stefano 67

Mozilla E Ie Aprono Pagine Da Soli

3 messaggi in questa discussione

salve a tutti come da titolo da un po sia mozilla che ie mi aprono pagine da soli nn appena mi connetto ( da ebay a norton security ,zone alarm eccecc)ho fatto le scansioni con malware , a squared e avg.solo malware ha trovato una cosa ( rouge.residue) che ha eliminato ,ma ho visto che ricompare sempre(bho:::) posto il log di hija sperando in una soluzione.

hijackthis.log

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Ciao hyosung,

O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programmi\AskBarDis\bar\bin\askBar.dll (file missing)

O4 - HKCU\..\Run: [uecku] "c:\documents and settings\user\impostazioni locali\dati applicazioni\uecku.exe" uecku

O23 - Service: ASKService - Unknown owner - C:\Programmi\AskBarDis\bar\bin\AskService.exe

O23 - Service: ASKUpgrade - Unknown owner - C:\Programmi\AskBarDis\bar\bin\ASKUpgrade.exe

Esegui combofix ed allega il report

:P:)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

ComboFix 09-03-27.02 - user 2009-03-28 11.38.14.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1918.1224 [GMT 1:00]

Eseguito da: c:\documents and settings\user\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

* Creato nuovo punto di ripristino

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!

.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\user\Dati applicazioni\inst.exe

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\uecku.dat

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\uecku.exe

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\uecku_nav.dat

c:\documents and settings\user\Impostazioni locali\Dati applicazioni\uecku_navps.dat

.

((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_PCIDump

((((((((((((((((((((((((( Files Creati Da 2009-02-28 al 2009-03-28 )))))))))))))))))))))))))))))))))))

.

2009-03-28 11:39 . 2009-03-28 11:39 <DIR> d-------- c:\windows\system32\xircom

2009-03-28 11:39 . 2009-03-28 11:39 <DIR> d-------- c:\programmi\microsoft frontpage

2009-03-25 19:47 . 2009-03-25 19:47 <DIR> d-------- c:\programmi\Trend Micro

2009-03-18 19:43 . 2009-03-18 19:43 <DIR> d-------- c:\documents and settings\user\Dati applicazioni\Pirates of the Atlantic

2009-03-08 14:16 . 2009-03-08 14:16 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf

2009-03-08 14:16 . 2009-03-08 14:16 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motccgp_01005.Wdf

2009-03-08 13:48 . 2009-03-08 13:48 <DIR> d-------- c:\programmi\Motorola

2009-03-08 13:48 . 2009-03-08 13:48 <DIR> d----c--- C:\Program Files

2009-03-08 13:48 . 2007-10-10 17:41 42,112 --a------ c:\windows\system32\drivers\motodrv.sys

2009-03-08 13:48 . 2008-08-21 18:49 18,688 --a------ c:\windows\system32\drivers\motccgp.sys

2009-03-08 13:48 . 2008-08-21 18:49 8,320 --a------ c:\windows\system32\drivers\motccgpfl.sys

2009-03-08 13:48 . 2007-11-02 15:51 6,400 --a------ c:\windows\system32\drivers\motswch.sys

2009-03-08 13:46 . 2009-03-08 13:46 <DIR> d-------- c:\programmi\Avanquest update

2009-03-05 19:59 . 2009-03-25 14:24 69 --a------ c:\windows\NeroDigital.ini

2009-03-05 19:39 . 2009-03-05 19:39 <DIR> d-------- c:\programmi\Nero

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-27 18:49 --------- d-----w c:\programmi\a-squared Free

2009-03-27 18:17 --------- d-----w c:\programmi\Malwarebytes' Anti-Malware

2009-03-26 15:49 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-03-26 15:49 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-03-24 12:42 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\avg8

2009-03-19 17:06 --------- d-----w c:\programmi\Messenger Plus! Live

2009-03-19 16:25 512 -c--a-w C:\drmHeader.bin

2009-03-18 18:51 --------- d-----w c:\programmi\FreeGamePick.com

2009-03-12 18:40 --------- d-----w c:\documents and settings\user\Dati applicazioni\Ahead

2009-03-10 20:01 --------- d-----w c:\documents and settings\user\Dati applicazioni\Winamp

2009-03-10 19:55 --------- d-----w c:\programmi\Winamp

2009-03-08 13:15 --------- d-----w c:\programmi\File comuni\Motorola Shared

2009-03-08 12:48 --------- d-----w c:\programmi\Motorola Phone Tools

2009-03-08 12:46 --------- d--h--w c:\programmi\InstallShield Installation Information

2009-03-05 18:41 --------- d-----w c:\programmi\File comuni\Ahead

2009-03-05 18:32 --------- d-----w c:\programmi\Ahead

2009-02-23 20:28 --------- d-----w c:\programmi\File comuni\Adobe

2009-02-22 20:06 --------- dc----w c:\documents and settings\All Users\Dati applicazioni\nView_Profiles

2009-02-22 12:15 --------- d-----w c:\documents and settings\user\Dati applicazioni\Media Player Classic

2009-02-18 20:13 --------- d-----w c:\documents and settings\user\Dati applicazioni\Vso

