Condividi:        

Siti pubblicitari che si aprono da soli AIUTO

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 20/03/09 14:53

Ragazzi e da un paio di giorno che quando navig sui internet si apropo siti di pubblicita' da soli ma non come popup ma come nuove schede ho efettutuato una scansione con avast e con windows defender ma non mi trova nulla
In istallazione applicazioe compare un programma Favorit che non so cosa sia
allego log di HiJackThis

---------

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.55.44, on 20/03/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AI Direct Link\AsCmd.exe
C:\Program Files\ASUS\AI Direct Link\AsShare.exe
C:\Program Files\ASUS\AASP\1.00.46\aaCenter.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\vVX3000.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Francesco\AppData\Local\wowuy.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\aMSN\bin\wish.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Francesco\Desktop\Nuova cartella\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Launch Direct Link] "C:\Program Files\ASUS\AI Direct Link\AsShare.exe"
O4 - HKLM\..\Run: [Launch As Cmd Runner] "C:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\Windows\vVX3000.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregIta\ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [wowuy] "c:\users\francesco\appdata\local\wowuy.exe" wowuy
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Program Files\PokerStars.IT\PokerStarsUpdate.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{11838533-536B-4863-85E4-1EB7D1D088A2}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 7759 bytes

------------------------------

Che dite raga è un virus spyware che posso fare?
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Sponsor
 

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi Luke57 » 20/03/09 17:39

Ciao, dovrebbe essere un'infezione da navi promo, scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
disattiva antivirus e programmi di sicurezza
Fatto questo, clicca su start>esegui, nel box bianco copia e incolla questo comando, virgolette comprese:

"%userprofile%\desktop\combofix.exe" /killall

Premi OK, se tutto va bene parte il programma che potrebbe impiegare molto (non fare altre manovre durante la scansione),una volta terminata la scansione, riavvia il computer e posta il reprot C:\combofix.txt
Luke57
Moderatore
 
Post: 6247
Iscritto il: 11/08/05 20:10

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 20/03/09 19:02

Non ho capito cosa devo disattivare solo avast? o altro?
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 20/03/09 19:17

luke57 riapondi disattivo solo avast? (e come si disattiva non so farlo) che altro devo disattivare
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 20/03/09 21:21

Luke57 ci 6
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi Luke57 » 20/03/09 23:51

Ciao, non conosco avast ma ho trovato questa risposta per te:
tasto destro sull'iconcina che compare in basso a destra e seleziona l'ultima voce "Arresta la protezione all'avvio"
Luke57
Moderatore
 
Post: 6247
Iscritto il: 11/08/05 20:10

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 21/03/09 11:27

Ciao ho fatto come mi hai detto eccoti il log

ComboFix 09-03-19.02 - Francesco 2009-03-21 10.10.21.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1040.18.3326.2512 [GMT 1:00]
Eseguito da: c:\users\Francesco\Desktop\combofix.exe
Opzioni usate :: /killall
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Francesco\AppData\Local\wowuy.dat
c:\users\Francesco\AppData\Local\wowuy.exe
c:\users\Francesco\AppData\Local\wowuy_nav.dat
c:\users\Francesco\AppData\Local\wowuy_navps.dat

.
((((((((((((((((((((((((( Files Creati Da 2009-02-21 al 2009-03-21 )))))))))))))))))))))))))))))))))))
.

