Pc monitorato

di **ellen** » 11/02/06 16:53

Il mio pc utilizza per la connessione ad internet una rete lan domestica e quindi diciamo che mi connetto attraverso il pc di mio fratello. Qualche giorno fa ho scoperto che lui sta monitorando il mio pc....

Come liberarmi di questa seccatura?

di **ellen** » 11/02/06 23:19

Ecco il log hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 23.11.46, on 11/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Norton AntiVirus\navapsvc.exe
C:\Programmi\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Programmi\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
C:\Programmi\File comuni\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\lotus\smartctr\smartctr.exe
C:\lotus\register\remind32.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\Programmi\HJ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Programmi\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Programmi\DAP\DAPIEBar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programmi\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\MSN Apps\MSN Toolbar\01.02.4000.1001\it\msntb.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [Ulead Memory Card Detector] C:\Programmi\Ulead Systems\Ulead Photo Explorer 7.0\Monitor.exe
O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"
O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe
O4 - HKLM\..\Run: [ccApp] "C:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Anti-keylogger 7.1] C:\Programmi\Anti-keylogger\Anti-keylogger.exe /autorun
O4 - HKLM\..\Run: [SpySweeper] "C:\Programmi\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Buongiorno] C:\Documents and Settings\Bruno\Desktop\colleg\buongiorno\Buongiorno.exe
O4 - Startup: Registrazione elettronica Corel® - Corel® Custom Photo.lnk = C:\Programmi\Corel\Custom Photo\Register\Remind32.exe
O4 - Global Startup: Controllo del Calendario di Ulead Photo Express.lnk = C:\Programmi\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: Corel Family & Friends Reminders.LNK = C:\Programmi\Corel\Print House Magic\cffrem.exe
O4 - Global Startup: Image Fox Trial Version.lnk = ?
O4 - Global Startup: Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe
O4 - Global Startup: Lotus SmartCenter.lnk = C:\lotus\smartctr\smartctr.exe
O4 - Global Startup: Lotus SuiteStart.lnk = C:\lotus\smartctr\suitest.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Registrazione Lotus SmartSuite Versione 9.lnk = C:\lotus\register\remind32.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Programmi\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9946977515
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9931020765
O17 - HKLM\System\CCS\Services\Tcpip\..\{08863DD8-1C83-4008-ABDA-E8F3DF616A4C}: NameServer = 192.168.0.1
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Servizio Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Programmi\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Programmi\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\Security Center\SymWSC.exe

di **Mikizo** » 12/02/06 00:07

Dal log di HiJack This vanno sicuramente fissate queste due voci:

O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Programmi\DAP\DAPBHO.dll

O4 - HKLM\..\Run: [LanGuard] "C:\WINDOWS\languard.exe"

Inoltre se non sai a cosa si riferiscono, ci sarebbero anche queste:

O4 - HKLM\..\Run: [cpds] C:\WINDOWS\cpds.exe (molto dubbia)

O4 - HKLM\..\Run: [Anti-keylogger 7.1] C:\Programmi\Anti-keylogger\Anti-keylogger.exe /autorun

O4 - HKCU\..\Run: [Buongiorno] C:\Documents and Settings\Bruno\Desktop\colleg\buongiorno\Buongiorno.exe (inutile)

O4 - Global Startup: Image Fox Trial Version.lnk = ?

O4 - Global Startup: Lotus QuickStart.lnk =

C:\lotus\wordpro\ltsstart.exeO4 - Global Startup: Registrazione Lotus
SmartSuite Versione 9.lnk = C:\lotus\register\remind32.exe (inutile)

Comunque non so se fissare queste voci serva a non far "monitorare" il pc a tuo fratello... soprattutto se non ci spieghi in che senso lo sta monitorando e come hai fatto a capirlo.

di **ellen** » 12/02/06 01:08

Grazie!
Cancellerò le voci che mi hai segnalato.
Per quanto riguarda il monitoraggio c'è da dire che ho beccato Activity monitor sul suo pc. Inutile dire che ho passato da un pezzo l'età della "fascia protetta"... Trovo semplicemente molto seccante che qualcuno ficchi il naso sul mio pc, e non per motivi particolari ma semplicemente perchè non è giusto. :neutral:

di **Mikizo** » 12/02/06 01:27

Ma che io sappia Activity monitor può monitorare tutto quanto viene fatto sul pc sul quale è installato, non su altri pc eventualmente collegati in rete.
In ogni caso molto dipende sicuramente dal modo in cui è fatta la rete.

di **ellen** » 12/02/06 02:06

Devo confessare che ne capisco davvero poco di come è fatta la rete ma questo è un estratto del file read me del programma in questione:

Deep Software

Activity Monitor version 3.8

This is an application for real time monitoring of users activities
on network computers and for employees work time tracking.
Administrators can view typing keystrokes in real time, take
snapshots of the remote screen at will, view all running programs
and monitor when user switches between them, copy any files from
remote PC, view visited web sites, terminate processes, send instant
messages and control computers remotely.
User activities can be continuously recorded in the log file on the
remote workstations, that can be downloaded anytime later or automatically
by schedule. Log files can be combined and exported to HTML, Excel
or CSV formats.
Reports show what programs users started and how long they worked with
each one; total time spent in every program during report period;
keystrokes typed in every program including email and chats;
screenshots; visited websites and more.

PROGRAM FEATURES:

- Real time keystrokes monitoring
- Viewing the desktop from the remote workstations in real time
- Monitor Internet surfing on the remote computers in real time
- Install Agent (software client part) remotely in silent mode
- View the list of running applications and terminate any of them
- Record activity log on the remote PC
- Autodetect computers with installed Agents on a LAN and
manage computers list
- Analyze logs with MS Excel to get information about, for example,
for how long user played games or was surfing the Web at worktime
- Configurable logs export to HTML with embedded screenshots for viewing
in browser
- Configurable logs export to delimited text files (CSV format).
- Copy any files, including logs and screenshots from remote computers
- Schedule automatic periodical log file downloads and export
- Shut down or reboot computers remotely, Log Off user
- Send instant messages to monitored computers
- Monitor all users on LAN simultaneously from a single PC
- Agent running on remote PC is difficult to find since it does not
show up in the task list (on Win9X)
- Run commands/programs on remote computers, open web sites/documents
for the remote users to view
- Shut down or uninstall Agent software remotely
- Easy to install and use
- Agent runs on Windows 95/98/Me/NT/2000/XP/Server2003.
Activity Monitor part runs on 98/Me/NT/2000/XP/Server 2003

Per curiosità sono anche andata a vedere il sito, e c'è molto di più...
In ogni caso vorrei sapere se davvero questo programma è così "impossibile da rilevare e rimuovere" come viene pubblicizzato... :mmmh:

di **fabrizius** » 12/02/06 10:29

io so che Activity Monitor é un utility lan di sicurezza che permette all'amministratore di monitorare tutto quello che viene fatto su uno o piu terminali della propria rete lan,anche in modo automatizzato a ore e giorni specifici o addirittura per utenti specifici

ciao

di **ellen** » 12/02/06 19:43

Infatti proprio di questo si tratta: essere monitorati... Non so a voi, ma a me non piace :aaah

di **fabrizius** » 12/02/06 20:03

credo non piaccia a nessuno

Pc monitorato

Pc monitorato

Chi c’è in linea