Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Client di posta .......impazzito??

Client di posta .......impazzito?? Opzioni
Topic Precedente · Topic Sucessivo
silvia65
Inviato: Saturday, January 31, 2015 10:53:33 PM

Rank: Newbie

Iscritto dal : 1/31/2015
Posts: 1
Buonasera.
Ho bisogno del vostro aiuto per risolvere un problema con il mio indirizzo e-mail, da cui partono delle e-mail che io non ho esplicitamente inviato .Anxious

Io accedo alla mia posta in vari modi : 1) usando un client (OUTLOOK 2007), 2) via internet con browser (https://login.libero.it/) , 3) da cellulare con SO Android (via internet ma anche via client).
Me ne sono accorta, grazie al blocco del mio indirizzo e-mail fatto da alcuni ‘destinatari’ dei miei ‘involontari ‘messaggi.
Visto che tali messaggi sembrano relativi alla rubrica dei contatti di OUTLOOK ho pensato che sul PC su cui è installato ci fosse qualche virus.
Ovviamente come prima cosa ho cambiato la password.
Inoltre mentre prima la tenevo memorizzata nella definizione dell’account del client OULOOK ora l'ho eliminata e la digito ogni volta, ma non sono so se serva a qualcosa.

Leggendo qua e la come prima cosa ho scaricato e fatto girare Malwarebytes e questo che segue è il suo log di quarantena
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 29/01/2015
Scan Time: 21:40:02
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.29.10
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: GIGABYTE

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 567388
Time Elapsed: 19 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Local\FilesFrog Update Checker\update_checker.exe, 3896, , [7bb3a459c8c17eb80ca6d86dbe45c23e]

Modules: 0
(No malicious items detected)

Registry Keys: 3
PUP.Optional.Somoto, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FilesFrog Update Checker, , [2806609d1871ce68f96a2205ac545ca4],
PUP.Optional.Somoto.A, HKU\S-1-5-21-2683850997-1415065455-2352851017-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Somoto, , [f33b38c50f7a6dc9b8a22d65de252fd1],
PUP.Optional.Somoto.A, HKU\S-1-5-21-2683850997-1415065455-2352851017-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP, , [c06e8b72f3964beb6fc8f4ecb153f10f],

Registry Values: 1
PUP.Optional.Somoto.A, HKU\S-1-5-21-2683850997-1415065455-2352851017-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOMOTO\SDP|affid, network_smb_adflyit, , [c06e8b72f3964beb6fc8f4ecb153f10f]

Registry Data: 0
(No malicious items detected)

Folders: 2
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Local\FilesFrog Update Checker, , [7bb3a459c8c17eb80ca6d86dbe45c23e],
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker, , [c36ba954f693f046fdb62223b350e31d],

Files: 12
PUP.Optional.Somoto.A, C:\Users\GIGABYTE\AppData\Local\Temp\nsi6E50.tmp, , [74ba87760386b086cc1087b5f40d649c],
PUP.Optional.Somoto, C:\Users\GIGABYTE\AppData\Local\Temp\UpdateCheckerSetup.exe, , [43ebd12cfc8d95a1fe655ccb50b0ae52],
PUP.Optional.OpenCandy, C:\Users\GIGABYTE\AppData\Local\Temp\DTLite4471-0333.exe, , [012df00dd0b9eb4bf6dc547c9e67629e],
PUP.Optional.Delta.A, C:\Users\GIGABYTE\AppData\Local\Temp\is1275519350\DeltaTB.exe, , [1d118a737e0b87afc2accc604eb3cc34],
PUP.Optional.InstallCore.A, C:\Users\GIGABYTE\AppData\Local\Temp\is1275519350\Hoolapp.exe, , [4be3b24b4b3e3df96621d56526db14ec],
PUP.Optional.Wajam.A, C:\Users\GIGABYTE\AppData\Local\Temp\is1275519350\wajam_download.exe, , [42ecd6275f2a979fcd8b6add3ec258a8],
PUP.Optional.OpenCandy, C:\Users\Silvia\AppData\Local\Temp\DTLite4481-0347.exe, , [6dc1e6172b5e39fd6d65f1df5ea705fb],
PUP.Optional.Somoto, C:\Users\GIGABYTE\AppData\Local\FilesFrog Update Checker\uninstall.exe, , [2806609d1871ce68f96a2205ac545ca4],
PUP.Optional.Somoto.A, C:\Windows\System32\Tasks\SomotoUpdateCheckerAutoStart, , [65c91be291f8a096879ffc8c9d666b95],
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Local\FilesFrog Update Checker\update_checker.exe, , [7bb3a459c8c17eb80ca6d86dbe45c23e],
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Check for Updates.lnk, , [c36ba954f693f046fdb62223b350e31d],
PUP.Optional.FilesFrog.A, C:\Users\GIGABYTE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker\Uninstall.lnk, , [c36ba954f693f046fdb62223b350e31d],

