|
|||||||
|
|
|
 |
|
|
Strumenti |
02-11-2005, 17:19
|
#401 |
|
Senior Member
Iscritto dal: Aug 2005
Messaggi: 3435
|
Sì il dialer ha le radici in sysmon.exe. Ecco il risultato dello scan:
Scanning "sysmon.exe" Scanner results AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found Trojan.Downloader.AU ClamAV Found Trojan.Downloader.Small-811 Dr.Web Found DLOADER.Trojan (probable variant) F-Prot Antivirus Found W32/Downloader.UDW Fortinet Found nothing Kaspersky Anti-Virus Found Trojan-Downloader.Win32.Small.bsu NOD32 Found a variant of Win32/TrojanDownloader.Small.AWA Norman Virus Control Found nothing UNA Found nothing VBA32 Found Downloader.Small.1 (probable variant)
__________________
iMac 21.5 Base 2011 - iPhone 4S 16 GB - eBay @ 500 Feedbacks 100% positivi - Trattative mercatino - FAQ Powerline. |
|
|
|
02-11-2005, 17:32
|
#403 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
 potrebbe essere il file di sistema infettato,non per forza un eseguibile che era malware già di partenza....sarebbe meglio andare di ewido o stinger |
|
|
|
|
|
02-11-2005, 17:34
|
#404 | |
|
Senior Member
Iscritto dal: Aug 2005
Città: quella di Dante
Messaggi: 841
|
Quote:
|
|
|
|
|
|
02-11-2005, 17:35
|
#405 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
02-11-2005, 17:39
|
#406 | |
|
Senior Member
Iscritto dal: Aug 2005
Città: quella di Dante
Messaggi: 841
|
Quote:
|
|
|
|
|
|
02-11-2005, 17:40
|
#407 | |
|
Bannato
Iscritto dal: Mar 2004
Città: Galapagos Attenzione:utente flautolente,tienilo a mente
Messaggi: 28978
|
Quote:
|
|
|
|
|
|
02-11-2005, 21:08
|
#408 |
|
Member
Iscritto dal: Feb 2005
Messaggi: 53
|
Come postato e consigliato nel mio 3d posto in questo il mio log con ewido date un occhiata a cosa c'era!!!
E se potete datemi consigli!! Grazie ancora a tutti --------------------------------------------------------- ewido security suite - Rapporto Scansione --------------------------------------------------------- + Creato il: 22.04.29, 02/11/2005 + Report-Checksum: 678EFA56 + Risultati scansione: HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Pulito con Backup C:\Programmi\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Pulito con Backup C:\RECYCLED\Q330995.exe -> Dialer.Generic : Pulito con Backup C:\XP\system32\f3PSSavr.scr -> Spyware.MyWebSearch : Pulito con Backup C:\XP\system32\sysprint.exe -> Dialer.Generic : Pulito con Backup C:\Documents and Settings\orso\Impostazioni locali\Temp\help.chm -> Dialer.Generic : Pulito con Backup C:\Documents and Settings\orso\Impostazioni locali\Temporary Internet Files\Content.IE5\Y7ILEPS1\ass[2].html -> Not-A-Virus.Exploit.HTML.Mht : Pulito con Backup C:\Documents and Settings\orso\Impostazioni locali\Temporary Internet Files\Content.IE5\W37FM8P9\dropper[1].exe -> Dialer.Generic : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@burstnet[2].txt -> Spyware.Cookie.Burstnet : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@microsoftwga.112.2o7[2].txt -> Spyware.Cookie.2o7 : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@microsofteup.112.2o7[1].txt -> Spyware.Cookie.2o7 : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@com[2].txt -> Spyware.Cookie.Com : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@ads50.bpath[2].txt -> Spyware.Cookie.Bpath : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@ads20.bpath[2].txt -> Spyware.Cookie.Bpath : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@italia.hyperbanner[1].txt -> Spyware.Cookie.Hyperbanner : Pulito con Backup C:\Documents and Settings\orso\Cookies\orso@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Pulito con Backup C:\Documents and Settings\orso\Dati applicazioni\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fb5dbb4-2e8655bf.class -> Trojan.Java.ClassLoader.f : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012333.EXE -> Spyware.Wesbar : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012334.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012335.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012336.DLL -> Spyware.FunWeb : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012338.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012341.SCR -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012342.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012343.EXE -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012344.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012345.DLL -> Spyware.Wesbar : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012348.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012349.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP43\A0012352.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\System Volume Information\_restore{8975404D-B309-4ED4-8C2F-3548E5363204}\RP51\A0017763.DLL -> Spyware.MyWebSearch : Pulito con Backup C:\test.exe -> Dialer.Generic : Pulito con Backup ::Fine Rapporto |
|
|
|
|
02-11-2005, 21:13
|
#409 | |
|
Senior Member
Iscritto dal: Aug 2005
Città: quella di Dante
Messaggi: 841
|
Quote:
scaricati hijackthis dalla prima pagina,lo scompatti e fai "do a system scan and save a logfile" poi fai copia/incolla del log qui 
|
|
|
|
|
|
02-11-2005, 21:16
|
#410 |
|
Member
Iscritto dal: Feb 2005
Messaggi: 53
|
Scusate quello di prima è con dei prog aperti