2009-03-20 14:07 . 2009-03-21 09:49 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2009-03-20 14:07 . 2009-03-21 09:49 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2009-03-20 14:07 . 2009-03-20 14:10 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-03-15 16:33 . 2009-03-15 16:33 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-03-13 19:31 . 2009-03-13 19:31 <DIR> d-------- c:\program files\SecondLife
2009-03-12 17:27 . 2009-03-12 17:28 <DIR> d-------- c:\program files\PokerStars.IT
2009-03-11 11:04 . 2008-12-16 04:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 11:04 . 2009-02-09 04:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 11:04 . 2008-11-27 05:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 11:04 . 2008-12-16 06:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 11:04 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 11:04 . 2008-12-16 06:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-10 12:23 . 2009-03-10 12:23 <DIR> d-------- c:\program files\MetaTrader 4
2009-03-07 15:44 . 2009-03-07 15:44 313,351,635 --a------ c:\windows\MEMORY.DMP
2009-03-06 20:22 . 2009-03-06 20:51 <DIR> d-------- c:\users\Francesco\AppData\Roaming\ImgBurn
2009-03-06 19:29 . 2009-03-06 19:30 <DIR> d-------- c:\program files\ImgBurn
2009-03-05 12:57 . 2009-03-05 14:07 <DIR> d-------- c:\program files\B2BPOKER
2009-03-04 20:18 . 2009-03-04 20:21 <DIR> d-------- c:\users\Francesco\.VirtualBox
2009-03-04 20:17 . 2009-03-04 20:17 <DIR> d----c--- c:\windows\System32\DRVSTORE
2009-03-04 20:17 . 2009-03-04 20:17 <DIR> d-------- c:\program files\Sun
2009-03-04 20:17 . 2009-02-16 17:47 129,552 --a------ c:\windows\System32\VBoxNetFltNotify.dll
2009-03-04 20:17 . 2009-02-16 17:46 100,560 --a------ c:\windows\System32\drivers\VBoxDrv.sys
2009-03-04 20:17 . 2009-02-16 17:47 87,568 --a------ c:\windows\System32\drivers\VBoxNetFlt.sys
2009-03-04 20:17 . 2009-02-16 17:47 41,744 --a------ c:\windows\System32\drivers\VBoxUSBMon.sys
2009-03-04 13:41 . 2009-03-04 13:41 <DIR> d-------- c:\program files\Stardock
2009-03-04 13:41 . 2009-03-04 13:41 <DIR> d-------- c:\program files\Common Files\Stardock
2009-02-28 19:58 . 2009-02-28 19:58 <DIR> d-------- c:\users\All Users\GiocoDigitale
2009-02-28 19:58 . 2009-02-28 19:58 <DIR> d-------- c:\programdata\GiocoDigitale
2009-02-28 19:58 . 2009-02-28 19:58 <DIR> d-------- c:\program files\GiocoDigitale
2009-02-28 18:30 . 2006-10-26 19:56 32,592 --a------ c:\windows\System32\msonpmon.dll
2009-02-28 18:29 . 2009-02-28 18:29 <DIR> d-------- c:\program files\Microsoft Works
2009-02-28 18:28 . 2009-02-28 18:28 <DIR> d-------- c:\program files\Microsoft.NET
2009-02-28 18:27 . 2009-03-11 11:05 <DIR> d-------- c:\users\All Users\Microsoft Help
2009-02-28 18:27 . 2009-03-11 11:05 <DIR> d-------- c:\programdata\Microsoft Help
2009-02-28 18:27 . 2009-02-28 18:27 <DIR> d-------- c:\program files\Microsoft Visual Studio 8
2009-02-28 18:26 . 2009-02-28 18:26 <DIR> dr-h----- C:\MSOCache
2009-02-28 18:05 . 2009-02-28 18:05 <DIR> d-------- c:\program files\MSXML 4.0
2009-02-28 18:05 . 2009-02-28 18:05 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-02-28 17:53 . 2009-02-28 17:54 <DIR> d--h----- c:\windows\msdownld.tmp
2009-02-28 15:47 . 2009-02-28 15:47 <DIR> d-------- c:\users\All Users\eMule
2009-02-28 15:47 . 2009-02-28 15:47 <DIR> d-------- c:\programdata\eMule
2009-02-28 15:47 . 2009-02-28 15:47 <DIR> d-------- c:\program files\eMule
2009-02-27 20:07 . 2009-02-27 20:08 <DIR> d-------- c:\users\Francesco\AppData\Roaming\ooVoo Details
2009-02-27 19:29 . 2009-02-27 19:30 <DIR> d-------- c:\users\Francesco\AppData\Roaming\vlc
2009-02-27 19:24 . 2009-02-27 19:24 <DIR> d-------- c:\program files\VideoLAN
2009-02-27 19:17 . 2009-02-27 19:17 <DIR> d-------- c:\program files\Java
2009-02-27 19:17 . 2009-02-27 19:17 410,984 --a------ c:\windows\System32\deploytk.dll
2009-02-27 18:27 . 2009-03-17 15:15 <DIR> d-------- c:\users\Francesco\AppData\Roaming\SecondLife
2009-02-27 17:18 . 2009-03-15 12:02 <DIR> d-------- c:\users\Francesco\amsn
2009-02-27 17:17 . 2009-02-27 17:17 <DIR> d-------- c:\program files\aMSN
2009-02-27 16:31 . 2004-03-03 21:30 125,184 --a------ c:\windows\System32\drivers\imagesrv.sys
