Condividi:        

Problema con finestre internet

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

Problema con finestre internet

Postdi mohito » 30/08/08 12:30

Ciao. Spero riuscirete ad aiutarmi... Si aprono in continuazione finestre indesiderate. Ho effettuato la scansione ed è uscito questo:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20.08.35, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\VNICMon.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Programmi\Windows Live Toolbar\msn_sl.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\28UZ5232\HiJackThis_v2[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ExpertEnhancer - {35069396-3567-9D8B-86E5-B3D3B89DD644} - C:\Programmi\ExpertEnhancer\ExpertEnhancer-2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe"
O4 - HKLM\..\Run: [XP HOT F1XS] KB15763.exe
O4 - HKLM\..\Run: [HOT FIX] Gothic.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Once Name Hope Play] C:\Documents and Settings\All Users\Dati applicazioni\Memo upload once name\wave cash.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe
O4 - HKLM\..\Run: [kiss] C:\Programmi\sdaskdjas\ts.exe
O4 - HKLM\..\Run: [BearShare] "C:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [XP HOT F1XS] KB15763.exe
O4 - HKLM\..\RunServices: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP4] igfsfdsda32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [XP HOT F1XS] KB15763.exe
O4 - HKCU\..\Run: [HOT FIX] Gothic.exe
O4 - HKCU\..\Run: [4 axis] C:\DOCUME~1\PROPRI~1\DATIAP~1\BROWSE~1\BurnGreyByte.exe
O4 - HKCU\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [XP HOT F1XS] KB15763.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [XP HOT F1XS] KB15763.exe (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 2224599484
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://mantide88.spaces.live.com/PhotoU ... nPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1921FFD7-FEF2-4F3D-B159-2D276FE8F6D5}: NameServer = 213.205.36.70 213.205.32.70
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: XP HOT F1XS (live.microsoft.com) - Unknown owner - C:\WINDOWS\system32\KB15763.exe (file missing)
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)

--
End of file - 8109 bytes
mohito
Newbie
 
Post: 8
Iscritto il: 29/08/08 18:58

Sponsor
 

Re: Problema con finestre internet

Postdi Luke57 » 30/08/08 14:36

Ciao, sei sommerso dalle infezioni; copia hijackthis.exe in una cartella del disco fisso, appositamente dedicata, tipo C:\programmi\hijckthis.
Da lì lo lanci, premi "do a system scan only", cerca e spunta le voci seguenti:
O2 - BHO: ExpertEnhancer - {35069396-3567-9D8B-86E5-B3D3B89DD644} - C:\Programmi\ExpertEnhancer\ExpertEnhancer-2.dll
O4 - HKLM\..\Run: [XP HOT F1XS] KB15763.exe
O4 - HKLM\..\Run: [HOT FIX] Gothic.exe
O4 - HKLM\..\Run: [Once Name Hope Play] C:\Documents and Settings\All Users\Dati applicazioni\Memo upload once name\wave cash.exe
O4 - HKLM\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe
O4 - HKLM\..\Run: [kiss] C:\Programmi\sdaskdjas\ts.exe
O4 - HKLM\..\RunServices: [XP HOT F1XS] KB15763.exe
O4 - HKLM\..\RunServices: [HOT FIX] Gothic.exe
O4 - HKLM\..\RunServices: [MicroSoft Visual SP4] igfsfdsda32.exe
4 - HKCU\..\Run: [XP HOT F1XS] KB15763.exe
O4 - HKCU\..\Run: [HOT FIX] Gothic.exe
O4 - HKCU\..\Run: [4 axis] C:\DOCUME~1\PROPRI~1\DATIAP~1\BROWSE~1\BurnGreyByte.exe
O4 - HKUS\S-1-5-18\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [XP HOT F1XS] KB15763.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [XP HOT F1XS] KB15763.exe (User 'Default user')
O4 - HKCU\..\Run: [MicroSoft Visual SP4] igfsfdsda32.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Programmi\Save\Save.exe"
O23 - Service: XP HOT F1XS (live.microsoft.com) - Unknown owner - C:\WINDOWS\system32\KB15763.exe (file missing)
O23 - Service: Microsoft Windows TCP Protocol - Unknown owner - C:\WINDOWS\System32\dllcache\wintcps.exe (file missing)

premi fix checked.

