problema con mozilla

[gimar]

salve a tutti e ben risentiti. Credo di essermi beccato un bel virussone:
difatti ogni volta che apro mozilla (è il mio browser) e visualizzo una pagina web, dopo pochi minuti mi chiude tutto
sia la pagina web che mozilla e quindi devo ricominciare da capo.
Volevo inoltre sapere perchè da qualche tempo mi si aprono in continuazione pagine di pubblicità di internet explorer( che non uso) mentre
prima non si aprivano.ringraziandovi superlativamente e anticipatamente vi allego il file log :

Logfile of Trend Micro

HijackThis v2.0.2
Scan saved at 5:17:11 , on

03/05/2009
Platform: Windows XP SP2

(WinNT 5.01.2600)
MSIE: Internet Explorer

v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon

.exe
C:\WINDOWS\system32\services

.exe
C:\WINDOWS\system32\lsass.ex

e
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\System32\svchost.

exe
C:\WINDOWS\system32\svchost.

exe
C:\WINDOWS\system32\spoolsv.

exe
C:\Programmi\Lavasoft\Ad-Awa

re 2007\aawservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsv

c.exe
C:\WINDOWS\system32\CTsvcCDA

.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\Apache

Group\Apache2\bin\apache.exe
C:\Programmi\Google\Update\G

oogleUpdate.exe
C:\Programmi\Java\jre6\bin\j

qs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.

exe
C:\PROGRA~1\AVG\AVG8\avgnsx.

exe
C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\Apache

Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.

exe
c:\Programmi\Microsoft SQL

Server\90\Shared\sqlwriter.e

xe
C:\WINDOWS\system32\svchost.

exe
C:\PROGRA~1\SPEEDB~3\VideoAc

celeratorService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.

exe
C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\bin\nSvcIp.exe
C:\Programmi\AVG\AVG8\avgcsr

vx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Microsoft

IntelliType Pro\type32.exe
C:\Programmi\Prevx\prevx.exe
C:\Programmi\Microsoft

IntelliPoint\point32.exe
C:\PROGRA~1\SPEEDB~3\VideoAc

celeratorEngine.exe
C:\Programmi\Java\jre6\bin\j

usched.exe
C:\WINDOWS\vsnp2std.exe
C:\PROGRA~1\AVG\AVG8\avgtray

.exe
C:\Programmi\Adobe\Photoshop

Album Starter

Edition\3.0\Apps\apdproxy.ex

e
C:\Programmi\Lexmark 2300

Series\lxcgmon.exe
C:\Programmi\Lexmark 2300

Series\ezprint.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\printcfg

.exe
C:\WINDOWS\system32\lxcgcoms

.exe
C:\Programmi\Windows

Live\Messenger\MsnMsgr.Exe
C:\Programmi\DNA\btdna.exe
C:\Programmi\Google\GoogleTo

olbarNotifier\GoogleToolbarN

otifier.exe
C:\Programmi\Creative\Sync

Manager Unicode\CTSyncU.exe
C:\Programmi\DAP\DAP.EXE
C:\Programmi\WinZip\WZQKPICK

