Condividi:        

AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 28/12/08 21:02

Salve a tutti, ho il problema con un altro pc, che si aprono svariate pagine web mentre navigo, ditemi dettagliatamente cosa fare e cosa utilizzare, allego il log di hjackthis, saluti.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.58.16, on 28/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Programmi\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\documents and settings\utente1\impostazioni locali\dati applicazioni\kuyawmw.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\Utente1\Desktop\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Programmi\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programmi\File comuni\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [kuyawmw] "c:\documents and settings\utente1\impostazioni locali\dati applicazioni\kuyawmw.exe" kuyawmw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9911857946
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\WIDCOMM\Software Bluetooth\bin\btwdins.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O24 - Desktop Component 0: (no name) - http://upload.wikimedia.org/wikipedia/i ... _rossa.png

--
End of file - 8940 bytes
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Sponsor
 

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 28/12/08 22:00

Ciao, segui il consiglio dato a jhonny70 per l'uso di combofix. Posta poi il report della scansione.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 31/12/08 11:14

Salve, allego log combofix, ditemi cosa fare dettagliatamente, grazie.




ComboFix 08-12-30.02 - Utente1 2008-12-31 10.44.55.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.511.225 [GMT 1:00]
Eseguito da: c:\documents and settings\Utente1\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\kuyawmw.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\kuyawmw.exe
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\kuyawmw_nav.dat
c:\documents and settings\Utente1\Impostazioni locali\Dati applicazioni\kuyawmw_navps.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\mdm.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-11-28 al 2008-12-31 )))))))))))))))))))))))))))))))))))
.

2008-12-28 14:30 . 2008-12-28 14:30 <DIR> d-------- c:\programmi\Lphant
2008-12-19 15:30 . 2008-12-19 15:30 <DIR> d-------- c:\windows\system32\SupportApp
2008-12-19 15:30 . 2008-12-19 15:30 <DIR> d-------- c:\windows\system32\detectcard
2008-12-19 15:30 . 2008-12-23 15:52 <DIR> d-------- c:\programmi\N501HS Wizard
2008-12-19 15:30 . 2007-04-26 09:55 92,928 --a------ c:\windows\system32\drivers\ONDAUsbNmea.sys
2008-12-19 15:30 . 2007-04-26 09:55 92,928 --a------ c:\windows\system32\drivers\ONDAUsbModem.sys
2008-12-19 15:30 . 2007-04-26 09:55 92,928 --a------ c:\windows\system32\drivers\ONDAUsbDiag.sys
2008-11-10 10:23 . 2008-11-10 10:24 <DIR> d-------- c:\programmi\Microsoft CAPICOM 2.1.0.2
2008-11-09 12:23 . 2008-11-09 12:23 <DIR> d-------- c:\programmi\MSXML 4.0
2008-11-09 11:52 . 2008-11-09 11:52 <DIR> d-------- c:\documents and settings\NetworkService\Menu Avvio
2008-11-09 11:50 . 2008-11-09 12:20 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-11-09 11:50 . 2008-06-14 18:59 272,768 -----c--- c:\windows\system32\dllcache\bthport.sys
2008-11-09 11:48 . 2008-05-01 15:31 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll
2008-11-07 15:14 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-11-07 15:14 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-11-07 15:14 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 12:28 --------- d-----w c:\programmi\eMule
2008-12-19 14:30 --------- d--h--w c:\programmi\InstallShield Installation Information
2008-11-10 19:34 17,166,280 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_11_10_20_33_07_full.dmp.zip
2008-11-04 14:07 --------- d-----w c:\programmi\PokerStars.NET
2008-10-28 10:52 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-10-23 12:59 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-19 20:55 17,618,618 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_10_19_22_54_16_full.dmp.zip
2008-10-16 20:04 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-24 13:49 20,870,230 ----a-w c:\windows\Internet Logs\vsmon_on_demand_2008_09_24_15_05_37_full.dmp.zip
2008-09-15 15:38 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:44 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2002-07-26 16:02 153,088 ----a-w c:\programmi\UNWISE.EXE
2007-11-28 19:53 67,696 ----a-w c:\programmi\mozilla firefox\components\jar50.dll
2007-11-28 19:53 54,376 ----a-w c:\programmi\mozilla firefox\components\jsd3250.dll
2007-11-28 19:53 34,952 ----a-w c:\programmi\mozilla firefox\components\myspell.dll
2007-11-28 19:53 46,720 ----a-w c:\programmi\mozilla firefox\components\spellchk.dll
2007-11-28 19:53 172,144 ----a-w c:\programmi\mozilla firefox\components\xpinstal.dll
2007-05-24 16:41 56 --sh--r c:\windows\system32\58CB09CBF4.sys
2008-01-14 23:09 3,350 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 202024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2003-07-15 110592]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2003-07-15 618496]
"ATIPTA"="c:\programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-11-13 335872]
"Cpqset"="c:\programmi\HPQ\Default Settings\cpqset.exe" [2003-07-17 184412]
"UpdateManager"="c:\programmi\File comuni\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\programmi\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-12-14 221184]
"LogitechVideoRepair"="c:\programmi\Logitech\Video\ISStart.exe" [2004-12-14 458752]
"LogitechVideoTray"="c:\programmi\Logitech\Video\LogiTray.exe" [2004-12-14 217088]
"ZoneAlarm Client"="c:\programmi\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 919280]
"EPSON Stylus Photo RX420 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 98304]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2007-04-27 282624]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 39792]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2004-04-06 61440]
"USBToolTip"="c:\programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2004-04-23 192512]
"NeroFilterCheck"="c:\programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"DSLSTATEXE"="c:\program files\Conexant\Adsl\dslstat.exe" [2005-08-25 344064]
"DSLAGENTEXE"="c:\program files\Conexant\Adsl\dslagent.exe" [2005-08-25 65536]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-05 c:\windows\AGRSMMSG.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3beea044-090f-11dc-ae11-00e1a7767681}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(&0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{718d1222-17f4-11dc-ae31-00e1a7767681}]
\Shell\Auto\command - svchost.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svchost.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cfb1be11-2e19-11dc-ae50-00e1a7767681}]
\Shell\Auto\command - F:\svchost.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svchost.exe

