Condividi:        

Apertura pagine pubblicitarie

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Apertura pagine pubblicitarie

Postdi sent » 10/06/07 17:44

Ciao a tutti :)
Mentre navigo in explorer o in firefox si aprono sistematicamente pagine pubblicitarie.
Ho fatto più scansioni con l'antivirus ma non è servito a nulla.
Da hijackthis risulta:

Logfile of HijackThis v1.99.1
Scan saved at 18.11.33, on 10/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027}\Update.exe
C:\Programmi\WinTouch\WinTouch.exe
C:\WINDOWS\gpjxu.exe
C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Ipwindows\ipwins.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\a\Desktop\hi\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3A4B9~1\888Bar.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Programmi\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3A4B9~1\888Bar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{6A4B9151-06C1-1040-0710-050706050027}] "C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027}\Update.exe" te-110-12-0000208
O4 - HKLM\..\Run: [WinTouch] C:\Programmi\WinTouch\WinTouch.exe
O4 - HKLM\..\Run: [SfKg6w] C:\WINDOWS\gpjxu.exe
O4 - HKCU\..\Run: [Rctw] "C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Programmi\Ipwindows\ipwins.exe
O4 - Startup: Ubisoft register.lnk = C:\Programmi\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA359F5-F935-4EBD-8141-80C7C3BDD4E8}: NameServer = 213.230.130.222 213.230.155.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e te-110-12-0000208 (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

Potete aiutarmi?
Grazie mille!

:cry:
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Sponsor
 

Postdi Luke57 » 10/06/07 20:57

Ciao, scarica avenger sul desktop
http://swandog46.geekstogo.com/avenger.zip
scompatta il file.zip
Avvia il file avenger.exe
Seleziona l'opzione "Input Script Manually"
Clicca sulla lente di ingrandimento

Ti si apre una finestra "View/edit script"
All'interno del box bianco,copia e incolla (ctrl+V) le scritte in neretto:




registry keys to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004DEC2-2623-438e-9CA2-C9043AB28508}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4}

registry values to delete:
HKLM\Software\Microsoft\Windows\Current\Run | [{6A4B9151-06C1-1040-0710-050706050027}
HKLM\Software\Microsoft\Windows\Current\Run | WinTouch
HKLM\Software\Microsoft\Windows\Current\Run | SfKg6w
HKLM\Software\Microsoft\Windows\Current\Run | IpWins


Folders to delete:
C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027}
C:\Programmi\WinTouch
C:\Programmi\Ipwindows
C:\PROGRA~1\FILECO~1\{3A4B9~1
C:\Programmi\PeDevice

Files to delete:
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\gpjxu.exe



Clicca sul pulsante Done
Clicca sull'icona del semaforo verde
Rispondi due volte Yes
Il pc dovrebbe riavviarsi da solo,se così non fosse riavvialo manualmente


Il programma rilascia un log con le operazioni eseguite.

Posta il log di Avenger (C:/avenger.txt) con l´esito dello script.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi sent » 12/06/07 20:07

Grazie sei stato gentile e preciso
Ecco il log di Avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\stjuiyhe

*******************

Script file located at: \??\C:\ciktsnce.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027} deleted successfully.
Folder C:\Programmi\WinTouch deleted successfully.
Folder C:\Programmi\Ipwindows deleted successfully.
Folder C:\PROGRA~1\FILECO~1\{3A4B9~1 deleted successfully.


Folder C:\Programmi\PeDevice not found!
Deletion of folder C:\Programmi\PeDevice failed!

Could not process line:
C:\Programmi\PeDevice
Status: 0xc0000034

File C:\WINDOWS\system32\svchosts.exe deleted successfully.
File C:\WINDOWS\gpjxu.exe deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C004DEC2-2623-438e-9CA2-C9043AB28508} deleted successfully.
Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E1412445-4FF8-410e-8D24-F2CF86B171A4} deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\Current\Run|[{6A4B9151-06C1-1040-0710-050706050027}
Deletion of registry value HKLM\Software\Microsoft\Windows\Current\Run|[{6A4B9151-06C1-1040-0710-050706050027} failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\Current\Run|WinTouch
Deletion of registry value HKLM\Software\Microsoft\Windows\Current\Run|WinTouch failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\Current\Run|SfKg6w
Deletion of registry value HKLM\Software\Microsoft\Windows\Current\Run|SfKg6w failed!
Status: 0xc0000034



Could not delete registry value HKLM\Software\Microsoft\Windows\Current\Run|IpWins
Deletion of registry value HKLM\Software\Microsoft\Windows\Current\Run|IpWins failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi Luke57 » 12/06/07 20:58

Ciao, parte dello script di avenger è andata a buon fine, parte no perchè ti ho dato un comando errato.
Ripeti nuovamente avenger, inserendo questa volta lo script seguente:

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | [{6A4B9151-06C1-1040-0710-050706050027}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | WinTouch
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | SfKg6w
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | IpWins
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi sent » 13/06/07 18:56

Ho provato a ripetere avenger ma mi dà errore.
Ti invio il log:
//////////////////////////////////////////
Avenger Pre-Processor log
//////////////////////////////////////////

Fatal error: could not create new script file.
Error code: 1813
Error logged to errorlog.txt. Aborting now!

