|
|||||||
|
|
|
 |
|
|
Strumenti |
14-10-2006, 10:07
|
#1 |
|
Member
Iscritto dal: Jul 2005
Messaggi: 49
|
SPYWARE che linka
Ciao! Ho uno spyware che non riesco ad eliminare! Crea 100 finestre con systemdoctor 2006 non appena faccio una riccerca su google ed inoltre inserisce dei links a siti vari nel bio blog!!!!!!!!!!!!! Non trovo soluzioni! Cosa dv afre? Ho scansionato cn vari antyspyware ma nulla! Vi alego Hijack ok? Grazie 1000!!
Logfile of HijackThis v1.99.1 Scan saved at 11.06.57, on 14/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Programmi\AntiVir PersonalEdition Classic\sched.exe C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Programmi\HP\HP Software Update\HPWuSchd2.exe C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe F:\Programmi\Winamp\winampa.exe C:\Programmi\mobile PhoneTools\WatchDog.exe C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\devldr32.exe C:\WINDOWS\system32\ctfmon.exe C:\Programmi\MSN Messenger\msnmsgr.exe C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe C:\Documents and Settings\-\Desktop\FixLinkopt.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\-\Documenti\Download\hijackthis_199\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.alice.it/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O1 - Hosts: 205.238.40.51 www.winmx.com err.winmx.com O1 - Hosts: 205.238.40.2 test3201.winmx.com test3205.winmx.com O1 - Hosts: 205.238.40.2 test3202.winmx.com test3206.winmx.com O1 - Hosts: 205.238.40.1 test3203.winmx.com test3207.winmx.com O1 - Hosts: 82.43.224.20 test3204.winmx.com test3208.winmx.com O1 - Hosts: 205.238.40.2 c3310.z1301.winmx.com c3310.z1302.winmx.com c3310.z1303.winmx.com c3310.z1304.winmx.com c3310.z1305.winmx.com c3310.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3313.z1301.winmx.com c3313.z1302.winmx.com c3313.z1303.winmx.com c3313.z1304.winmx.com c3313.z1305.winmx.com c3313.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3316.z1301.winmx.com c3316.z1302.winmx.com c3316.z1303.winmx.com c3316.z1304.winmx.com c3316.z1305.winmx.com c3316.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3311.z1301.winmx.com c3311.z1302.winmx.com c3311.z1303.winmx.com c3311.z1304.winmx.com c3311.z1305.winmx.com c3311.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3314.z1301.winmx.com c3314.z1302.winmx.com c3314.z1303.winmx.com c3314.z1304.winmx.com c3314.z1305.winmx.com c3314.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3317.z1301.winmx.com c3317.z1302.winmx.com c3317.z1303.winmx.com c3317.z1304.winmx.com c3317.z1305.winmx.com c3317.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3312.z1301.winmx.com c3312.z1302.winmx.com c3312.z1303.winmx.com c3312.z1304.winmx.com c3312.z1305.winmx.com c3312.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3315.z1301.winmx.com c3315.z1302.winmx.com c3315.z1303.winmx.com c3315.z1304.winmx.com c3315.z1305.winmx.com c3315.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3318.z1301.winmx.com c3318.z1302.winmx.com c3318.z1303.winmx.com c3318.z1304.winmx.com c3318.z1305.winmx.com c3318.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3319.z1301.winmx.com c3319.z1302.winmx.com c3319.z1303.winmx.com c3319.z1304.winmx.com c3319.z1305.winmx.com c3319.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3520.z1301.winmx.com c3520.z1302.winmx.com c3520.z1303.winmx.com c3520.z1304.winmx.com c3520.z1305.winmx.com c3520.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3523.z1301.winmx.com c3523.z1302.winmx.com c3523.z1303.winmx.com c3523.z1304.winmx.com c3523.z1305.winmx.com c3523.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3526.z1301.winmx.com c3526.z1302.winmx.com c3526.z1303.winmx.com c3526.z1304.winmx.com c3526.z1305.winmx.com c3526.