2009-02-27 16:31 . 2004-03-03 21:30 5,504 --a------ c:\windows\System32\drivers\imagedrv.sys
2009-02-27 16:30 . 2009-02-27 16:30 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-27 16:30 . 2009-02-27 16:30 <DIR> d-------- c:\program files\Ahead
2009-02-27 16:30 . 2001-07-06 14:41 569,344 --a------ c:\windows\System32\imagr5.dll
2009-02-27 16:30 . 2001-07-06 12:44 544,768 --a------ c:\windows\System32\imagx5.dll
2009-02-27 16:30 . 2001-07-06 18:24 283,920 --a------ c:\windows\System32\ImagXpr5.dll
2009-02-27 16:30 . 2001-07-09 11:50 155,648 --a------ c:\windows\System32\NeroCheck.exe
2009-02-27 16:30 . 2000-06-26 11:45 106,496 --a------ c:\windows\System32\TwnLib20.dll
2009-02-27 16:30 . 2001-06-26 08:15 38,912 --a------ c:\windows\System32\picn20.dll
2009-02-27 15:40 . 2009-03-21 10:08 <DIR> d-------- c:\users\Francesco\AppData\Roaming\uTorrent
2009-02-27 15:40 . 2009-02-28 16:41 <DIR> d-------- c:\program files\uTorrent
2009-02-27 14:31 . 2009-02-27 14:31 <DIR> d-------- c:\users\All Users\InstallShield
2009-02-27 14:31 . 2009-02-27 14:31 <DIR> d-------- c:\programdata\InstallShield
2009-02-27 14:31 . 2009-02-27 14:31 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-02-27 14:31 . 2009-02-27 14:31 412 --a------ c:\windows\MAXLINK.INI
2009-02-27 14:24 . 2009-02-27 14:31 <DIR> d-------- c:\users\All Users\ScanSoft
2009-02-27 14:24 . 2009-02-27 14:31 <DIR> d-------- c:\programdata\ScanSoft
2009-02-27 14:15 . 2009-02-27 14:31 <DIR> d-------- c:\users\Francesco\AppData\Roaming\ScanSoft
2009-02-27 13:48 . 2009-02-27 13:48 <DIR> d-------- c:\users\Francesco\AppData\Roaming\ArcSoft
2009-02-27 13:43 . 2009-02-27 13:44 <DIR> d-------- c:\program files\Canon
2009-02-27 13:42 . 2009-02-27 14:30 <DIR> d-------- c:\program files\ScanSoft
2009-02-27 13:41 . 2009-02-27 13:41 <DIR> d-------- c:\program files\ArcSoft
2009-02-27 13:41 . 1995-08-01 04:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-02-27 13:40 . 2009-02-27 13:40 <DIR> d--h----- C:\CanoScan
2009-02-27 13:40 . 2005-02-24 19:14 274,432 --a------ c:\windows\System32\CNQL1212.dll
2009-02-27 13:40 . 2005-02-02 09:20 57,344 --a------ c:\windows\System32\CNQU111.DLL
2009-02-27 11:06 . 2009-02-28 18:44 230,424 --a------ C:\img2-001.raw
2009-02-27 10:44 . 2009-02-27 10:45 <DIR> d-------- c:\program files\Microsoft LifeCam
2009-02-27 10:17 . 2009-03-21 10:05 <DIR> d-------- c:\users\Francesco\Tracing
2009-02-27 10:16 . 2009-02-27 10:16 <DIR> d-------- c:\program files\Windows Live SkyDrive
2009-02-27 10:16 . 2009-02-27 10:16 <DIR> d-------- c:\program files\Microsoft
2009-02-27 10:15 . 2009-02-27 10:15 <DIR> d-------- c:\windows\PCHEALTH
2009-02-27 10:15 . 2009-02-27 10:16 <DIR> d-------- c:\program files\Windows Live
2009-02-27 10:10 . 2009-02-27 10:10 <DIR> d-------- c:\program files\Common Files\Windows Live
2009-02-26 22:05 . 2009-02-26 22:05 <DIR> d-------- c:\users\Francesco\AppData\Roaming\Acronis
2009-02-26 22:03 . 2009-02-26 22:03 <DIR> d-------- c:\users\All Users\Acronis
2009-02-26 22:03 . 2009-02-26 22:03 <DIR> d-------- c:\programdata\Acronis
2009-02-26 22:01 . 2009-02-26 22:01 971,584 --a------ c:\windows\System32\drivers\tdrpm147.sys
2009-02-26 22:01 . 2009-02-26 22:01 134,272 --a------ c:\windows\System32\drivers\snman380.sys
2009-02-26 22:01 . 2009-02-26 22:01 44,704 --a------ c:\windows\System32\drivers\tifsfilt.sys
2009-02-26 19:23 . 2009-02-26 22:00 <DIR> d-------- c:\program files\Common Files\Acronis
2009-02-26 19:23 . 2009-02-26 22:00 <DIR> d-------- c:\program files\Acronis
2009-02-26 19:23 . 2009-02-26 22:01 540,000 --a------ c:\windows\System32\drivers\timntr.sys
2009-02-26 19:10 . 2009-02-26 19:10 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-02-26 19:09 . 2009-02-26 19:10 <DIR> d-------- c:\users\All Users\Adobe
2009-02-26 19:09 . 2009-02-26 19:09 <DIR> d-------- c:\program files\Common Files\Adobe
2009-02-26 17:50 . 2009-02-26 17:50 <DIR> d-------- c:\program files\Alwil Software
2009-02-26 17:50 . 2003-03-18 21:20 1,060,864 --a------ c:\windows\System32\MFC71.dll
2009-02-26 17:50 . 2003-03-18 20:14 499,712 --a------ c:\windows\System32\MSVCP71.dll
2009-02-26 17:50 . 2003-02-21 04:42 348,160 --a------ c:\windows\System32\MSVCR71.dll
2009-02-26 17:50 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-02-26 17:08 . 2009-02-26 17:08 <DIR> d-------- c:\program files\Creative