Grazie! :)
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi Luke57 » 13/06/07 20:01

Ciao, è la vecchiaia che incombe su di me! Ripeti con questo script:

registry values to delete:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | {6A4B9151-06C1-1040-0710-050706050027}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | WinTouch
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | SfKg6w
HKLM\Software\Microsoft\Windows\CurrentVersion\Run | IpWins
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi sent » 13/06/07 20:32

grazie ancora per la disponibilità. Purtroppo continuano ad aprirsi schermate pubblicitarie.
ecco il nuovo log:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\dufwvctw

*******************

Script file located at: \??\C:\WINDOWS\timgatxt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|{6A4B9151-06C1-1040-0710-050706050027} deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|WinTouch deleted successfully.
Registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|SfKg6w deleted successfully.


Could not delete registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|IpWins
Deletion of registry value HKLM\Software\Microsoft\Windows\CurrentVersion\Run|IpWins failed!
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi Luke57 » 13/06/07 20:36

Posta nuovo log di hijackthis, però scarica questo:
http://www.trendsecure.com/portal/en-US ... his_v2.exe
scarica hijackthisv2_exe.
mettilo in una cartella permanente del disco fisso ( non desktop) appositamente dedicata, poi dalla sua collocazione lo apri, premi " do a system scan and save a log file", attendi l'elaborazione di un file di testo (genera il report delle chiavi di registro di avvio e dei processi in esecuzione). Copi e incolli il contenuto del file in un post.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi sent » 13/06/07 20:46

Grazie per la pazienza infinita :)
Ecco il log:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21.43.52, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\File comuni\{6A4B9151-06C0-1040-0710-050706050027}\Update.exe
C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3A4B9~1\888Bar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{6A4B9151-06C0-1040-0710-050706050027}] "C:\Programmi\File comuni\{6A4B9151-06C0-1040-0710-050706050027}\Update.exe" te-110-12-0000208
O4 - HKCU\..\Run: [Rctw] "C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [IpWins] C:\Programmi\Ipwindows\ipwins.exe
O4 - HKCU\..\Policies\Explorer\Run: [{6A4B9151-06C1-1040-0710-050706050027}] "C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027}\Update.exe" te-110-12-0000208
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ubisoft register.lnk = C:\Programmi\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA359F5-F935-4EBD-8141-80C7C3BDD4E8}: NameServer = 213.230.128.222 213.230.129.94
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 6738 bytes
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi Luke57 » 13/06/07 20:57

Ciao, lo script da inserire adesso è questo:


folders to delete:
C:\Programmi\File comuni\{6A4B9151-06C0-1040-0710-050706050027}
C:\PROGRA~1\FILECO~1\{3A4B9~1
C:\Programmi\Ipwindows


files to delete:
C:\WINDOWS\system32\svchosts.exe


Poi apri hijackthisV2_exe, premi "do a system scan only", cerchi e spunti, se presenti, le voci seguenti:
O3 - Toolbar: 888Bar - {C004DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\FILECO~1\{3A4B9~1\888Bar.dll (file missing)
O4 - HKLM\..\Run: [{6A4B9151-06C0-1040-0710-050706050027}] "C:\Programmi\File comuni\{6A4B9151-06C0-1040-0710-050706050027}\Update.exe" te-110-12-0000208
O4 - HKCU\..\Run: [IpWins] C:\Programmi\Ipwindows\ipwins.exe
O4 - HKCU\..\Policies\Explorer\Run: [{6A4B9151-06C1-1040-0710-050706050027}] "C:\Programmi\File comuni\{6A4B9151-06C1-1040-0710-050706050027}\Update.exe" te-110-12-0000208
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe (file missing)

premi fix checked.

Posta solito report di avenger e nuovo log di hiajckthisv2_exe.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Postdi sent » 13/06/07 21:18

CIAO
Ecco il log di Avenger:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vwxxptas

*******************

Script file located at: \??\C:\Documents and Settings\uucrmdfr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Programmi\File comuni\{6A4B9151-06C0-1040-0710-050706050027} deleted successfully.


Folder C:\PROGRA~1\FILECO~1\{3A4B9~1 not found!
Deletion of folder C:\PROGRA~1\FILECO~1\{3A4B9~1 failed!

Could not process line:
C:\PROGRA~1\FILECO~1\{3A4B9~1
Status: 0xc0000034



Folder C:\Programmi\Ipwindows not found!
Deletion of folder C:\Programmi\Ipwindows failed!

Could not process line:
C:\Programmi\Ipwindows
Status: 0xc0000034



File C:\WINDOWS\system32\svchosts.exe not found!
Deletion of file C:\WINDOWS\system32\svchosts.exe failed!

Could not process line:
C:\WINDOWS\system32\svchosts.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
Ora passo ad hijackthis:)
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi sent » 13/06/07 21:39

Ed ecco il log di hijackthis2:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22.36.39, on 13/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Google\Gmail Notifier\gnotify.exe
C:\Programmi\QuickTime\qttask.exe
C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis2\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Programmi\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programmi\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Rctw] "C:\DOCUME~1\a\DOCUME~1\DOBE~1\dvdplay.exe" -vt yazb
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Ubisoft register.lnk = C:\Programmi\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DA359F5-F935-4EBD-8141-80C7C3BDD4E8}: NameServer = 213.230.130.222 213.230.155.94
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: EvtEng - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 5989 bytes
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29

Postdi sent » 13/06/07 22:02

Le cose sono migliorate però continuo ad avere problemi..quando avvio firefox si apre in automatico una pagina di explorer impossibile da visualizzare :(
sent
Newbie
 
Post: 9
Iscritto il: 10/06/07 17:29


Torna a Sicurezza e Privacy


Topic correlati a "Apertura pagine pubblicitarie":

consumo pagine web
Autore: nikita75
Forum: Software Windows
Risposte: 4

Chi c’è in linea

Visitano il forum: Nessuno e 39 ospiti