*Newly Created Service* - PROCEXP90
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-kuyawmw - c:\documents and settings\utente1\impostazioni locali\dati applicazioni\kuyawmw.exe
HKCU-Run-P2Vuser - (no file)


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.libero.it/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
uInternet Settings,ProxyOverride = 127.0.0.1
IE: Invia a &Bluetooth - c:\programmi\WIDCOMM\Software Bluetooth\btsendto_ie_ctx.htm

O16 -: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 10:50:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\programmi\HPQ\Default Settings\cpqset.exe????????????9?9?4?4??????? ?deB???????????????B????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-12-31 10.52.14
ComboFix-quarantined-files.txt 2008-12-31 09:51:32

Pre-Run: 45.347.397.632 byte disponibili
Post-Run: 47,108,775,936 byte disponibili

155 --- E O F --- 2008-12-12 08:26:20
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi pippoli » 01/01/09 21:28

Ciao e buon anno a tutti, purtroppo anche io ho il problema i pagine pubblicitarie che si aprono da sole.
Ho installato AVG e Spyboot, ma non rilevano problemi.
Potete dirmi come risolere la cosa.Grazie mille.
Questo è il mio log di Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.42.36, on 01/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\TomTom HOME 2\HOMERunner.exe
C:\documents and settings\maumic\impostazioni locali\dati applicazioni\auwsm.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\ATI Technologies\ATI.ACE\cli.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\DOCUME~1\MAUMIC\IMPOST~1\Temp\Directory temporanea 1 per HiJackThis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\Programmi\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [auwsm] "c:\documents and settings\maumic\impostazioni locali\dati applicazioni\auwsm.exe" auwsm
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se6662.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9660 bytes
pippoli
Newbie
 
Post: 2
Iscritto il: 01/01/09 20:58

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 01/01/09 21:57

Ciao, disattiva l'antivirus e anche il tea timer di spybot
(per disattivare TeaTimer apri Spybot, vai sulla barra di sinistra e imposta la MODALITA' AVANZATA dal menu MODALITA'...Ora sempre dalla barra sinistra, clicca sul bottone UTILITA', quindi clicca su RESIDENT
al centro vedi una opzione relativa al TeaTimer...disattivala)
scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Vai in start>esegui>nel box bianco copia e incolla, virgolette comprese:
"%userprofile%\desktop\combofix.exe" /killall
Premi OK, parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione, se dovessero scomparire le icone sul desktop e la barra delle applicazioni, non è nulla di cui preoccuparsi),una volta terminata, se tutto è andato bene, in C:\ dovresti trovare il file combofix.txt , posta il contenuto del file.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi pippoli » 01/01/09 22:59