2009-02-26 17:08 . 1998-11-13 13:07 307,712 --a------ c:\windows\IsUn0410.exe
2009-02-26 17:08 . 1999-10-11 02:01 41,984 --a------ c:\windows\CTREGRUN.EXE
2009-02-26 16:55 . 2009-02-26 16:55 <DIR> d--h----- c:\users\All Users\CanonBJ
2009-02-26 16:55 . 2009-02-26 16:55 <DIR> d--h----- c:\programdata\CanonBJ
2009-02-26 16:33 . 2009-02-26 16:33 <DIR> d-------- c:\program files\Common Files\Canon
2009-02-26 15:56 . 2008-06-20 02:14 781,344 --a------ c:\windows\System32\PresentationNative_v0300.dll
2009-02-26 15:56 . 2008-06-20 02:14 622,080 --a------ c:\windows\System32\icardagt.exe
2009-02-26 15:56 . 2008-06-20 02:14 326,160 --a------ c:\windows\System32\PresentationHost.exe
2009-02-26 15:56 . 2008-06-20 02:14 105,016 --a------ c:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2009-02-26 15:56 . 2008-06-20 02:14 97,800 --a------ c:\windows\System32\infocardapi.dll
2009-02-26 15:56 . 2008-06-20 02:14 43,544 --a------ c:\windows\System32\PresentationHostProxy.dll
2009-02-26 15:56 . 2008-06-20 02:14 37,384 --a------ c:\windows\System32\infocardcpl.cpl
2009-02-26 15:56 . 2008-06-20 02:14 11,264 --a------ c:\windows\System32\icardres.dll
2009-02-26 15:53 . 2008-07-27 19:03 282,112 --a------ c:\windows\System32\mscoree.dll
2009-02-26 15:53 . 2008-07-27 19:03 158,720 --a------ c:\windows\System32\mscorier.dll
2009-02-26 15:53 . 2008-07-27 19:03 96,760 --a------ c:\windows\System32\dfshim.dll
2009-02-26 15:53 . 2008-07-27 19:03 83,968 --a------ c:\windows\System32\mscories.dll
2009-02-26 15:53 . 2008-07-27 19:03 41,984 --a------ c:\windows\System32\netfxperf.dll
2009-02-26 15:50 . 2008-10-21 06:25 1,645,568 --a------ c:\windows\System32\connect.dll
2009-02-26 15:49 . 2008-09-18 06:09 3,601,464 --a------ c:\windows\System32\ntkrnlpa.exe
2009-02-26 15:49 . 2008-09-18 06:09 3,549,240 --a------ c:\windows\System32\ntoskrnl.exe
2009-02-26 15:49 . 2008-09-10 04:40 1,334,272 --a------ c:\windows\System32\msxml6.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 19:49 --------- d-----w c:\program files\Windows Mail
2009-02-28 17:29 --------- d-----w c:\program files\MSBuild
2009-02-26 14:17 174 --sha-w c:\program files\desktop.ini
2009-02-26 14:13 --------- d-----w c:\program files\Windows Sidebar
2009-02-26 14:13 --------- d-----w c:\program files\Windows Photo Gallery
2009-02-26 14:13 --------- d-----w c:\program files\Windows Journal
2009-02-26 14:13 --------- d-----w c:\program files\Windows Defender
2009-02-26 14:13 --------- d-----w c:\program files\Windows Collaboration
2009-02-26 14:13 --------- d-----w c:\program files\Windows Calendar
2009-02-26 13:14 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-02-26 12:27 --------- d-sh--w c:\programdata\Preferiti
2009-02-26 12:27 --------- d-sh--w c:\programdata\Modelli
2009-02-26 12:27 --------- d-sh--w c:\programdata\Menu Avvio
2009-02-26 12:27 --------- d-sh--w c:\programdata\Documenti
2009-02-26 12:27 --------- d-sh--w c:\programdata\Dati applicazioni
2009-02-26 12:27 --------- d-sh--w c:\program files\File comuni
2009-02-09 12:18 7,764,672 ----a-w c:\windows\system32\drivers\nvlddmkm.sys
2009-02-09 12:18 4,160 ----a-w c:\windows\system32\drivers\nvBridge.kmd
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13683232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 92704]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 1426432]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-16 626176]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 880640]
"Launch Direct Link"="c:\program files\ASUS\AI Direct Link\AsShare.exe" [2007-08-20 1209856]
"Launch As Cmd Runner"="c:\program files\ASUS\AI Direct Link\AsCmd.exe" [2007-04-11 376832]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-11-21 4371440]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-11-21 961208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-11-21 165144]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 279912]
"VX3000"="c:\windows\vVX3000.exe" [2007-04-10 709992]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-27 148888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-31 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-10-11 c:\windows\SkyTel.exe]

