022_4&destUrl=http://www.download.com%2F3001-8022_4-10401314.html
Adaware qui:http://dw.com.com/redir?pid=10399602&merid=69274&mfgid=69274&ltype=dl_dlnow&lop=btn&edId=3&siteId=4&oId=3040-8022_4-10399602&ontId=8022_4&dlrs=1&destUrl=http://www.download.com%2F3001-8022_4-10399602.html
Dopo averli installati aggiornali e poi lanci la scansione.

Mist1987

19-08-2005, 16:03

Allora...

Ho scaricato ad-aware SE personal dal sito dalla Lavasoft.

Dopo aggiornamento e scansione ha trovato 2 cokiee e 3 spyware alexa. li metto in quarantena o li elimino subito?

PS: questo è il log

Ad-Aware SE Build 1.06r1
Logfile Created on:venerdì 19 agosto 2005 15.56.08
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R47 24.05.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):3 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

19/08/2005 15.56.08 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 632
ThreadCreationTime : 19/08/2005 10.19.33
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 684
ThreadCreationTime : 19/08/2005 10.19.35
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 19/08/2005 10.19.35
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 752
ThreadCreationTime : 19/08/2005 10.19.36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applicazione Servizi e Controller
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 764
ThreadCreationTime : 19/08/2005 10.19.36
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 940
ThreadCreationTime : 19/08/2005 10.19.36
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1052
ThreadCreationTime : 19/08/2005 10.19.37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1188
ThreadCreationTime : 19/08/2005 10.19.37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1220
ThreadCreationTime : 19/08/2005 10.19.37
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccsetmgr.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\
ProcessID : 1292
ThreadCreationTime : 19/08/2005 10.19.37
BasePriority : Normal
FileVersion : 103.0.0.52
ProductVersion : 103.0.0.52
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:11 [ccevtmgr.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\
ProcessID : 1408
ThreadCreationTime : 19/08/2005 10.19.38
BasePriority : Normal
FileVersion : 103.0.0.52
ProductVersion : 103.0.0.52
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1588
ThreadCreationTime : 19/08/2005 10.19.40
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Esplora risorse
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : EXPLORER.EXE

#:13 [spbbcsvc.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\SPBBC\
ProcessID : 1612
ThreadCreationTime : 19/08/2005 10.19.40
BasePriority : Normal
FileVersion : 1,0,1,25
ProductVersion : 1,0,1,25
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1776
ThreadCreationTime : 19/08/2005 10.19.41
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [ccapp.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\
ProcessID : 1924
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal
FileVersion : 103.0.0.52
ProductVersion : 103.0.0.52
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:16 [dvdlauncher.exe]
FilePath : C:\Programmi\CyberLink\PowerDVD\
ProcessID : 1936
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright (c) 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:17 [hkcmd.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1952
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal
FileVersion : 3,0,0,2104
ProductVersion : 7,0,0,2104
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2003, Intel Corporation
OriginalFilename : HKCMD.EXE

#:18 [qttask.exe]
FilePath : C:\Programmi\QuickTime\
ProcessID : 1964
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal
FileVersion : 6.0
ProductVersion : QuickTime 6.0
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2002
OriginalFilename : QTTask.exe

#:19 [daemon.exe]
FilePath : C:\Programmi\D-Tools\
ProcessID : 1972
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal

#:20 [incd.exe]
FilePath : C:\Programmi\Ahead\InCD\
ProcessID : 1992
ThreadCreationTime : 19/08/2005 10.19.42
BasePriority : Normal
FileVersion : 4, 0, 0, 37
ProductVersion : 4, 0, 0, 37
ProductName : InCD
CompanyName : Ahead Software AG
FileDescription : InCD
InternalName : InCD
LegalCopyright : Copyright (C) 2003 Ahead Software and its licensors
LegalTrademarks : InCD TM
OriginalFilename : InCD.exe

#:21 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2016
ThreadCreationTime : 19/08/2005 10.19.43
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:22 [msmsgs.exe]
FilePath : C:\Programmi\Messenger\
ProcessID : 2032
ThreadCreationTime : 19/08/2005 10.19.43
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:23 [msnmsgr.exe]
FilePath : C:\Programmi\MSN Messenger\
ProcessID : 2044
ThreadCreationTime : 19/08/2005 10.19.43
BasePriority : Normal
FileVersion : 7.0.0816
ProductVersion : 7.0.0816
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2005
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:24 [wzqkpick.exe]
FilePath : C:\Programmi\WinZip\
ProcessID : 344
ThreadCreationTime : 19/08/2005 10.19.44
BasePriority : Normal
FileVersion : 1.0 (32-bit)
ProductVersion : 9.0 (6028)
ProductName : WinZip
CompanyName : WinZip Computing, Inc.
FileDescription : WinZip Executable
InternalName : WZQKPICK.EXE
LegalCopyright : Copyright (c) WinZip Computing, Inc. 1991-2004 - All Rights Reserved
LegalTrademarks : WinZip is a registered trademark of WinZip Computing, Inc
OriginalFilename : WZQKPICK.EXE
Comments : StringFileInfo: U.S. English