2009-02-14 18:13 --------- d-----w c:\programmi\AskBarDis

2009-02-14 17:55 --------- d-----w c:\programmi\Quick Poker

2009-02-14 17:54 74,752 ----a-w c:\windows\ST6UNST.EXE

2009-02-14 17:54 253,952 ------w c:\windows\Setup1.exe

2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll

2009-02-05 09:54 453,152 ----a-w c:\windows\system32\NVUNINST.EXE

2009-02-01 19:44 --------- d-----w c:\documents and settings\user\Dati applicazioni\EPSON

2009-02-01 19:23 --------- d-----w c:\programmi\Play65

2009-01-31 12:53 --------- d-----w c:\programmi\VirtualDJ

2009-01-28 16:16 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

2009-01-28 16:16 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

2009-01-28 16:16 10,520 ----a-w c:\windows\system32\avgrsstx.dll

2009-01-24 19:06 577,376 ------w c:\windows\system32\srnotifier.exe

2009-01-23 11:55 410,984 ----a-w c:\windows\system32\deploytk.dll

2009-01-22 18:47 47,360 ----a-w c:\documents and settings\user\Dati applicazioni\pcouffin.sys

2009-01-21 20:53 315,392 ----a-w c:\windows\HideWin.exe

.

------- Sigcheck -------

2007-01-03 11:51 296960 f959d929a6a22d78e3a6851a9361ce18 c:\windows\system32\termsrv.dll

.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* i valori vuoti & legittimi/default non sono visualizzati.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\programmi\RocketDock\RocketDock.exe" [2006-08-16 364544]

"VisualTaskTips"="c:\programmi\VisualTaskTips\VisualTaskTips.exe" [2008-03-09 61440]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]

"EPSON Stylus DX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE" [2005-03-07 98304]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]

"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2007-01-03 172032]

"RTHDCPL"="RTHDCPL.EXE" [2007-10-16 c:\windows\RTHDCPL.exe]

"nwiz"="nwiz.exe" [2009-02-09 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2007-01-03 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-01-28 17:16 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

--a------ 2009-02-09 13:18 86016 c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

--a------ 2009-02-09 13:18 1657376 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]

--a------ 2007-10-11 11:04 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"wuauserv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"d:\\eMule\\emule.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Programmi\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=

"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programmi\\TeamViewer3\\TeamViewer.exe"=

"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=

"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupX.exe"=

"c:\\Programmi\\File comuni\\Ahead\\Nero Web\\SetupXu.exe"=

"c:\\Programmi\\Motorola\\Software Update\\msu.exe"=

"c:\\Programmi\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"20655:TCP"= 20655:TCP:eMule - TCP

"39220:UDP"= 39220:UDP:eMule - UDP

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-22 107272]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-01-21 13696]

R2 ASKService;ASKService;c:\programmi\AskBarDis\bar\bin\AskService.exe [2009-02-14 464264]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-22 903960]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-22 298264]

S2 ASKUpgrade;ASKUpgrade;c:\programmi\AskBarDis\bar\bin\ASKUpgrade.exe [2009-02-14 234888]

S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-03-08 18688]

S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-03-08 8320]

S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-03-08 42112]

.

- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\programmi\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\programmi\AskBarDis\bar\bin\askBar.dll

HKCU-Run-uecku - c:\documents and settings\user\impostazioni locali\dati applicazioni\uecku.exe

MSConfigStartUp-NeroFilterCheck - c:\windows\system32\NeroCheck.exe

.

------- Scansione supplementare -------

.

IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\user\Dati applicazioni\Mozilla\Firefox\Profiles\ngls0lzk.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Wikipedia (it)

FF - prefs.js: browser.startup.homepage - hxxp://mail.alice.it/index.html

FF - plugin: c:\documents and settings\user\Dati applicazioni\Mozilla\plugins\npPxPlay.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-28 11:40:06

Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo

Files nascosti: 0

**************************************************************************

.

--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(692)

c:\windows\system32\SHSVCS.dll

c:\windows\system32\CLBCATQ.DLL

- - - - - - - > 'lsass.exe'(748)

c:\windows\system32\WLDAP32.dll

c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

c:\windows\system32\ipsecsvc.dll

.

------------------------ Altri processi in esecuzione ------------------------

.

c:\programmi\a-squared Free\a2service.exe

c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\programmi\Java\jre6\bin\jqs.exe

c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe

c:\windows\system32\nvsvc32.exe

c:\programmi\AVG\AVG8\avgrsx.exe

c:\programmi\Photodex\ProShowProducer\scsiaccess.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe

c:\programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe

c:\programmi\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Ora fine scansione: 2009-03-28 11:41:05 - Il pc è stato riavviato [user]

ComboFix-quarantined-files.txt 2009-03-28 10:41:03

Pre-Run: 93.409.882.112 byte disponibili

Post-Run: 93,408,092,160 byte disponibili

194

ho eseguito il combo e questo e il report

cmnq sembratutto ok adesso grazie :):)

Condividi questo messaggio


Link di questo messaggio
Condividi su altri siti

Crea un account o accedi per lasciare un commento

Devi essere un utente registrato per partecipare

Crea un account

Iscriviti per un nuovo account nella nostra community. È facile!


Registra un nuovo account

Accedi

Sei già registrato? Accedi qui.


Accedi Ora