Physical Sectors: 0
(No malicious items detected)


(end)

Ho poi fatto girare anche HijackThis e allego il suo LOG

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 19:26:35, on 31/01/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)

FIREFOX: 35.0.1 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Users\GIGABYTE\Desktop\HijackThis.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETCall.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8026 bytes

Allego anche una delle e-mail di ritorno che mi ha fatto scoprire la cosa
Da: Mail Delivery System [mailto:Mailer-Daemon@host2.richardearledetails.com]
Inviato: mercoledꞲ8 gennaio 2015 21:45
A: silvia_pirro@libero.it
Oggetto: Mail delivery failed: returning message to sender

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

paolopediatra@gmail.com
SMTP error from remote mail server after end of data:
host gmail-smtp-in.l.google.com [74.125.69.27]:
550-5.7.1 [209.188.90.42 12] Our system has detected that this message is
550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to Gmail,
550-5.7.1 this message has been blocked. Please visit
550-5.7.1 http://support.google.com/mail/bin/answer.py?hl=en&answer=188131 for
550 5.7.1 more information. ci9si4633513icc.35 - gsmtp

------ This is a copy of the message, including all the headers. ------

Return-path: <silvia_pirro@libero.it>
Received: from [2.132.18.150] (port=51763 helo=smtp.regularhero.org)
by host2.richardearledetails.com with esmtpsa (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.84)
(envelope-from <silvia_pirro@libero.it>)
id 1YGZTr-0003J6-0j
for paolopediatra@gmail.com; Wed, 28 Jan 2015 14:44:55 -0600
Message-ID: <D0B5D06B4CB2A5FAEEC88154714F89E1@smtp.regularhero.org>
From: "silvia_pirro" <silvia_pirro@libero.it>
To: "paolopediatra" <paolopediatra@gmail.com>
Subject: =?ISO-8859-1?Q?FW=3Ajohn9?=
Date: Tue, 28 Jan 2015 09:44:54 +0000
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_010E_97A4DF31.537C2397"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 16.4.3522.110
X-MIMEOLE: Produced By Microsoft MimeOLE V16.4.3522.110

This is a multi-part message in MIME format.

------=_NextPart_000_010E_97A4DF31.537C2397
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable


http://jdglobalimpex.com/dxuujvpf/lcxzigdjfqttrkfdrfgarcfyldedks.dytrynfbhsns=
mupvbchuriwvjgivcvjiflqpwmy















silvia_pirro@libero.it

1/28/2015 9:44:54 PM
------=_NextPart_000_010E_97A4DF31.537C2397
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

=EF=BB=BF<HTML><HEAD><META http-equiv=3D"content-type" content: text/html;= charset=3DUTF-8></HEAD><BODY><br> <a href= =3D"http://jdglobalimpex.com/dxuujvpf/lcxzigdjfqttrkfdrfgarcfyldedks.dytrynfbh=
snsmupvbchuriwvjgivcvjiflqpwmy">http://jdglobalimpex.com/dxuujvpf/lcxzigdjfqtt=
rkfdrfgarcfyldedks.dytrynfbhsnsmupvbchuriwvjgivcvjiflqpwmy</a>=
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br> = silvia_pirro@libero.it <br><br> 1/28/2015 9:44:54 PM</BODY></HTML>

------=_NextPart_000_010E_97A4DF31.537C2397--


Cosa altro posso fare?

Aspetto suggerimenti.........Pray

P.S.
Come antivirus uso quello Microsoft Security Essential e come Firewall Windows Firewall.
Torna in alto
 
Sponsor
Inviato: Saturday, January 31, 2015 10:53:33 PM

 
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Client di posta .......impazzito??


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.