Credo di essere riuscito a fare tutto, fammi sapere se è tutto ok e se devo fare altro.
Grazie mille in anticipo per il tuo prezioso aiuto.

ecco il risultato:

ComboFix 08-12-31.01 - MAUMIC 2009-01-01 22.38.24.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.39.1040.18.1022.680 [GMT 1:00]
Eseguito da: c:\documents and settings\MAUMIC\desktop\combofix.exe
Interruttori di comando utilizzati :: /killall
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\MAUMIC\Impostazioni locali\Dati applicazioni\auwsm.dat
c:\documents and settings\MAUMIC\Impostazioni locali\Dati applicazioni\auwsm.exe
c:\documents and settings\MAUMIC\Impostazioni locali\Dati applicazioni\auwsm_nav.dat
c:\documents and settings\MAUMIC\Impostazioni locali\Dati applicazioni\auwsm_navps.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Creati Da 2008-12-01 al 2009-01-01 )))))))))))))))))))))))))))))))))))
.

2008-12-28 11:10 . 2008-12-28 11:10 <DIR> d-------- c:\programmi\Windows Live Safety Center
2008-12-26 20:43 . 2008-12-26 20:43 <DIR> d-------- c:\documents and settings\MAUMIC\WINDOWS
2008-12-26 20:43 . 1995-08-15 00:00 995,136 --a------ c:\windows\system\MSAJT200.DLL
2008-12-26 20:43 . 1995-08-15 00:00 543,584 --a------ c:\windows\system\DAO2516.DLL
2008-12-26 20:43 . 1995-07-26 00:00 177,824 --a------ c:\windows\system\THREED16.OCX
2008-12-26 20:43 . 1995-07-26 00:00 100,528 --a------ c:\windows\system\MCI16.OCX
2008-12-26 20:43 . 1995-08-15 00:00 86,848 --a------ c:\windows\system\VBDB16.DLL
2008-12-26 20:43 . 1995-07-26 00:00 81,104 --a------ c:\windows\system\COMDLG16.OCX
2008-12-26 20:43 . 1995-08-15 00:00 15,936 --a------ c:\windows\system\MSJETINT.DLL
2008-12-26 20:43 . 1995-08-15 00:00 11,232 --a------ c:\windows\system\MSJETERR.DLL
2008-12-26 20:43 . 1995-08-15 00:00 2,920 --a------ c:\windows\system\VBAJET.DLL
2008-12-26 12:15 . 2008-12-26 12:15 <DIR> d-------- c:\programmi\Spybot - Search & Destroy
2008-12-26 12:15 . 2008-12-26 12:15 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-12-21 10:39 . 2008-12-21 10:39 <DIR> d-------- c:\documents and settings\MAUMIC\Dati applicazioni\Nokia
2008-12-21 10:38 . 2008-12-21 10:38 <DIR> d-------- c:\documents and settings\MAUMIC\Dati applicazioni\PC Suite
2008-12-21 10:38 . 2008-12-21 10:38 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\PC Suite
2008-12-21 10:35 . 2008-12-21 10:35 <DIR> d-------- c:\windows\system32\DRVSTORE
2008-12-21 10:35 . 2008-12-21 10:35 <DIR> d-------- c:\programmi\PC Connectivity Solution
2008-12-21 10:35 . 2008-12-21 10:35 <DIR> d-------- c:\programmi\Nokia
2008-12-21 10:35 . 2008-12-21 10:36 <DIR> d-------- c:\programmi\File comuni\PCSuite
2008-12-21 10:35 . 2008-12-21 10:36 <DIR> d-------- c:\programmi\File comuni\Nokia
2008-12-21 10:35 . 2008-12-21 10:35 <DIR> d-------- c:\programmi\DIFX
2008-12-21 10:35 . 2008-05-07 07:39 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-12-21 10:35 . 2008-05-07 07:38 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2008-12-21 10:35 . 2007-09-17 15:53 21,632 --a------ c:\windows\system32\drivers\pccsmcfd.sys
2008-12-21 10:35 . 2008-05-07 07:38 20,864 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2008-12-21 10:35 . 2008-05-07 07:38 17,536 --a------ c:\windows\system32\drivers\ccdcmb.sys
2008-12-21 10:35 . 2008-05-07 07:38 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2008-12-21 10:35 . 2008-06-06 09:24 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2008-12-21 10:34 . 2008-12-21 10:34 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\Installations
2008-12-21 10:16 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2008-12-21 10:16 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\dllcache\usbser.sys
2008-12-21 10:15 . 2008-12-21 10:15 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-21 10:15 . 2008-12-21 10:15 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-12-08 22:59 . 2008-12-08 22:59 35 --a------ c:\windows\CDMKR32.INI
2008-12-01 21:19 . 2008-12-01 21:19 <DIR> d-------- c:\documents and settings\MAUMIC\Dati applicazioni\AdobeUM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-13 06:36 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-11-22 21:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\TomTom
2008-11-22 21:46 --------- d-----w c:\programmi\PoigpsGo
2008-11-17 22:53 --------- d-----w c:\programmi\NCH Software
2008-11-17 22:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Swift Sound
2008-11-17 22:53 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\NCH Software