#:25 [zonealarm.exe]
FilePath : C:\Programmi\Zone Labs\ZoneAlarm\
ProcessID : 448
ThreadCreationTime : 19/08/2005 10.19.44
BasePriority : Normal
FileVersion : 3.1.291
ProductVersion : 3.1.291
ProductName : ZoneAlarm
CompanyName : Zone Labs Inc.
FileDescription : ZoneAlarm
InternalName : zonealarm
LegalCopyright : Copyright © 1999-2002, Zone Labs Inc.
OriginalFilename : zonealarm.exe

#:26 [incdsrv.exe]
FilePath : C:\Programmi\Ahead\InCD\
ProcessID : 280
ThreadCreationTime : 19/08/2005 10.19.50
BasePriority : Normal

#:27 [navapsvc.exe]
FilePath : C:\Programmi\Norton AntiVirus\
ProcessID : 352
ThreadCreationTime : 19/08/2005 10.19.51
BasePriority : Normal
FileVersion : 11.0.0.43
ProductVersion : 11.0.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:28 [npfmntor.exe]
FilePath : C:\Programmi\Norton AntiVirus\IWP\
ProcessID : 460
ThreadCreationTime : 19/08/2005 10.19.51
BasePriority : Normal
FileVersion : 11.0.0.43
ProductVersion : 11.0.0
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:29 [savscan.exe]
FilePath : C:\Programmi\Norton AntiVirus\
ProcessID : 584
ThreadCreationTime : 19/08/2005 10.19.54
BasePriority : Normal
FileVersion : 9.4.0.39
ProductVersion : 9.4
ProductName : AutoProtect
CompanyName : Symantec Corporation
FileDescription : AutoProtect
InternalName : SAVSCAN
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : SAVSCAN.EXE

#:30 [sndsrvc.exe]
FilePath : C:\Programmi\File comuni\Symantec Shared\
ProcessID : 816
ThreadCreationTime : 19/08/2005 10.19.54
BasePriority : Normal
FileVersion : 5.4.0.36
ProductVersion : 5.4
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:31 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1140
ThreadCreationTime : 19/08/2005 10.19.55
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:32 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 2056
ThreadCreationTime : 19/08/2005 10.19.55
BasePriority : Normal
FileVersion : 3.1.291
ProductVersion : 3.1.291
ProductName : TrueVector Service
CompanyName : Zone Labs Inc.
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1999-2002, Zone Labs Inc.
OriginalFilename : vsmon.exe

#:33 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3432
ThreadCreationTime : 19/08/2005 10.21.11
BasePriority : Normal
FileVersion : 5.4.3630.1106 (xpsp1.020828-1920)
ProductVersion : 5.4.3630.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Client dell'aggiornamento automatico di Windows Update
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : wuauclt.exe

#:34 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 556
ThreadCreationTime : 19/08/2005 10.37.17
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:35 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3964
ThreadCreationTime : 19/08/2005 10.47.52
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE

#:36 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2692
ThreadCreationTime : 19/08/2005 12.11.42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE

#:37 [iexplore.exe]
FilePath : C:\Programmi\Internet Explorer\
ProcessID : 3188
ThreadCreationTime : 19/08/2005 12.21.32
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : IEXPLORE.EXE

#:38 [ewidoguard.exe]
FilePath : C:\Programmi\ewido\security suite\
ProcessID : 416
ThreadCreationTime : 19/08/2005 12.32.35
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright © 2004
OriginalFilename : guard.exe

#:39 [ewidoctrl.exe]
FilePath : C:\Programmi\ewido\security suite\
ProcessID : 3600
ThreadCreationTime : 19/08/2005 12.32.37
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:40 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2972
ThreadCreationTime : 19/08/2005 13.22.32
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Sistema operativo Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Blocco note
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. Tutti i diritti riservati.
OriginalFilename : NOTEPAD.EXE

#:41 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2800
ThreadCreationTime : 19/08/2005 13.54.47
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-1229272821-1844823847-839522115-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 3

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 3

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : proprietario@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 22/06/2009 2.00.00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : proprietario@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 19/01/2009 1.00.00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 5

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 5

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 5

15.59.34 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00.03.25.984
Objects scanned:79195
Objects identified:5
Objects ignored:0
New critical objects:5

andorra24

19-08-2005, 16:06

Puoi tranquillamente eliminarli.