c:\users\Francesco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-03-04 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{830D85A3-0D91-4ACE-AFF5-161ACB27A258}"= UDP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{3CB277CA-C2D2-405C-AD7D-911806A7C65A}"= TCP:c:\program files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{B147FF46-008B-48F0-949A-8643EF2C668F}"= UDP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{37605F17-7C82-4A11-ADC1-26C785E82D79}"= TCP:c:\program files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{EF54EED2-3116-4E9C-83D9-BA6A03D2A50E}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{5A121FEC-BC98-4B20-BBC7-34E8464F25DB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{0241B394-6CE2-407A-8BD0-8D1665BA39AA}c:\\program files\\amsn\\bin\\wish.exe"= UDP:c:\program files\amsn\bin\wish.exe:Wish Application
"UDP Query User{DB7CFFA3-DFB1-4ECA-B6CE-7BB7C545DDBE}c:\\program files\\amsn\\bin\\wish.exe"= TCP:c:\program files\amsn\bin\wish.exe:Wish Application
"TCP Query User{B500E0E7-EAC6-4351-9235-EFA6ABF343A8}c:\\program files\\secondlife\\slvoice.exe"= UDP:c:\program files\secondlife\slvoice.exe:SLVoice
"UDP Query User{445B00F7-B9B6-465C-B9CD-649ADA17F150}c:\\program files\\secondlife\\slvoice.exe"= TCP:c:\program files\secondlife\slvoice.exe:SLVoice
"TCP Query User{50CC2A4B-3554-44D4-8BB1-C0EF75FCFD1D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{0312AC6B-F2E6-4D6E-93A6-659F017E0CA8}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{FAA1D461-6540-4CFC-8D5A-8B581509B4E2}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{7949BF17-926C-47C4-9651-FC67CBDBC793}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"{165CC884-7B3C-44C2-B734-36F7462A30DE}"= Disabled:UDP:443:Porta TCP ooVoo 443
"{84E495ED-09A9-4B7E-B366-CABA9091BF00}"= Disabled:TCP:443:Porta UDP ooVoo 443
"{D692AC36-BB08-4B12-A928-CEEFCF7E833B}"= Disabled:UDP:37674:Porta TCP ooVoo 37674
"{8AA0BD3C-75CE-46D0-A83A-3BEF22409CEE}"= Disabled:TCP:37674:Porta UDP ooVoo 37674
"{8FF1DF94-12E5-4E87-A70A-6D5EAADE403D}"= Disabled:TCP:37675:Porta UDP ooVoo 37675
"TCP Query User{9ACCE124-6D73-414A-93D2-51B1F92AE8AD}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{23C71682-3CFE-47BB-81C0-EC9E9721B021}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{A72C3442-B55A-44CA-998D-D3C1A77E528A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{47770025-9029-4D79-8DB2-5CEE0329AD2C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7799106E-30E5-4959-9227-87D7A2991DA7}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0B5134C1-CC71-4757-BD31-4621E7561488}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{255A5E25-D952-48E6-8B33-0FBAE8C24DD1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{A95D1113-3725-40F5-878B-92A44BD25E93}c:\\program files\\b2bpoker\\assokappa\\jre\\bin\\javaw.exe"= UDP:c:\program files\b2bpoker\assokappa\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary
"UDP Query User{3492893C-54B8-47F8-8881-3FD01426BC9C}c:\\program files\\b2bpoker\\assokappa\\jre\\bin\\javaw.exe"= TCP:c:\program files\b2bpoker\assokappa\jre\bin\javaw.exe:Java(TM) 2 Platform Standard Edition binary

