PDA

Visualizza la versione completa : Come eliminare pagine pubblicitarie che si aprono da sole navigando,aiuto.


toffee84
24-09-2012, 17:49
Mi si aprono appena entro su mozilla,ma anche su explorer,sono incontri adult,annunci lavoro,adozioni,poker...di tutto.Ho provato con Ccleaner,spyboot,windos system care,malwarebytes...scansioni con Avira e nod,ma niente!E' un continuo e odio navigare così.
Aiutatemi,vi posto la scansione con Hijackthis e spero possiate aiutarmi presto.
Grazie anticipatamente


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:48:53, on 24/09/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\lsm\lsm.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)
O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)
O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{B12D3E35-0C3E-4008-853B-B43EC9A8F3F2}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD4E6F3-30EF-48DE-9C23-966D975C9D90}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Auto Update Service (AUS) - MS - C:\Program Files (x86)\lsm\aus.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Login Session Manager (LSM) - MS - C:\Program Files (x86)\lsm\lsm.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Users\Ale\AppData\Local\ServUpdater\ServiceUpd. exe
O23 - Service: Software Upd (SoftwareUpd) - SoftwareUpdService - C:\Users\Ale\AppData\Local\SoftwareUpdater\Softwar eUpdService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8737 bytes

darkkik
28-09-2012, 10:44
Spostato in Sicurezza.

menatwork
28-09-2012, 10:55
ciao toffee84

segui la procedura per eliminare le infezioni presenti nel pc

apri hijackthis ripeti la scansione, metti la spunta accanto alle caselle che ti indico e premi fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R3 - URLSearchHook: (no name) - {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - (no file)

O2 - BHO: SearchToolbar.ShowToolbarBHO - {86a3cdaa-9b25-480e-b73f-c2d359b87966} - mscoree.dll (file missing)

O3 - Toolbar: SearchToolbar - {691ca8ec-7205-4aa9-bdd6-15493d16f835} - mscoree.dll (file missing)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)

O17 - HKLM\System\CCS\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{B12D3E35-0C3E-4008-853B-B43EC9A8F3F2}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CCS\Services\Tcpip\..\{CDD4E6F3-30EF-48DE-9C23-966D975C9D90}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS1\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25

O17 - HKLM\System\CS2\Services\Tcpip\..\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25

vai su start>pannello di controllo> connessioni di rete fai click destro sulla tua connessione> proprietà fai doppio click su Protocollo Internet(TCP/IP) e seleziona "ottieni indirizzo server DNS automaticamente" clicca ok e riavvia

scarica adwcleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner) clicca su ''delete'' e posta il log


Scarica OTL (http://oldtimer.geekstogo.com/OTL.exe) e salvalo sul desktop

Metti la spunta su SCAN ALL USERS.

Sotto output, metti la spunta su minimal output

Clicca sulla freccettina di File Age e seleziona 60 Days

Metti la spunta a LOP Check e Purity Check.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e allegali

toffee84
30-09-2012, 21:50
ciao menatwork grazie!ho fatto le scansioni,ma non me le fà allegare perchè il formato è .txt se copio e incollo mi dice che il messaggio è troppo lungo che faccio?

menatwork
01-10-2012, 00:31
allegalo su wikisend o qui => http://www.freefilehosting.net/

toffee84
01-10-2012, 15:13
http://www.freefilehosting.net/extras_5


http://www.freefilehosting.net/showdownload.php/otltxt1_1


http://www.freefilehosting.net/showdownload.php/adwcleaners1_1

se fai copia e incolla sul link riesci a vedere?speriamo!

menatwork
01-10-2012, 15:40
hai delle chiavi infette da zero access, forse va di moda infettarsi cosi'


fammi queste due scansioni

scarica TDSSKiller (http://support.kaspersky.com/viruses/solutions?qid=208280684) sul desktop ed estrai il contenuto

Start > Esegui > copia/incolla il seguente comando e dai OK.

"%userprofile%\Desktop\TDSSKiller.exe"

Clicca su Start Scan.
Se c’è un’infezione, l'azione di default sarà cure. Clicca su continua.
Se c’è il sospetto di un’infezione, l'azione di default sarà skip. Clicca su continua.
Se viene richiesto il riavvio, accetta.
Il rapporto si troverà in C:, sotto queste sembianze: TDSSKiller.[Version]_[Date]_[Time]_log.txt
Se non è stato richiesto il riavvio, chiudi e clicca su report. Salva il contenuto in un file di testo e allegalo



scarica combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix (http://www.bleepingcomputer.com/combofix/it/come-usare-combofix)

toffee84
01-10-2012, 17:11
http://www.freefilehosting.net/showdownload.php/logcombofix

http://www.freefilehosting.net/showdownload.php/tdsskiller2746001102012170344log

menatwork
01-10-2012, 21:18
controllami sul sito virustotal questo file, non sono sicuro della sua legittimita'

C:\Windows\lwd.exe

dimmi anche se conosci queste cartelle, se la risposta e' no, eliminale

C:\Users\Ale\AppData\Roaming\.#


C:\Users\Ale\AppData\Roaming\Zylom

ora apri otl e copia nello spazio bianco questo testo in blu





:OTL
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
SRV - (ServUpdater) -- C:\Users\Ale\AppData\Local\ServUpdater\ServiceUpd. exe (ServiceUpd)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\.DEFAULT\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-18\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - No CLSID value found
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
IE - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\URLSearchHook: {4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1} - No CLSID value found
IE - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\SearchScopes\{4CF5A03C-0E6E-4A72-975D-40F9288EC20F}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851640
IE - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://search.chatzum.com/?q={searchTerms}
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.5
FF - prefs.js..extensions.enabledItems: emoticoons-toolbar@emoticoons.com:1.2
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {37D48D9C-3F7E-412F-B5BF-611BE7CCFCA1} - No CLSID value found.
O3 - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2243146404-3074312623-576932842-1000\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4 - HKU\S-1-5-21-2243146404-3074312623-576932842-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{23FC5746-37C6-4CD0-AAC0-CBDE85A03DDB}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{B12D3E35-0C3E-4008-853B-B43EC9A8F3F2}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{CD0A5032-3D3C-4592-8D93-C5B7CF2B18B0}: NameServer = 176.31.229.24,176.31.229.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{CDD4E6F3-30EF-48DE-9C23-966D975C9D90}: NameServer = 176.31.229.24,176.31.229.25

:Files
ipconfig /flushdns /c

:commands
[purity]
[Reboot]

clicca su RUN FIX e allega il log che rilascia

toffee84
01-10-2012, 22:07
fatto eliminate cartelle che erano riferite sicuramente a vecchi giochi scaricati online
copiata citazione su otl,ma che comando devo dargli???

Loading