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3521.z1301.winmx.com c3521.z1302.winmx.com c3521.z1303.winmx.com c3521.z1304.winmx.com c3521.z1305.winmx.com c3521.z1306.winmx.com O1 - Hosts: 205.238.40.2 c3524.z1301.winmx.com c3524.z1302.winmx.com c3524.z1303.winmx.com c3524.z1304.winmx.com c3524.z1305.winmx.com c3524.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3527.z1301.winmx.com c3527.z1302.winmx.com c3527.z1303.winmx.com c3527.z1304.winmx.com c3527.z1305.winmx.com c3527.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3522.z1301.winmx.com c3522.z1302.winmx.com c3522.z1303.winmx.com c3522.z1304.winmx.com c3522.z1305.winmx.com c3522.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3525.z1301.winmx.com c3525.z1302.winmx.com c3525.z1303.winmx.com c3525.z1304.winmx.com c3525.z1305.winmx.com c3525.z1306.winmx.com O1 - Hosts: 205.238.40.1 c3528.z1301.winmx.com c3528.z1302.winmx.com c3528.z1303.winmx.com c3528.z1304.winmx.com c3528.z1305.winmx.com c3528.z1306.winmx.com O1 - Hosts: 82.43.224.20 c3529.z1301.winmx.com c3529.z1302.winmx.com c3529.z1303.winmx.com c3529.z1304.winmx.com c3529.z1305.winmx.com c3529.z1306.winmx.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [WinampAgent] f:\Programmi\Winamp\winampa.exe O4 - HKLM\..\Run: [WatchDog] C:\Programmi\mobile PhoneTools\WatchDog.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\MSN Messenger\msnmsgr.exe" /background O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\npjpi150_06.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1A6E65D4-5A99-41D7-966A-2535F809F58F}: NameServer = 85.37.17.11 85.38.28.69 O17 - HKLM\System\CS1\Services\Tcpip\..\{1A6E65D4-5A99-41D7-966A-2535F809F58F}: NameServer = 85.37.17.11 85.38.28.69 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe |
|
|
14-10-2006, 10:22
|
#2 |
|
Member
Iscritto dal: Jan 2006
Messaggi: 227
|
1. Sezione sbagliata ... c'è il thread apposito
 2. Hai un firewall???  3. Mai pensato ad un antispyware??? 
__________________
Windows Vista Home Premium @ Firefox 2 @ Avast Home 4.8 @ Windows Firewall @ Windows Defender |
|
|
|
14-10-2006, 10:33
|
#3 |
|
Member
Iscritto dal: Jul 2005
Messaggi: 49
|
sorry! cmq sì ho il firewaal di windows e ho scansioanto con numerosi tool appositi hijack come lo vedi?? qualcosa da fixare? grazie
|
|
|
|
14-10-2006, 11:36
|
#4 | |
|
Member
Iscritto dal: Jan 2006
Messaggi: 227
|
Quote:
Alla fine fai di nuovo una scansione antispyware completa.
__________________
Windows Vista Home Premium @ Firefox 2 @ Avast Home 4.8 @ Windows Firewall @ Windows Defender |
|
|
|
|
14-10-2006, 14:17
|
#5 |
|
Bannato
Iscritto dal: Sep 2006
Città: Palermo
Messaggi: 1241
|
secondo l'analizzatore cè ne sono 1 bel po di sospetti!!!
Quindi rifai l'analisi e posta il log qui : http://www.hijackthis.de/index.php Ciao come antispyware usa spybot da qui :http://www.spybot.info/it/download/index.html o Ewido da qui : http://www.ewido.net/en/ ewido è stato comprato da AVG.. poi come firewall usa zone alarm  da qui : http://www.zonelabs.com/store/conten...n&lid=db_trialCiao e buona fortuna
|
|
|
|
14-10-2006, 14:25
|
#6 |
|
Senior Member
Iscritto dal: Sep 2006
Messaggi: 7030
|
Aggiungici una passata con Ad Aware http://www.lavasoftusa.com/products/...e_personal.php
__________________
|
|
|
|
14-10-2006, 17:21
|
#7 |
|
Senior Member
Iscritto dal: Nov 2001
Città: Bastia Umbra (PG)
Messaggi: 6395
|
thread ufficiale per i log di hijackthis
__________________
:: Il miglior argomento contro la democrazia è una conversazione di cinque minuti con l'elettore medio :: |
|
|
|
14-10-2006, 17:22
|
#8 | |
|
Senior Member
Iscritto dal: Feb 2003
Città: Perugia [Città della Pieve]
Messaggi: 7279
|
Quote:
__________________
2 cdj 850, 2 technics 1200 mkII, 1 mixer djm 700 s, 1 monocuffia sony mdr-xc5000, una collezione di vinili appena cominciata...
...Let the music play... |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 23:56.