Questo no Logfile of HijackThis v1.99.1 Scan saved at 22.18.37, on 02/11/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\XP\System32\smss.exe C:\XP\system32\csrss.exe C:\XP\system32\winlogon.exe C:\XP\system32\services.exe C:\XP\system32\lsass.exe C:\XP\System32\Ati2evxx.exe C:\XP\system32\svchost.exe C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe C:\XP\System32\svchost.exe C:\XP\System32\svchost.exe C:\XP\System32\svchost.exe C:\XP\system32\spoolsv.exe C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe C:\XP\system32\Ati2evxx.exe C:\XP\Explorer.EXE C:\Programmi\Alwil Software\Avast4\ashServ.exe C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe C:\XP\System32\svchost.exe C:\XP\System32\wdfmgr.exe C:\Programmi\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\XP\System32\syshelp.exe C:\XP\System32\ctfmon.exe C:\Programmi\Alwil Software\Avast4\ashWebSv.exe C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE C:\Programmi\Netropa\Multimedia Keyboard\TrayMon.exe C:\Programmi\Netropa\Onscreen Display\OSD.exe C:\Programmi\Internet Explorer\IEXPLORE.EXE C:\Programmi\ewido\security suite\ewidoctrl.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\orso\Impostazioni locali\Temp\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.it R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\XP\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Programmi\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Programmi\Netropa\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [REGSHAVE] C:\Programmi\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [ATIPTA] "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [DataLayer] C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [Systems] C:\XP\System32\syshelp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\XP\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSN] C:\Programmi\MSN\MSNCoreFiles\MSN6.EXE -email O4 - HKCU\..\Run: [PcSync] C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - Startup: Anti-Hijacker.lnk = C:\Programmi\Anti-Hijacker\AntiHijacker 1.2.EXE O4 - Global Startup: Exif Launcher.lnk = C:\Programmi\FinePixViewer\QuickDCF.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Programmi\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...p=ZNxdm414YYIT O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_05\bin\npjpi150_05.dll O12 - Plugin for .spop: C:\Programmi\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by110fd.bay110.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1126309009233 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1129419853937 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O17 - HKLM\System\CCS\Services\Tcpip\..\{DD48E3A8-7EBE-41A9-B49A-45AD2A3BA915}: NameServer = 62.94.0.1,62.94.0.2 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\XP\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\XP\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido\security suite\ewidoguard.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Programmi\Netropa\Multimedia Keyboard\nhksrv.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programmi\TuneUp Utilities 2006\WinStylerThemeSvc.exe Ultima modifica di Emjay : 02-11-2005 alle 21:19. |
|
|
|
|
02-11-2005, 21:19
|
#411 |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6387
|
comincia a mettere il SP2
poi un firewall e poi passa ad un browser più serio come Firefox
|
|
|
|
|
02-11-2005, 21:20
|
#412 |
|
Member
Iscritto dal: Feb 2005
Messaggi: 53
|
eheh non è mio il pc vorrei solo rimetterlo apposto anche solo momentaneamente
|
|
|
|
|
02-11-2005, 21:21
|
#413 | |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6387
|
Quote:
|
|
|
|
|
|
02-11-2005, 21:24
|
#414 | |
|
Senior Member
Iscritto dal: Aug 2005
Città: quella di Dante
Messaggi: 841
|
Quote:
O4 - HKLM\..\Run: [Systems] C:\XP\System32\syshelp.exe O15 - Trusted Zone: www.archiviosex.net O15 - Trusted Zone: www.redfunny.com O15 - Trusted Zone: www.skymasters.biz |
|
|
|
|
|
02-11-2005, 21:24
|
#415 |
|
Member
Iscritto dal: Feb 2005
Messaggi: 53
|
Mi basta solo che funzioni "regolarmente" senza quel msg che dicevo nel mio 3d
|
|
|
|
|
02-11-2005, 21:26
|
#416 | |
|
Senior Member
Iscritto dal: Aug 2005
Città: quella di Dante
Messaggi: 841
|
Quote:
è inutile rimettere a posto un sistema vulnerabile prima o poi ti beccherai qualcos'altro altrimenti |
|
|
|
|
|
02-11-2005, 21:27
|
#417 | |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6387
|
Quote:
te l'ho appena detto come fare....non ci vuole tanto SP2 lo scarichi in un oretta e poi lo butti su....cosi eviti tante cose.... se non lo fai domani sarai ancora qua a chiederci il xche  
|
|
|
|
|
|
02-11-2005, 21:27
|
#418 | |
|
Senior Member
Iscritto dal: Sep 2004
Messaggi: 6387
|
Quote:
|
|
|
|
|
|
02-11-2005, 21:30
|
#419 | |
|
Senior Member
Iscritto dal: Oct 2004
Città: Milano
Messaggi: 2641
|
Quote:
C:\XP\System32\syshelp.exe Pure questo mi sembra sospetto O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusear...?p=ZNxdm414YYIT
__________________
FOXYLADY è un MASCHIO!! Un amico è una persona che sa tutto di te e nonostante questo gli piaci |
|
|
|
|
|
02-11-2005, 21:34
|
#420 |
|
Member
Iscritto dal: Feb 2005
Messaggi: 53
|
Mi viene un dubbio non è che se installo la sp2 poi mi va in crash il pc?!?
Vista la fragilità del sistema!!! |
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 01:28.
