Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internete explorer: impossibile visualizzare la pagina - favorit

internete explorer: impossibile visualizzare la pagina - favorit Opzioni
Topic Precedente · Topic Sucessivo
marcy85
Inviato: Saturday, July 11, 2009 1:09:24 PM
Rank: Newbie

Iscritto dal : 9/6/2008
Posts: 8
Mentre navigo con mozilla, mi si apre questa finestra pop-up, che non crea nessun problema, ma che infastidisce non poco....spero non sia un virus....se qualcuno di voi riuscisse ad aiutarmi gliene sarei grato.....
Torna in alto
 
Sponsor
Inviato: Saturday, July 11, 2009 1:09:24 PM

 
Torna in alto
 
a.roselli
Inviato: Saturday, July 11, 2009 2:16:31 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,054
In Firefox vai al menu STRUMENTI - OPZIONI - clicca in alto su CONTENUTI qui inserisci la spunta alle quattro caselline e clicca su OK

Se il problema continua, scarica questo programma e leggi le istruzioni per inserire il tuo log, cosi possiamo vedere se c'è qualche spyware
http://software.aiutamici.com/software?ID=11175


alfonso_aiutamici@hotmail.it
Torna in alto
 
marcy85
Inviato: Saturday, July 11, 2009 3:19:14 PM
Rank: Newbie

Iscritto dal : 9/6/2008
Posts: 8
Ho fatto ciò che mi hai detto ma non ho risolto nulla.

TI post il log di haijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.16.15, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\documents and settings\user\impostazioni locali\dati applicazioni\cwmyuui.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\CCleaner\ccleaner.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [cwmyuui] "c:\documents and settings\user\impostazioni locali\dati applicazioni\cwmyuui.exe" cwmyuui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134306CE-4438-46B7-9045-C48F4C6C5ECF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{134306CE-4438-46B7-9045-C48F4C6C5ECF}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7627 bytes
Torna in alto
 
r16
Inviato: Saturday, July 11, 2009 6:40:37 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
C'e qualcosina.

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema.
Posta il log.

------------------------------------------------------------------------------------------------------
COMBOFIX
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.
E' probabile che ti siano inviati messaggi dall'antivirus, tu ignorali.
Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt. Postalo qui.

Disinstalla combofix in questo modo: (dopo che avrò visto il log)
Start
Esegui
nella finestra di dialogo, copia ed incolla questo comando: Combofix /u e premi Invio poi cancella le cartelle in "C" di combofix (qoobox)

Poi posta un log aggiornato di HJT.
Torna in alto
 
marcy85
Inviato: Saturday, July 11, 2009 9:06:17 PM
Rank: Newbie

Iscritto dal : 9/6/2008
Posts: 8
Ecco qui di seguito il logo di COMBOFIX:

ComboFix 09-07-09.08 - user 11/07/2009 20.56.43.22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1023.593 [GMT 2:00]
Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090710-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\cwmyuui.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\cwmyuui_nav.dat
c:\documents and settings\user\Impostazioni locali\Dati applicazioni\cwmyuui_navps.dat
c:\windows\Installer\11f077.msi
c:\windows\Installer\1abd1f.msp
c:\windows\Installer\1abd20.msp
c:\windows\Installer\1abd21.msp
c:\windows\Installer\1abd22.msp
c:\windows\Installer\1abd23.msp
c:\windows\Installer\1abd24.msp
c:\windows\Installer\1abd25.msp
c:\windows\Installer\1abd26.msp
c:\windows\Installer\1abd27.msp
c:\windows\Installer\29f517.msp
c:\windows\Installer\29f518.msp
c:\windows\Installer\29f519.msp
c:\windows\Installer\29f51a.msp
c:\windows\Installer\29f51b.msp
c:\windows\Installer\29f51c.msp
c:\windows\Installer\29f51d.msp
c:\windows\Installer\29f51e.msp
c:\windows\Installer\29f51f.msp
c:\windows\Installer\375e13.msp
c:\windows\Installer\375e14.msp
c:\windows\Installer\375e15.msp
c:\windows\Installer\375e16.msp
c:\windows\Installer\375e17.msp
c:\windows\Installer\375e18.msp
c:\windows\Installer\375e19.msp
c:\windows\Installer\375e1a.msp
c:\windows\Installer\375e1b.msp
c:\windows\Installer\3cce7.msp
c:\windows\Installer\3cce8.msp
c:\windows\Installer\3cce9.msp
c:\windows\Installer\3ccea.msp
c:\windows\Installer\3cceb.msp
c:\windows\Installer\3ccec.msp
c:\windows\Installer\3cced.msp
c:\windows\Installer\3ccee.msp
c:\windows\Installer\3ccef.msp
c:\windows\Installer\479d03.msp
c:\windows\Installer\479d04.msp
c:\windows\Installer\479d05.msp
c:\windows\Installer\479d06.msp
c:\windows\Installer\479d07.msp
c:\windows\Installer\479d08.msp
c:\windows\Installer\479d09.msp
c:\windows\Installer\479d0a.msp
c:\windows\Installer\479d0b.msp
c:\windows\Installer\4b459.msp
c:\windows\Installer\4b45a.msp
c:\windows\Installer\4b45b.msp
c:\windows\Installer\4b45c.msp
c:\windows\Installer\4b45d.msp
c:\windows\Installer\4b45e.msp
c:\windows\Installer\4b45f.msp
c:\windows\Installer\4b460.msp
c:\windows\Installer\4b461.msp
c:\windows\Installer\6b21d.msp
c:\windows\Installer\6b21e.msp
c:\windows\Installer\6b21f.msp
c:\windows\Installer\6b220.msp
c:\windows\Installer\6b221.msp
c:\windows\Installer\6b222.msp
c:\windows\Installer\6b223.msp
c:\windows\Installer\6b224.msp
c:\windows\Installer\6b225.msp
c:\windows\Installer\9dad3d.msp
c:\windows\Installer\9dad3e.msp
c:\windows\Installer\9dad3f.msp
c:\windows\Installer\9dad40.msp
c:\windows\Installer\9dad41.msp
c:\windows\Installer\9dad42.msp
c:\windows\Installer\9dad43.msp
c:\windows\Installer\9dad44.msp
c:\windows\Installer\9dad45.msp
c:\windows\Installer\e563b.msp
c:\windows\Installer\e563c.msp
c:\windows\Installer\e563d.msp
c:\windows\Installer\e563e.msp
c:\windows\Installer\e563f.msp
c:\windows\Installer\e5640.msp
c:\windows\Installer\e5641.msp
c:\windows\Installer\e5642.msp
c:\windows\Installer\e5643.msp

.
((((((((((((((((((((((((( Files Creati Da 2009-06-11 al 2009-07-11 )))))))))))))))))))))))))))))))))))
.

2009-07-11 18:14 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-11 18:14 . 2009-07-11 18:14 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-11 18:14 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-10 10:15 . 2008-10-30 19:14 117888 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-07-10 10:15 . 2008-07-16 20:35 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-07-10 10:15 . 2009-07-10 10:15 -------- d-----w- c:\windows\OPTIONS
2009-07-10 10:10 . 2008-06-04 12:55 53248 ----a-w- c:\windows\system32\CSVer.dll
2009-07-10 10:10 . 2009-07-10 10:10 -------- d-----w- c:\programmi\Intel
2009-07-10 10:10 . 2009-07-10 10:10 -------- d-----w- C:\Intel
2009-06-16 19:28 . 2009-06-16 19:28 -------- d-----w- c:\programmi\eMule
2009-06-16 17:44 . 2009-06-16 17:44 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Lavasoft
2009-06-16 17:42 . 2009-06-16 17:42 -------- d-----w- c:\programmi\Lavasoft
2009-06-15 21:32 . 2009-06-15 21:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Yahoo! Companion