2008-11-17 22:51 --------- d-----w c:\programmi\NCH Swift Sound
2008-11-17 22:51 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\NCH Swift Sound
2008-11-17 21:49 39,440 ----a-w c:\documents and settings\MAUMIC\Dati applicazioni\GDIPFONTCACHEV1.DAT
2008-11-17 21:33 --------- d-----w c:\programmi\Drive Rescue
2008-11-16 22:07 --------- d-----w c:\programmi\eMule
2008-11-16 21:44 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\DivX
2008-11-16 21:40 --------- d-----w c:\programmi\DivX
2008-11-16 21:11 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\Nikon
2008-11-16 21:10 --------- d-----w c:\programmi\Nikon
2008-11-16 21:09 --------- d-----w c:\programmi\ArcSoft
2008-11-16 21:08 --------- d-----w c:\programmi\File comuni\Nikon
2008-11-16 19:40 --------- d-----w c:\programmi\MSXML 4.0
2008-11-16 18:36 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\CyberLink
2008-11-16 18:35 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\GRETECH
2008-11-16 18:34 --------- d-----w c:\programmi\GRETECH
2008-11-16 18:34 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\GRETECH
2008-11-16 18:32 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\TomTom
2008-11-16 18:31 --------- d-----w c:\programmi\TomTom HOME 2
2008-11-16 18:24 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-16 18:24 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-16 18:24 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-16 18:24 --------- d-----w c:\programmi\AVG
2008-11-16 18:24 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\AVGTOOLBAR
2008-11-16 18:24 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\avg8
2008-11-16 09:47 --------- d-----w c:\documents and settings\MAUMIC\Dati applicazioni\Acer
2008-11-16 09:47 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Acer
2008-11-16 09:42 21,275 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-11-16 09:42 --------- d-----w c:\windows\system32\config\systemprofile\Dati applicazioni\Intel
2008-11-16 09:42 --------- d-----w c:\programmi\WinPCap
2008-11-16 09:42 --------- d-----w c:\documents and settings\All Users\Dati applicazioni\Intel
2008-11-16 09:41 --------- d-----w c:\programmi\Launch Manager
2008-11-07 17:32 2,109,440 ----a-w c:\windows\system32\dllcache\WMVCore.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-16 13:13 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"TomTomHOME.exe"="c:\programmi\TomTom HOME 2\HOMERunner.exe" [2008-12-09 234856]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programmi\Synaptics\SynTP\SynTPLpr.exe" [2005-11-02 102491]
"SynTPEnh"="c:\programmi\Synaptics\SynTP\SynTPEnh.exe" [2005-11-02 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-02 151552]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-19 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-19 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-19 455168]
"ATICCC"="c:\programmi\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-01-17 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-16 3080192]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-16 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Reader Speed Launch.lnk - c:\programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2008-11-16 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= c:\progra~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\eMule\\emule.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-16 97928]
R1 OsaFsLoc;OsaFsLoc;\??\c:\windows\system32\drivers\OsaFsLoc.sys [2008-11-16 12106]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-16 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-16 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-16 76040]
R2 EpmPsd;Acer EPM Power Scheme Driver;\??\c:\windows\system32\drivers\epm-psd.sys [2008-11-16 4096]
R2 EpmShd;Acer EPM System Hardware Driver;\??\c:\windows\system32\drivers\epm-shd.sys [2008-11-16 78208]
R2 osaio;osaio;\??\c:\windows\system32\drivers\osaio.sys [2008-11-16 7296]
R2 osanbm;osanbm;\??\c:\windows\system32\drivers\osanbm.sys [2008-11-16 4010]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\Drivers\NdisFilt.sys [2008-11-16 4392]
S3 AVerM115;AVerM115 service;c:\windows\system32\DRIVERS\AVerM115.sys [2005-08-24 692992]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\Drivers\lv321av.sys [2005-11-30 1088896]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{15501460-b8c2-11dd-b2f2-0016362b8e46}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe
.
- - - - ORFÃOS REMOVIDOS - - - -