Mist1987

19-08-2005, 16:24

Fatto.

Spybot mi ha invece trovato

alla voce alexa related

c\windows\web\related.htm

5 data source object exploit

1 cookie mediaplex

e 1 hkeyusers alla voce sfondi Italia

clicco su correggi problemi selezionati?

andorra24

19-08-2005, 16:27

Fatto.

Spybot mi ha invece trovato

alla voce alexa related

c\windows\web\related.htm

5 data source object exploit

1 cookie mediaplex

e 1 hkeyusers alla voce sfondi Italia

clicco su correggi problemi selezionati?

Si clicca li'.

Mist1987

19-08-2005, 16:30

Fatto...

ma ovviamente...

mi segnala ancora questi spyware al sito della zonelabs :muro:

MS Media Player ID

Component:

HKUS\DEFAULT\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

HKCU\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

e ora ha di nuovo ritrovato un cookie...

andorra24

19-08-2005, 16:42

Facciamo questa prova:apri windows media player, entra nel menu', vai in ''strumenti'' e poi in ''opzioni''. Ti si aprira' una finestra, entra dentro ''privacy'' e assicurati che non ci sia nessuna spunta nella casellina ''invia ID univoco windows media player ai provider di contenuti''. Premi applica e ok

Mist1987

19-08-2005, 16:46

Facciamo questa prova:apri windows media player, entra nel menu', vai in ''strumenti'' e poi in ''opzioni''. Ti si aprira' una finestra, entra dentro ''privacy'' e assicurati che non ci sia nessuna spunta nella casellina ''invia ID univoco windows media player ai provider di contenuti''. Premi applica e ok

Fatto...

Ma non era spuntato...

andorra24

19-08-2005, 16:58

Usi windows media player 10?

Mist1987

19-08-2005, 17:12

Usi windows media player 10?

sì

andorra24

19-08-2005, 17:20

Ma il tuo log di hijackthis era pulito e inoltre ewido,adaware e spybot non ti hanno trovato nessun problema riguardante MS media player. Il sito di zonelabs non e' detto che sia infallibile e forse si tratta di un falso positivo. Ma poi cosa ti dice zonelabs? Si limita a dirti che hai uno spyware senza darti nessuna soluzione?

Mist1987

19-08-2005, 17:24

Ma il tuo log di hijackthis era pulito e inoltre ewido,adaware e spybot non ti hanno trovato nessun problema riguardante MS media player.

Lo so, ma il fatto è che mi continua a far "nascere" questi cookie da non so dove...

Il sito di zonelabs non e' detto che sia infallibile e forse si tratta di un falso positivo. Ma poi cosa ti dice zonelabs? Si limita a dirti che hai uno spyware senza darti nessuna soluzione?

Veramente la soluzione me la dà... A 20 dollari...

E se vado su installa rimuovi applicazioni, elimino mediaplayer, faccio una nuova scansione con tutto e poi reinstallo mediaplayer?

andorra24

19-08-2005, 17:48

Lo so, ma il fatto è che mi continua a far "nascere" questi cookie da non so dove...

Veramente la soluzione me la dà... A 20 dollari...

E se vado su installa rimuovi applicazioni, elimino mediaplayer, faccio una nuova scansione con tutto e poi reinstallo mediaplayer?
Sinceramente mi sembra una soluzione un po' drastica e poi non e' detto che zonelabs sia la Bibbia. Il log e' pulito e 3 scansioni diverse non hanno trovato problemi riguardanti wmplayer. Forse e' un falso positivo

Mist1987

19-08-2005, 17:54

ok, allora va bene così...

spero solo che spegnendolo stasera non succeda nulla di grave^^

Grazie 1000 per tutto l'aiuto!

^_______________^

andorra24

19-08-2005, 17:58

ok, allora va bene così...

spero solo che spegnendolo stasera non succeda nulla di grave^^

Grazie 1000 per tutto l'aiuto!

^_______________^
Stai tranquillo, riavvia il pc e con calma ripeti singolarmente le scansioni che gia' hai fatto e se non ti trovano nulla vuol dire che sei a posto e non ti preoccupare. :)

Gianbi

12-09-2005, 01:26

Non so come si sia conclusa la vicenda, ma francamente non credo che il problema sia stato completamente risolto...

Purtroppo è uno "explorer" & co. sono uno spyware più brigoso del previsto e l'unico modo efficace per eliminarlo è utilizzare alcuni programmi:

prova a dare un'occhiata qui e fammi sapere...

Gianbi Zone Internet Private Zone (http://gianbizone.altervista.org/forum/viewtopic.php?p=1429#1429)

Ciao, spero di essere stato utile! :)