.EXE
C:\Programmi\Windows

Live\Messenger\usnsvc.exe
C:\Programmi\File

comuni\Microsoft

Shared\Windows

Live\WLLoginProxy.exe
C:\Programmi\AVG\AVG8\avgsca

nx.exe
C:\Programmi\AVG\AVG8\avgcsr

vx.exe
C:\Programmi\Adobe\Reader

8.0\Reader\AcroRd32.exe
C:\Programmi\File

comuni\Adobe\Updater5\AdobeU

pdater.exe
C:\Programmi\Mozilla

Firefox\firefox.exe
C:\Documents and

Settings\leonardo\Desktop\GI

NO!!\hijackthis\HijackThis.e

xe

R0 -

HKCU\Software\Microsoft\Inte

rnet Explorer\Main,Start

Page = http://www.google.it/
R1 -

HKLM\Software\Microsoft\Inte

rnet

Explorer\Main,Default_Page_U

RL =

http://go.microsoft.com/fwli

nk/?LinkId=69157
R1 -

HKLM\Software\Microsoft\Inte

rnet

Explorer\Main,Default_Search

_URL =

http://go.microsoft.com/fwli

nk/?LinkId=54896
R1 -

HKLM\Software\Microsoft\Inte

rnet Explorer\Main,Search

Page =

http://go.microsoft.com/fwli

nk/?LinkId=54896
R0 -

HKCU\Software\Microsoft\Inte

rnet

Explorer\Toolbar,LinksFolder

Name = Collegamenti
R3 - URLSearchHook: SrchHook

Class -

{F4F10C1D-87C7-404A-B4B3-000

000000000} -

C:\PROGRA~1\DAP\SBSearch.dll
O1 - Hosts: 82.98.231.89

url.adtrgt.com
O1 - Hosts: 82.98.231.89

googleads2.gdoubleclick.net
O2 - BHO: Supporto di

collegamento per Adobe PDF

Reader -

{06849E9F-C8D7-4D59-B87D-784

B7D6BE0B3} -

C:\Programmi\File

comuni\Adobe\Acrobat\ActiveX

\AcroIEHelper.dll
O2 - BHO: Skype add-on

(mastermind) -

{22BF413B-C6D2-4d91-82A9-A0F

997BA588C} -

C:\Programmi\Skype\Toolbars\

Internet

Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com

IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E6

5E497C8C0} -

C:\Programmi\AVG\AVG8\avgssi

e.dll
O2 - BHO: Guida per

l'accesso a Windows Live -

{9030D464-4C02-4ABF-8ECC-516

4760863C6} -

C:\Programmi\File

comuni\Microsoft

Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: (no name) -

{9d946854-33ef-4c0b-abdc-b3a

e84045c46} -

C:\WINDOWS\system32\homuvise

.dll
O2 - BHO: SBCONVERT -

{A1056498-D09A-41E4-864B-505

EDD640D9E} -

C:\Programmi\SpeedBit Video

Downloader\Toolbar\SpeedBitV

ideoDownloader.dll
O2 - BHO: Google Toolbar

Notifier BHO -

{AF69DE43-7D58-4638-B6FA-CE6

6B5AD205D} -

C:\Programmi\Google\GoogleTo

olbarNotifier\5.1.1309.3572\

swg.dll
O2 - BHO: Java(tm) Plug-In 2

SSV Helper -

{DBC80044-A445-435b-BC74-9C2

5C1C588A9} -

C:\Programmi\Java\jre6\bin\j

p2ssv.dll
O2 - BHO:

JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EAB

FE594F69C} -

C:\Programmi\Java\jre6\lib\d

eploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO -

{F0D4B231-DA4B-4daf-81E4-DFE

E4931A4AA} -

C:\Programmi\AskSBar\bar\1.b

in\ASKSBAR.DLL
O2 - BHO: DAPIELoader Class

-

{FF6C3CF0-4B15-11D1-ABED-709

549C10000} -

C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class -

{FF7C3CF0-4B15-11D1-ABED-709

549C10000} -

C:\PROGRA~1\SPEEDB~2\Toolbar

\grabber.dll
O3 - Toolbar: Ask Toolbar -

{F0D4B239-DA4B-4daf-81E4-DFE

E4931A4AA} -

C:\Programmi\AskSBar\bar\1.b

in\ASKSBAR.DLL
O3 - Toolbar: SpeedBit Video

Downloader -

{0329E7D6-6F54-462D-93F6-F5C

3118BADF2} -

C:\Programmi\SpeedBit Video

Downloader\Toolbar\SpeedBitV

ideoDownloader.dll
O4 - HKLM\..\Run:

[TkBellExe]