HKCU-Run-auwsm - c:\documents and settings\maumic\impostazioni locali\dati applicazioni\auwsm.exe


.
------- Supplementare di scansione -------
.
uStart Page = hxxp://global.acer.com
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 22:41:47
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(804)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\programmi\INTEL\WIRELESS\BIN\EVTENG.EXE
c:\programmi\INTEL\WIRELESS\BIN\S24EVMON.EXE
c:\programmi\AVG\AVG8\AVGWDSVC.EXE
c:\acer\EMPOWERING TECHNOLOGY\ADMSERV.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
c:\programmi\INTEL\WIRELESS\BIN\REGSRVC.EXE
c:\programmi\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
c:\program files\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
c:\programmi\AVG\AVG8\AVGRSX.EXE
c:\programmi\AVG\AVG8\AVGEMC.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\programmi\LAUNCH MANAGER\QTZGACER.EXE
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2009-01-01 22:43:38 - macchina è stato riavviato
ComboFix-quarantined-files.txt 2009-01-01 21:43:36

Pre-Run: 15.647.440.896 byte disponibili
Post-Run: 15,758,393,344 byte disponibili

WindowsXP-KB310994-SP2-Home-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

251 --- E O F --- 2009-01-01 20:11:25
pippoli
Newbie
 
Post: 2
Iscritto il: 01/01/09 20:58

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 02/01/09 22:03

scusatemi in questo forum capita sempre che i messaggi del primo si accavallino ad altri, quindi vi chiedo cortesemente di rispondere alle mie domande se possibile, ho allegato il log combofix in alto, aspetto contatti!
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 02/01/09 22:40

claudioc ha scritto:scusatemi in questo forum capita sempre che i messaggi del primo si accavallino ad altri, quindi vi chiedo cortesemente di rispondere alle mie domande se possibile, ho allegato il log combofix in alto, aspetto contatti!

Ciao, i messaggi si accavallano perchè altri utenti con problemi simili si inseriscono, ma mi sembra una cosa del tutto normale.
Si aprono sempre le pagine?
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 04/01/09 11:08

le pagine mi si aprono ancora perchè non ho ricevuto nessun aiuto econsiglio da parte vostra, ho allegato in alto il log combofix, vorrei sapere qualcosa grazie
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 04/01/09 11:33

claudioc ha scritto:le pagine mi si aprono ancora perchè non ho ricevuto nessun aiuto econsiglio da parte vostra, ho allegato in alto il log combofix, vorrei sapere qualcosa grazie

Ciao, non fare polemiche fuori luogo, il consiglio di usare combofix mi sembra che qualcuno te l'abbia dato o no?
scarica Navilog sul desktop
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

installalo e fai doppio click sull'icona navilog1 che si è creata sul desktop
quando ti chiede che lingua selezionare digita E per selezionare l'inglese e clicca invio
continua premendo un tasto qualsiasi per andare avanti
poi digita 1 per avviare la ricerca e clicca invio
aspetta che finisca la scansione finchè si aprirà il blocco note
metti in allegato il file C:\fixnavi.txt
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi supermotard » 07/01/09 12:19

ciao,io ho seguito il discorso perchè ho lo stesso problema,ho fatto la scansione con navilog ma nonvedo il file che hai menzionato,
risultato:
Search Navipromo version 3.7.1 began on 07/01/2009 at 11.50.33,59