da risorse del computer>strumenti>opzioni cartella>visualizzazione, metti la spunta a "visualizza file e cartelle nascosti">ok.
cerca ed elimina i file o cartelle in neretto, se presenti:
C:\Programmi\ExpertEnhancer\ExpertEnhancer-2.dll
C:\DOCUME~1\PROPRI~1\DATIAP~1\BROWSE~1\BurnGreyByte.exe
C:\Programmi\Save\Save.exe
C:\Documents and Settings\All Users\Dati applicazioni\Memo upload once name\wave cash.exe

Svuota il cestino.

Poi, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Problema con finestre internet

Postdi mohito » 30/08/08 16:31

Ho fatto tutto la scansione e questo è il risultato:

ComboFix 08-08-29.02 - Proprietario 2008-08-30 17.05.49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.72 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ALESSIO\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Proprietario\Cookies\proprietario@ad.yieldmanager[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@bastioneantivirus[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@clickpoint[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@ehg-deltatre.hitbox[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@mediatraffic[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@toolsicuro[2].txt
C:\Documents and Settings\Proprietario\Cookies\proprietario@tradedoubler[2].txt
C:\Programmi\FBrowserAdvisor
C:\Programmi\FBrowsingAdvisor
C:\Programmi\FBrowsingAdvisor\IXPCOMEvents.xpt
C:\Programmi\FBrowsingAdvisor\Logo.png
C:\Programmi\FBrowsingAdvisor\main.db
C:\Programmi\FBrowsingAdvisor\unins000.dat
C:\Programmi\FBrowsingAdvisor\unins000.exe
C:\Programmi\FBrowsingAdvisor\XPCOMEvents.dll
C:\WINDOWS\system32\n.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MICROSOFT_WINDOWS_TCP_PROTOCOL
-------\Service_Microsoft Windows TCP Protocol


((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-30 )))))))))))))))))))))))))))))))))))
.

2008-08-30 16:41 . 2008-08-30 16:50 <DIR> d-------- C:\HiJackThis_v2
2008-08-20 10:56 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 12:33 . 2008-08-30 16:57 <DIR> d-------- C:\Programmi\ExpertEnhancer
2008-08-04 12:33 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-07-21 12:35 . 2008-08-30 16:59 <DIR> d-------- C:\Programmi\Save
2008-07-19 12:41 . 2008-07-19 12:41 <DIR> d--hs---- C:\found.001
2008-07-18 20:38 . 2008-07-18 20:38 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-26 15:44 --------- d-----w C:\Programmi\sdfhfgd
2008-07-26 15:44 --------- d-----w C:\Programmi\sdaskdjas
2008-07-26 15:41 --------- d-----w C:\Programmi\dfksdkfksdl
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 13:24 68856]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-02-05 17:36 190024]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 13:35 335872]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 11:25 266497]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-02-04 18:02 462848]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-02-05 17:36 190024]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BearShare"="C:\Programmi\BearShare\BearShare.exe" [2006-07-26 13:48 3305472]
"NIC Monitor"="VNICMon.exe" [2002-05-30 22:31 40960 C:\WINDOWS\system32\VNICMon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\BearShare\\BearShare.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-04-22 11:58]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-19 11:25]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-02-04 18:02]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-02-04 18:02]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-02-04 18:02]
S2 live.microsoft.com;XP HOT F1XS;C:\WINDOWS\system32\KB15763.exe []
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS [2001-07-26 15:02]
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-30 C:\WINDOWS\Tasks\9DE352CD9185161D.job
- c:\docume~1\propri~1\datiap~1\browse~1\secondsizeup.exe []

2008-08-30 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.
- - - - ORFÇOS REMOVIDOS - - - -