"C:\Programmi\File

comuni\Real\Update_OB\realsc

hed.exe" -osboot
O4 - HKLM\..\Run:

[NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dl

l,NvStartup
O4 - HKLM\..\Run: [SkyTel]

SkyTel.EXE
O4 - HKLM\..\Run: [LXCGCATS]

rundll32

C:\WINDOWS\System32\spool\DR

IVERS\W32X86\3\LXCGtime.dll,

_RunDLLEntry@16
O4 - HKLM\..\Run: [type32]

"C:\Programmi\Microsoft

IntelliType Pro\type32.exe"
O4 - HKLM\..\Run:

[IntelliPoint]

"C:\Programmi\Microsoft

IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [nod32kui]

"C:\Programmi\Eset\nod32kui.

exe" /WAITSERVICE
O4 - HKLM\..\Run: [QuickTime

Task]

"C:\Programmi\QuickTime\qtta

sk.exe" -atboottime
O4 - HKLM\..\Run:

[SunJavaUpdateSched]

"C:\Programmi\Java\jre6\bin\

jusched.exe"
O4 - HKLM\..\Run: [snp2std]

C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run:

[AVG8_TRAY]

C:\PROGRA~1\AVG\AVG8\avgtray

.exe
O4 - HKLM\..\Run: [Adobe

Photo Downloader]

"C:\Programmi\Adobe\Photosho

p Album Starter

Edition\3.0\Apps\apdproxy.ex

e"
O4 - HKLM\..\Run:

[lxcgmon.exe]

"C:\Programmi\Lexmark 2300

Series\lxcgmon.exe"
O4 - HKLM\..\Run: [Google

Desktop Search]

"C:\Programmi\Google\Google

Desktop

Search\GoogleDesktop.exe"

/startup
O4 - HKLM\..\Run:

[FaxCenterServer]

"C:\Programmi\Lexmark Fax

Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint]

"C:\Programmi\Lexmark 2300

Series\ezprint.exe"
O4 - HKLM\..\Run: [nwiz]

nwiz.exe /install
O4 - HKLM\..\Run:

[NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray

.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL]

RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe

Reader Speed Launcher]

"C:\Programmi\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Printer

Configuration Manager]

C:\WINDOWS\system32\printcfg

.exe
O4 - HKLM\..\Run:

[layoribeya] Rundll32.exe

"C:\WINDOWS\system32\jijoyow

e.dll",s
O4 - HKLM\..\Run: [c06df94c]

rundll32.exe

"C:\WINDOWS\system32\kufuzok

u.dll",b
O4 - HKCU\..\Run: [msnmsgr]

"C:\Programmi\Windows

Live\Messenger\MsnMsgr.Exe"

/background
O4 - HKCU\..\Run:

[BitTorrent DNA]

"C:\Programmi\DNA\btdna.exe"
O4 - HKCU\..\Run: [swg]

C:\Programmi\Google\GoogleTo

olbarNotifier\GoogleToolbarN

otifier.exe
O4 - HKCU\..\Run:

[CTSyncU.exe]

"C:\Programmi\Creative\Sync

Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run:

[DownloadAccelerator]

"C:\Programmi\DAP\DAP.EXE"

/STARTUP
O4 - HKCU\..\Run: [AnyDVD]

"C:\Programmi\SlySoft\AnyDVD

\AnyDVD.exe"
O4 - HKUS\S-1-5-19\..\Run:

[layoribeya] Rundll32.exe

"C:\WINDOWS\system32\yefuvef

a.dll",s (User 'SERVIZIO

LOCALE')
O4 - HKUS\S-1-5-20\..\Run:

[layoribeya] Rundll32.exe

"C:\WINDOWS\system32\yefuvef

a.dll",s (User 'SERVIZIO DI

RETE')
O4 - HKUS\S-1-5-18\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.E

XE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run:

[CTFMON.EXE]

