PDA

Visualizza versione completa : [Email] Adware che manda email a raffica


gutguy
23-01-2007, 17.02.58
Ciao,
Sembra che abbia preso un adware che invia email direttamente dal mio pc, perchŔ da qualche giorno quando spedisco un messaggio il destinatario lo riceve solo dopo qualche ora mentre prima in pochi minuti arrivava (e il problema ce l'ho con tutti i destinatari di posta).
Il problema a detta da chi gestisce il server mail che utilizzo Ŕ che dal mio pc vengono mandati 200 e passa messeggi che vanno in coda e quindi il destinatario riceve i miei messaggi solo dopo che la coda si Ŕ liberata.
Ho lanciato qualsiasi antiadware (spybots&d, adware ecc) ma non trova nulla di particolare aparte qualche cookie. A questo punto non so quale sia l'adware che ho effettivamente preso, perchŔ non lo riesco ad individuare, e senza il mone non posso risalire alla cura.

Grazie a chi risponderÓ.

crazy.cat
23-01-2007, 19.05.29
Pi¨ che un adware magari Ŕ un virus.
Posta un log della scansione di hijackthis, poi vediamo come proseguire.

gutguy
24-01-2007, 10.34.23
Logfile of HijackThis v1.99.1
Scan saved at 10.47.29, on 24/01/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
C:\Programmi\VERITAS\Backup Exec\RANT\beremote.exe
C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.e xe
C:\WINNT\System32\cisvc.exe
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
C:\Programmi\CA\eTrust Antivirus\InoRT.exe
C:\Programmi\CA\eTrust Antivirus\InoTask.exe
C:\WINNT\System32\llssrv.exe
C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\system32\ntfrs.exe
C:\oracle\ora81\bin\dbsnmp.exe
C:\oracle\ora81\bin\vppdc.exe
C:\oracle\ora81\BIN\TNSLSNR.exe
c:\oracle\ora81\bin\ORACLE.EXE
c:\oracle\ora81\bin\ORACLE.EXE
C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZipm12. exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
c:\saprouter\saprouter.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\snmp.exe
C:\hp\hpsmh\bin\smhstart.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\system32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\system32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\WINNT\System32\dns.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\system32\sysdown.exe
C:\WINNT\system32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\rsvp.exe
C:\WINNT\Explorer.EXE
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\hpsmhd.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\hp\hpsmh\bin\rotatelogs.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\cidaemon.exe
C:\RelayFax\app\RelayFax.exe
C:\WINNT\system32\RFENGINE.EXE
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\administrator.MOMA\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O3 - Toolbar: @msdxmLC.dll,-1@1040,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://eu-housecall.trendmicro-europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1153226326343
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153227039953
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = moma.locale
O17 - HKLM\System\CCS\Services\Tcpip\..\{6F403125-4104-405F-B2EE-B0050B076DB2}: NameServer = 192.168.0.200,192.168.0.82
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = moma.locale
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = moma.locale
O23 - Service: APC PBE Agent (APCPBEAgent) - APC - C:\PROGRA~1\APC\POWERC~1\agent\pbeagent.exe
O23 - Service: APC PBE Server (APCPBEServer) - APC - C:\PROGRA~1\APC\POWERC~1\server\PBESER~1.EXE
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - Symantec Corporation - C:\Programmi\VERITAS\Backup Exec\RANT\beremote.exe
O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates International Inc. - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmt.e xe
O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates International Inc. - C:\Programmi\CA\SharedComponents\CA_LIC\lic98rmtd. exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\system32\CPQNiMgt\cpqnimgt.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe
O23 - Service: HP Insight Foundation Agents (CqMgHost) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\system32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Servizio amministrativo di Gestione disco logico (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: eTrust Antivirus Admin Server (InoNmSrv) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoNmSrv.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Programmi\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Programmi\CA\SharedComponents\CA_LIC\LogWatNT.e xe
O23 - Service: OracleOraHome81Agent - Oracle Corporation - C:\oracle\ora81\bin\dbsnmp.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: OracleOraHome81CMAdmin - Unknown owner - C:\oracle\ora81\BIN\CMADMIN.EXE
O23 - Service: OracleOraHome81CMan - Unknown owner - C:\oracle\ora81\BIN\CMGW.EXE
O23 - Service: OracleOraHome81DataGatherer - Oracle Corporation - C:\oracle\ora81\bin\vppdc.exe
O23 - Service: OracleOraHome81PagingServer - Unknown owner - C:\oracle\ora81/bin/pagntsrv.exe
O23 - Service: OracleOraHome81TNSListener - Unknown owner - C:\oracle\ora81\BIN\TNSLSNR.exe
O23 - Service: OracleServiceP2TS - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: OracleServicePITE - Oracle Corporation - c:\oracle\ora81\bin\ORACLE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\spool\DRIVERS\W32X86\3\HPZipm12. exe
O23 - Service: RelayFax Server Engine (RelayFax) - Alt-N Technologies, Ltd. - C:\RelayFax\app\RelayFax.exe
O23 - Service: SAPRouter - Unknown owner - c:\saprouter\saprouter.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\system32\sysdown.exe
O23 - Service: HP System Management Homepage (SysMgmtHp) - Hewlett-Packard Company - C:\hp\hpsmh\bin\smhstart.exe