HKU-Default-Run-XP HOT F1XS - KB15763.exe
HKU-Default-Run-HOT FIX - Gothic.exe
HKU-Default-RunOnce-HOT FIX - Gothic.exe
HKU-Default-RunOnce-MicroSoft Visual SP4 - igfsfdsda32.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.it/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: &Windows Live Search - C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O16 -: DirectAnimation Java Classes - file://C:\WINDOWS\Java\classes\dajava.cab
C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-30 17:11:37
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
.
**************************************************************************
.
Ora fine scansione: 2008-08-30 17:17:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-30 15:17:47

Pre-Run: 66,851,651,584 byte disponibili
Post-Run: 67,171,258,368 byte disponibili

135 --- E O F --- 2008-08-20 15:10:41


Grazie
mohito
Newbie
 
Post: 8
Iscritto il: 29/08/08 18:58

Re: Problema con finestre internet

Postdi Luke57 » 30/08/08 16:43

Ok, adesso apri un file di testo (dal blocco note di windows), copia questo codice:

Codice: Seleziona tutto
File::
C:\WINDOWS\Tasks\9DE352CD9185161D.job

Folder::
C:\Programmi\ExpertEnhancer
C:\Programmi\Save
C:\Programmi\sdfhfgd
C:\Programmi\sdaskdjas
C:\Programmi\dfksdkfksdl


incollalo nel file di testo, salva il file nella stessa direzione di combofix, chiamandolo obbligatoriamente CFScript.txt trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione ed eventuale riavvio. Posta il nuovo report, se prodotto.
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Problema con finestre internet

Postdi mohito » 31/08/08 12:00

Questo è il nuovo report:

ComboFix 08-08-30.03 - Proprietario 2008-08-31 12.50.03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.78 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Proprietario\Desktop\ALESSIO\ComboFix.exe
Command switches used :: C:\Documents and Settings\Proprietario\Desktop\ALESSIO\CFScript.txt
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\dfksdkfksdl
C:\Programmi\dfksdkfksdl\gt.x
C:\Programmi\dfksdkfksdl\hd.exe
C:\Programmi\dfksdkfksdl\knlps.sys
C:\Programmi\dfksdkfksdl\law.x
C:\Programmi\dfksdkfksdl\murd3r
C:\Programmi\dfksdkfksdl\orrl.exe
C:\Programmi\dfksdkfksdl\ps2m.exe
C:\Programmi\dfksdkfksdl\remote.ini
C:\Programmi\dfksdkfksdl\w.e
C:\Programmi\ExpertEnhancer
C:\Programmi\ExpertEnhancer\ExpertEnhancer.dat
C:\Programmi\ExpertEnhancer\pcre3.dll
C:\Programmi\ExpertEnhancer\uninstall.exe
C:\Programmi\Save
C:\Programmi\Save\ACM.dll
C:\Programmi\Save\ffext.mod
C:\Programmi\Save\save.db
C:\Programmi\Save\save.htm
C:\Programmi\Save\SaveUninst.exe
C:\Programmi\Save\store.db
C:\Programmi\sdaskdjas
C:\Programmi\sdaskdjas\hd.exe
C:\Programmi\sdaskdjas\murd3r
C:\Programmi\sdaskdjas\murdEr.sys
C:\Programmi\sdaskdjas\nassor
C:\Programmi\sdaskdjas\remote.ini
C:\Programmi\sdfhfgd
C:\Programmi\sdfhfgd\gt.x
C:\Programmi\sdfhfgd\hd.exe
C:\Programmi\sdfhfgd\knlps.sys
C:\Programmi\sdfhfgd\law.x
C:\Programmi\sdfhfgd\murd3r
C:\Programmi\sdfhfgd\orrl.exe
C:\Programmi\sdfhfgd\ps2m.exe
C:\Programmi\sdfhfgd\remote.ini
C:\Programmi\sdfhfgd\w.e
C:\WINDOWS\Tasks\9DE352CD9185161D.job

.
((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-31 )))))))))))))))))))))))))))))))))))
.