C:\WINDOWS\system32\CTFMON.E

XE (User 'Default user')
O4 - Global Startup: WinZip

Quick Pick.lnk =

C:\Programmi\WinZip\WZQKPICK

.EXE
O6 -

HKLM\Software\Policies\Micro

soft\Internet

Explorer\Restrictions

present
O8 - Extra context menu

item: &Clean Traces -

C:\Programmi\DAP\Privacy

Package\dapcleanerie.htm
O8 - Extra context menu

item: &Download with &DAP -

C:\Programmi\DAP\dapextie.ht

m
O8 - Extra context menu

item: Download &all with DAP

-

C:\Programmi\DAP\dapextie2.h

tm
O8 - Extra context menu

item: E&sporta in Microsoft

Excel -

res://C:\PROGRA~1\MICROS~3\O

FFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype -

{77BF5300-1474-4EC7-9980-D32

B190E9B07} -

C:\Programmi\Skype\Toolbars\

Internet

Explorer\SkypeIEPlugin.dll
O9 - Extra button: Ricerche

-

{92780B25-18CC-41C8-B9BE-3C9

C571A8263} -

C:\PROGRA~1\MICROS~3\OFFICE1

1\REFIEBAR.DLL
O9 - Extra button: Messenger

-

{FB5F1910-F110-11d2-BB9E-00C

04F795683} -

C:\Programmi\Messenger\msmsg

s.exe
O9 - Extra 'Tools' menuitem:

Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C

04F795683} -

C:\Programmi\Messenger\msmsg

s.exe
O10 - Unknown file in

Winsock LSP:

c:\windows\system32\nwprovau

.dll
O16 - DPF:

{20A60F0D-9AFA-4515-A0FD-83B

D84642501} (Checkers Class)

-

http://messenger.zone.msn.co

m/binary/msgrchkr.cab56986.c

ab
O16 - DPF:

{5D6F45B3-9043-443D-A792-115

447494D24} (UnoCtrl Class) -

http://messenger.zone.msn.co

m/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF:

{B8BE5E93-A60C-4D26-A2DC-220

313175592} (MSN Games -

Installer) -

http://messenger.zone.msn.co

m/binary/ZIntro.cab56649.cab
O16 - DPF:

{C3F79A2B-B9B4-4A66-B012-3EE

46475B072}

(MessengerStatsClient Class)

-

http://messenger.zone.msn.co

m/binary/MessengerStatsPACli

ent.cab56907.cab
O16 - DPF:

{E8F628B5-259A-4734-97EE-BA9

14D7BE941} (Driver Agent

ActiveX Control) -

http://www.driveragent.com/f

iles/driveragent.cab
O17 -

HKLM\System\CCS\Services\Tcp

ip\..\{241CD8F0-48FC-418E-A1

02-0AAC3A133D15}: NameServer

= 85.37.17.12 85.38.28.79
O18 - Protocol: linkscanner

-

{F274614C-63F8-47D5-A4D1-FBD

DE494F8D1} -

C:\Programmi\AVG\AVG8\avgpp.

dll
O18 - Protocol: skype4com -

{FFC8B962-9B40-4DFF-9458-183

0C7DD7F5D} -

C:\PROGRA~1\FILECO~1\Skype\S

KYPE4~1.DLL
O20 - AppInit_DLLs:

C:\WINDOWS\system32\juzuyuva

.dll,C:\WINDOWS\system32\hom

efebe.dll
O20 - Winlogon Notify:

avgrsstarter -

C:\WINDOWS\SYSTEM32\avgrsstx

.dll
O23 - Service: Ad-Aware 2007

Service (aawservice) -

Lavasoft AB -

C:\Programmi\Lavasoft\Ad-Awa

re 2007\aawservice.exe
O23 - Service: ATI Smart -

Unknown owner -

C:\WINDOWS\system32\ati2sgag

.exe
O23 - Service: AVG Free8

E-mail Scanner (avg8emc) -

AVG Technologies CZ, s.r.o.