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-11 18:47 . 2009-01-29 16:03 632252 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-07-11 18:47 . 2009-01-29 16:03 54054944 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-07-11 11:11 . 2008-07-27 12:50 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-10 10:15 . 2007-11-16 10:54 -------- d-----w- c:\programmi\Realtek
2009-07-10 10:15 . 2007-11-16 10:07 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-16 17:44 . 2009-02-09 19:07 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-06-16 17:03 . 2008-06-09 12:15 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Skype
2009-06-15 21:32 . 2009-04-05 22:41 -------- d-----w- c:\programmi\Yahoo!
2009-06-12 11:52 . 2009-03-10 13:31 -------- d-----w- c:\programmi\PokerStars.IT
2009-06-06 14:35 . 2009-06-06 14:34 -------- d-----w- c:\documents and settings\user\Dati applicazioni\vlc
2009-06-06 14:31 . 2009-06-06 14:31 -------- d-----w- c:\programmi\VideoLAN
2009-06-05 15:06 . 2009-06-05 15:06 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-06-05 14:00 . 2009-02-07 10:43 5639999 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-06-04 16:16 . 2009-06-04 16:15 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-04 16:09 . 2007-12-19 19:48 -------- d-----w- c:\programmi\Windows Live
2009-06-01 20:41 . 2009-06-01 20:40 -------- d-----w- c:\programmi\iTunes
2009-06-01 20:40 . 2009-06-01 20:40 -------- d-----w- c:\programmi\iPod
2009-06-01 20:40 . 2009-02-06 16:33 -------- d-----w- c:\programmi\File comuni\Apple
2009-06-01 20:38 . 2009-06-01 20:37 -------- d-----w- c:\programmi\QuickTime
2009-06-01 20:33 . 2009-06-01 20:33 75048 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-05-30 15:02 . 2008-09-06 14:39 41728 ----a-w- c:\windows\system32\drivers\VIRAGTLT.SYS
2009-05-24 22:24 . 2008-05-26 21:18 350208 ------w- c:\windows\system32\mssph.dll
2009-05-22 13:10 . 2008-05-30 08:18 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Ahead
2009-05-22 12:40 . 2009-05-22 12:40 -------- d-----w- c:\documents and settings\user\Dati applicazioni\Nero
2009-05-13 05:02 . 2004-08-19 13:39 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-12 13:12 . 2007-11-15 15:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2004-08-19 13:39 347648 ----a-w- c:\windows\system32\localspl.dll
2009-04-24 18:02 . 2009-04-24 18:03 1856512 ----a-w- c:\windows\Internet Logs\xDBB.tmp
2009-04-19 19:47 . 2004-08-19 13:31 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 15:25 . 2001-08-31 12:00 85070 ----a-w- c:\windows\system32\perfc010.dat
2009-04-17 15:25 . 2001-08-31 12:00 476322 ----a-w- c:\windows\system32\perfh010.dat
2009-04-15 14:52 . 2004-08-19 13:39 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-11-16 16384000]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-11-16 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-17 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Exif Launcher S.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Alice Messenger\\alicemessenger.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:eMule TCP
"4672:UDP"= 4672:UDP:eMule UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [31/01/2009 17.45.45 114768]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [10/04/2009 0.08.04 13696]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31/01/2009 17.45.45 20560]
R2 Network WanMiniport First Position;Network WanMiniport First Position;c:\programmi\Telecom Italia\WanMiniport1st\srvany.exe [23/02/2009 11.06.39 8192]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.SYS [14/05/2007 11.26.10 508288]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-06-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-07-11 c:\windows\Tasks\User_Feed_Synchronization-{B89A6A66-F58D-49CE-9C57-49908C85BAB6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Aggiungi all'elenco di stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Anteprima Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Stampa ad alta velocità Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stampa Easy-WebPrint - c:\programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
LSP: c:\windows\system32\imon.dll
TCP: {134306CE-4438-46B7-9045-C48F4C6C5ECF} = 192.168.1.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\eqy6nu23.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.repubblica.it/
FF - plugin: c:\documents and settings\user\Impostazioni locali\Dati applicazioni\Google\Update\1.2.133.33\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 21:00
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\swearware\backup\winsock2]
@DACL=(02 0000)
@SACL=
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'lsass.exe'(800)
c:\windows\system32\imon.dll
.
Ora fine scansione: 2009-07-11 21.02.24
ComboFix-quarantined-files.txt 2009-07-11 19:02

Pre-Run: 9.414.471.680 byte disponibili
Post-Run: 9.384.636.416 byte disponibili

247 --- E O F --- 2009-06-10 22:59




e IL SUCCESSIVO LOG DI HAIJACK:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.05.48, on 11/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programmi\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PokerStars.it - {C4046502-6524-4d87-896C-878F57D1FF07} - C:\Programmi\PokerStars.IT\PokerStarsUpdate.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{134306CE-4438-46B7-9045-C48F4C6C5ECF}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{134306CE-4438-46B7-9045-C48F4C6C5ECF}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 7269 bytes
Torna in alto
 
simo95
Inviato: Saturday, July 11, 2009 9:14:08 PM

Rank: AiutAmico

Iscritto dal : 12/4/2008
Posts: 2,008
Ti è stata chiesta anche una scnsione con malwarebytes.
Torna in alto
 
r16
Inviato: Sunday, July 12, 2009 12:52:06 AM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Prima di fare la scansione con Malwarebytes, Disistalla Combofix, nelle modalità che ho descritto nel post sopra.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » internete explorer: impossibile visualizzare la pagina - favorit


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.