2008-08-30 16:41 . 2008-08-30 16:50 <DIR> d-------- C:\HiJackThis_v2
2008-08-20 10:56 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-04 12:33 . 2006-04-14 23:05 9,952 --a------ C:\regxpcom.exe
2008-07-19 12:41 . 2008-07-19 12:41 <DIR> d--hs---- C:\found.001
2008-07-18 20:38 . 2008-07-18 20:38 586,752 --a------ C:\WINDOWS\WLXPGSS.SCR
2008-07-07 22:31 . 2008-07-07 22:31 253,952 -----c--- C:\WINDOWS\system32\dllcache\es.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-07 05:14 1,292,800 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-30_17.17.20.56 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-08-20 15:06:56 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-08-30 15:36:42 135,168 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-20 15:06:56 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
+ 2008-08-30 15:36:42 40,960 ----a-r C:\WINDOWS\Installer\{90840409-6000-11D3-8CFE-0150048383C9}\xlvicon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-15 13:24 68856]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-02-05 17:36 190024]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-06-05 13:35 335872]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-19 11:25 266497]
"CnxDslTaskBar"="C:\Programmi\Trust\Trust MD3100 USB ADSL MODEM\CnxDslTb.exe" [2008-02-04 18:02 462848]
"MessengerPlus3"="C:\Programmi\MessengerPlus! 3\MsgPlus.exe" [2008-02-05 17:36 190024]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"BearShare"="C:\Programmi\BearShare\BearShare.exe" [2006-07-26 13:48 3305472]
"NIC Monitor"="VNICMon.exe" [2002-05-30 22:31 40960 C:\WINDOWS\system32\VNICMon.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.dvsd"= pdvcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\BearShare\\BearShare.exe"=

R0 avgntmgr;avgntmgr;C:\WINDOWS\system32\DRIVERS\avgntmgr.sys [2008-04-22 11:58]
R1 avgntdd;avgntdd;C:\WINDOWS\system32\DRIVERS\avgntdd.sys [2008-07-19 11:25]
R3 CnxEtP;Trust MD3100 USB ADSL MODEM LAN Adapter Filter Driver;C:\WINDOWS\system32\DRIVERS\CnxEtP.sys [2008-02-04 18:02]
R3 CnxEtU;Trust MD3100 USB ADSL MODEM Loader;C:\WINDOWS\system32\DRIVERS\CnxEtU.sys [2008-02-04 18:02]
R3 CnxTgN;Trust MD3100 USB ADSL MODEM LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\CnxTgN.sys [2008-02-04 18:02]
S2 live.microsoft.com;XP HOT F1XS;C:\WINDOWS\system32\KB15763.exe []
S3 VNICPKT5;VNICPKT5 Protocol Driver;C:\WINDOWS\System32\VNICPKT5.SYS [2001-07-26 15:02]

*Newly Created Service* - CATCHME
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-31 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 12:20]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 12:52:12
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-31 12:55:12
ComboFix-quarantined-files.txt 2008-08-31 10:55:09
ComboFix2.txt 2008-08-30 15:30:23

Pre-Run: 67,117,568,000 byte disponibili
Post-Run: 67,105,497,088 byte disponibili

129 --- E O F --- 2008-08-30 15:36:45
mohito
Newbie
 
Post: 8
Iscritto il: 29/08/08 18:58

Re: Problema con finestre internet

Postdi Luke57 » 31/08/08 17:00

Ciao, sembra ok, hai sempre problemi?
Luke57
Moderatore
 
Post: 6413
Iscritto il: 11/08/05 19:10

Re: Problema con finestre internet

Postdi mohito » 01/09/08 09:19

Le finestre sono scomparse ed il pc è molto più veloce.. Grazie mille Luke57 e complimenti per il forum ;)
mohito
Newbie
 
Post: 8
Iscritto il: 29/08/08 18:58


Torna a Sicurezza e Privacy


Topic correlati a "Problema con finestre internet":

Problema con il mouse
Autore: crisge73
Forum: Discussioni
Risposte: 9

Chi c’è in linea

Visitano il forum: Nessuno e 40 ospiti

cron