-

C:\PROGRA~1\AVG\AVG8\avgemc.

exe
O23 - Service: AVG Free8

WatchDog (avg8wd) - AVG

Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsv

c.exe
O23 - Service: Creative

Service for CDROM Access -

Creative Technology Ltd -

C:\WINDOWS\system32\CTsvcCDA

.exe
O23 - Service: CSIScanner -

Prevx -

C:\Programmi\Prevx\prevx.exe
O23 - Service: Forceware Web

Interface

(ForcewareWebInterface) -

Apache Software Foundation -

C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\Apache

Group\Apache2\bin\apache.exe
O23 - Service: Google

Desktop Manager

5.7.806.10245

(GoogleDesktopManager-061008

-081103) - Google -

C:\Programmi\Google\Google

Desktop

Search\GoogleDesktop.exe
O23 - Service: Servizio di

Google Update

(gupdate1c98e1284c2d98c)

(gupdate1c98e1284c2d98c) -

Google Inc. -

C:\Programmi\Google\Update\G

oogleUpdate.exe
O23 - Service: Google

Software Updater (gusvc) -

Google -

C:\Programmi\Google\Common\G

oogle

Updater\GoogleUpdaterService

.exe
O23 - Service: InstallDriver

Table Manager (IDriverT) -

Macrovision Corporation -

C:\Programmi\File

comuni\InstallShield\Driver\

11\Intel 32\IDriverT.exe
O23 - Service: Java Quick

Starter

(JavaQuickStarterService) -

Sun Microsystems, Inc. -

C:\Programmi\Java\jre6\bin\j

qs.exe
O23 - Service: lxcg_device -

-

C:\WINDOWS\system32\lxcgcoms

.exe
O23 - Service: ForceWare IP

service (nSvcIp) - NVIDIA

Corporation -

C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\bin\nSvcIp.exe
O23 - Service: ForceWare

user log service (nSvcLog) -

NVIDIA Corporation -

C:\Programmi\NVIDIA

Corporation\NetworkAccessMan

ager\bin\nSvcLog.exe
O23 - Service: NVIDIA

Display Driver Service

(NVSvc) - NVIDIA Corporation

-

C:\WINDOWS\system32\nvsvc32.

exe
O23 - Service:

VideoAcceleratorService -

Speedbit Ltd. -

C:\PROGRA~1\SPEEDB~3\VideoAc

celeratorService.exe

--
End of file - 12251 bytes


sentitamente ancora grazie e saluti
gianni

[Bebbo22]

Accidenti quanto scrivi! Hai scritto tutta la bibbia
penso anch'io che hai beccato un bel virussone, prova ad installare ANTI MALWARE è molto buono e si scarica gratis
Basta che lo cerchi nel motore di ricerca

[gimar]

Grazie bebbo22 della dritta , ma Malwarebytes Antimalware ce l'ho e l'ho mandato in esecuzione anche ieri sera, ma niente, questo dovrebbe essere una vera rogna
saluti
gianni

[aurelio37]

@ gimar:
Ti conviene ripostare il log come indicato:
Dopo aver cliccato sul file .exe o sull'icona eventualmente creata sul desktop premi il pulsante Do System scan and save a logfile
Si aprirà il file Hijackthis.log con blocco note
Seleziona >Modifica>Seleziona tutto>Tasto Destro del mouse>copia
Incollalo nel Topic seguendo la seguente procedura:
viewtopic.php?f=4&t=79679

Ciao

[valeriot90]

stesso problema è successo anche a me: trojan downloader, apre pagine di pubblicità. Avira non mi rilevava la presenza del virus (che si avviava in memoria ram con il pc!!!!). con avast ho risolto tutto... la chiusura di mozilla non lo so... forse è lo stesso trojan.. rimuovilo con un antivirus...