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from C:\Programmi\navilog1

Updated on 02.01.2009 at 19h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) 4 CPU 2.53GHz )
BIOS : Award Modular BIOS v6.0
USER : paoric ( Administrator )
BOOT : Normal boot

Antivirus : Kaspersky Internet Security 8.0.0.357 (Activated)
Firewall : Kaspersky Internet Security 8.0.0.357 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:66 Go)
D:\ (CD or DVD)


Search done in normal mode

*** Searching for installed Software ***

Favorit

*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\paoric\datiap~1" ***


*** Search folders in "C:\Documents and Settings\paoric\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\paoric\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\paoric\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"jdzcpl"="\"c:\\documents and settings\\paoric\\impostazioni locali\\dati applicazioni\\jdzcpl.exe\" jdzcpl"


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\paoric\impost~1\datiap~1" :

jdzcpl.exe found !
jdzcpl.dat found !
jdzcpl_nav.dat found !
jdzcpl_navps.dat found !

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 07/01/2009 at 12.04.36,39 ***

che devo fare ora?
grazie
supermotard
Utente Junior
 
Post: 70
Iscritto il: 14/09/06 22:23

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 07/01/09 13:14

Ciao, le infezioni ci sono eccome
jdzcpl.exe found !
jdzcpl.dat found !
jdzcpl_nav.dat found !
jdzcpl_navps.dat found !

chiudi programmi e applicazioni,riavvia navilog ma stavolta premi l'opzione 2.
Il programma iniziarà un conto alla rovescia e farà riavviare il computer. Al riavvio continuerà l'operazione di rimozione dei file infetti, poi rilascerà un log (C:\claennavi.txt), incollalo in un post.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi supermotard » 07/01/09 13:45

fatto e risolto,
come sempre grazie dell'aiuto,da quando ho scoperto questo sito il mio programmatore è disoccupato:-)))
ciao!!!
supermotard
Utente Junior
 
Post: 70
Iscritto il: 14/09/06 22:23

FACEBOOK PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 27/04/09 09:41

Salve, su un altro pc mi accade lo stesso problema, però quando sono su facebook si aprono tantissime pagine e devo arrestarle, cosa devo fare esattamente?

allego log hjackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 10.37.54, on 27/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RKS Fax\rksfax_control.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\WgaTray.exe
C:\Windows\system32\conime.exe
c:\users\utente\appdata\local\qqomkyy.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Utente\Desktop\Programmi Vari\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RKS Fax Print Controller] "C:\Program Files\RKS Fax\rksfax_control.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [qqomkyy] "c:\users\utente\appdata\local\qqomkyy.exe" qqomkyy
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-24-0.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-U ... E_UNO1.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://it.cyberlink.com/prog/vista/prog ... aGenie.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Ba ... b57213.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: APSHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10525 bytes
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 27/04/09 10:03

Ciao, è la solita infezione, utilizza navilog1 con le procedure già descritte nei post precedenti.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 27/04/09 16:17

PER LUKE57:

mi potresti dire quali procedure devo effettuare dettagliatamente, grazie e saluti.
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi claudioc » 27/04/09 16:30

Ho avviato Navilog ma poi dice accesso negato, cosa devo fare? grazie
claudioc
Utente Senior
 
Post: 210
Iscritto il: 08/01/04 21:19

Re: AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE

Postdi Luke57 » 27/04/09 18:09

Devi disattivare l'UAC di vista:
Per disabilitare UAC (User Account Control) in Vista si può utilizzare l'utility msconfig oppure:

* Start
* Pannello di controllo
* Account Utente e Protezione per la Famiglia
* Account utente
* Attiva o disattiva Controllo account utente
* Togliere il segno di spunta da "Per proteggere il computer..."


poi click tasto dx sull'icona di navilog e scegli "esegui come amministratore"
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Precedente

Torna a Sicurezza e Privacy


Topic correlati a "AIUTO PAGINE WEB CHE SI APRONO IMPROVVISAMENTE":

consumo pagine web
Autore: nikita75
Forum: Software Windows
Risposte: 4
aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 45 ospiti