R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\System32\drivers\snman380.sys [2009-02-26 134272]
R0 tdrpman147;Acronis Try&Decide and Restore Points filter (build 147);c:\windows\System32\drivers\tdrpm147.sys [2009-02-26 971584]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-02-26 114768]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [2009-03-04 100560]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [2009-03-04 41744]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-02-26 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-02-26 51792]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\System32\drivers\VBoxNetFlt.sys [2009-03-04 87568]
.
Contenuto della cartella 'Scheduled Tasks'

2009-03-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-01-26 15:31]

2009-03-20 c:\windows\Tasks\User_Feed_Synchronization-{92D8E74D-EB66-4141-A109-F364CE6F3D6E}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 23:33]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-wowuy - c:\users\francesco\appdata\local\wowuy.exe
HKLM-Run-OPSE reminder - c:\program files\ScanSoft\OmniPageSE2.0\EregIta\Ereg.exe


.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\program files\PokerStars.IT\PokerStarsUpdate.exe
TCP: {11838533-536B-4863-85E4-1EB7D1D088A2} = 192.168.1.1
FF - ProfilePath - c:\users\Francesco\AppData\Roaming\Mozilla\Firefox\Profiles\f3i9bjf5.default\
FF - prefs.js: browser.startup.homepage - www.google.it
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 10:12:59
Windows 6.0.6001 Service Pack 1 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...


c:\users\FRANCE~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'Explorer.exe'(3840)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\ASUS\AASP\1.00.46\aaCenter.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Ora fine scansione: 2009-03-21 10:16:12 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-03-21 09:16:04

Pre-Run: 387.929.116.672 byte disponibili
Post-Run: 388,545,527,808 byte disponibili

293 --- E O F --- 2009-03-20 09:04:39
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 21/03/09 11:31

Cosa devo fare ora spetto che mi rispondi grazie
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi Luke57 » 21/03/09 12:31

Ciao, l'infezione sembra debellata, se hai sempre problemi Scarica e installa malwarebytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.

Posta il rapporto.
Luke57
Moderatore
 
Post: 6247
Iscritto il: 11/08/05 20:10

Re: Siti pubblicitari che si aprono da soli AIUTO

Postdi ciberbob » 21/03/09 12:35

ok ti ringrazio ancora
ciberbob
Utente Junior
 
Post: 39
Iscritto il: 03/12/07 13:44


Torna a Sicurezza e Privacy


Topic correlati a "Siti pubblicitari che si aprono da soli AIUTO":


Chi c’è in linea

Visitano il forum: Nessuno e 6 ospiti