Visualizzazione dei risultati da 1 a 7 su 7
  1. #1

    apertura pagine indesiderate

    Ciao, il mio problema è che si aprono sempre pagine in automatico di pubblicità o di altri siti internet. Le pagine che si aprono però non sono casuali ma sono simili nel contenuto al sito su cui stò navigando o alla parola ricercata sul motore di ricerca. Ho eseguito tutti i punti della guida purtroppo senza successo. Questo è il log di HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23.21.56, on 30/04/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18226)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
    C:\Program Files\Dell\MediaDirect\PCMService.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Users\amministratore\AppData\Local\cookooo.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.it/ig/dell?hl=it&c...it&ibd=6090124
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer fornito da Dell
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
    O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [cookooo] "c:\users\amministratore\appdata\local\cookooo.exe " cookooo
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Invia immagine alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Invia pagina alla periferica &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_f091b975\aestsrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
    O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stw rt.inf_f091b975\STacSV.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 8260 bytes



    Grazie

  2. #2
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Scarica navilog1.exe_il mafioso sul desktop e installalo.

    disattiva l'UAC di Vista (qui viene spiegato come disattivarlo microsoft.com)

    Start => Pannello di controllo => Account Utente e protezione per la famiglia (User Accounts and Family Safety) => Account Utente

    Se viene richiesto una password di amministratore, digitare il nome di utente di amministratore e la password e quindi scegliere OK. Se si richiede la conferma, scegliere Continua.

    Deselezionare la casella di controllo Use User Account Control (UAC) .... quindi scegliere OK.

    Riavvia il computer.
    Esegui Navilog1 come amministratore, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione che dovrai postare).
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  3. #3

    risultato di Navilog1

    Grazie mille!




    Search Navipromo version 3.7.6 began on 01/05/2009 at 15.02.51,44

    !!! Warning, this report may include legitimate files/programs !!!
    !!! Post this report on the forum you are being helped !!!
    !!! Don't continue with removal unless instructed by an authorized helper !!!

    Fix running from C:\Program Files\navilog1

    Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

    Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
    BIOS : Ver 1.00 BIOS A07 PARTTBL"
    USER : amministratore ( Administrator )
    BOOT : Normal boot




    C:\ (Local Disk) - NTFS - Total:287 Go (Free:217 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
    E:\ (CD or DVD)


    Search done in normal mode


    *** Search folders in "C:\Windows" ***


    *** Search folders in "C:\Program Files" ***


    *** Search folders in "c:\progra~2\micros~1\windows\startm~1\program s" ***


    *** Search folders in "c:\progra~2\micros~1\windows\startm~1" ***


    *** Search folders in "C:\ProgramData" ***


    *** Search folders in "c:\users\ammini~1\appdata\roaming\micros~1\window s\startm~1\programs" ***


    *** Search folders in "C:\Users\amministratore\AppData\Local\virtualstor e\Program Files" ***



    *** Search folders in "C:\Users\amministratore\AppData\Local" ***




    *** Search folders in "C:\Users\amministratore\AppData\Roaming" ***


    *** Search with Catchme-rootkit/stealth malware detector by gmer ***
    for more info : http://www.gmer.net



    *** Search with GenericNaviSearch ***
    !!! Possibility of legitimate files in the result !!!
    !!! Must always be checked before manually deleting !!!

    * Scan in "C:\Windows\system32" *

    * Scan in "C:\Users\amministratore\AppData\Local\Microso ft" *

    * Scan in "C:\Users\amministratore\AppData\Local" *



    *** Search files ***



    *** Search specific Registry keys ***
    !! Following keys are not certainly all infected !!


    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
    "cookooo"="\"c:\\users\\amministratore\\appdata\\l ocal\\cookooo.exe\" cookooo"


    *** Complementary Search ***
    (Search specific files)

    1)Search new Instant Access files :


    2)Heuristic Search :

    * In "C:\Windows\system32" :


    * In "C:\Users\amministratore\AppData\Local\Microso ft" :


    * In "C:\Users\amministratore\AppData\Local" :

    cookooo.exe found !
    cookooo.dat found !
    cookooo_nav.dat found !
    cookooo_navps.dat found !

    3)Certificates Search :

    Egroup certificate not found !
    Electronic-Group certificate not found !
    Montorgueil certificate not found !
    OOO-Favorit certificate not found !
    Sunny-Day-Design-Ltd certificate not found !

    4)Search others known folders and files :



    *** Search completed on 01/05/2009 at 15.12.59,11 ***

  4. #4
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
    Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
    Quando finisce, riavvia il pc in modalità normale, posta il rapporto cleannavi.txt
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  5. #5

    cleannavi.txt

    Navipromo Removal version 3.7.6 started on 03/05/2009 at 22.08.05,75

    Fix running from C:\Program Files\navilog1

    Updated on 14.03.2009 at 18h00 by IL-MAFIOSO

    Microsoft® Windows Vista™ Home Premium ( v6.0.6001 ) Service Pack 1
    X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz )
    BIOS : Ver 1.00 BIOS A07 PARTTBL"
    USER : amministratore ( Administrator )
    BOOT : Fail-safe boot




    C:\ (Local Disk) - NTFS - Total:287 Go (Free:220 Go)
    D:\ (Local Disk) - NTFS - Total:9 Go (Free:4 Go)
    E:\ (CD or DVD)


    Automatic removal
    with Catchme and GNS results


    Cleanning stage done in safe mode


    *** fsbl1.txt not found ***
    (Check that Catchme found nothing in Search Mode)


    *** Deleting with Backups GenericNaviSearch results ***

    * Deletion in "C:\Windows\System32" *


    * Deletion in "C:\Users\amministratore\AppData\Local\Microso ft" *


    * Deletion in "C:\Users\amministratore\AppData\Local" *



    *** Deleting folders in "C:\Windows" ***


    *** Deleting folders in "C:\Program Files" ***


    *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1\program s" ***


    *** Deleting folders in "c:\progra~2\micros~1\windows\startm~1" ***


    *** Deleting folders in "C:\ProgramData" ***


    *** Deleting folders in c:\users\ammini~1\appdata\roaming\micros~1\windows \startm~1\programs ***


    *** Deleting folders in "C:\Users\amministratore\AppData\Local\virtualstor e\Program Files" ***


    *** Deleting folders in "C:\Users\amministratore\AppData\Local" ***


    *** Deleting folders in "C:\Users\amministratore\AppData\Roaming" ***



    *** Deleting files ***


    *** Deleting temporary files ***

    Cleaning of C:\Windows\Temp done !
    Cleaning of C:\Users\AMMINI~1\AppData\Local\Temp done !

    *** Complementary Search ***
    (Search specific files)

    1)Deletion with backups new Instant Access files:

    2)Heuristic search and deletion with backups :


    * In "C:\Windows\system32" *



    * In "C:\Users\amministratore\AppData\Local\Microso ft" *



    * In "C:\Users\amministratore\AppData\Local" *


    cookooo.exe found !
    Copy cookooo.exe done !
    cookooo.exe deleted !

    cookooo.dat found !
    Copy cookooo.dat done !
    cookooo.dat deleted !

    cookooo_nav.dat found !
    Copy cookooo_nav.dat done !
    cookooo_nav.dat deleted !

    cookooo_navps.dat found !
    Copy cookooo_navps.dat done !
    cookooo_navps.dat deleted !


    *** Copy Registry to Safebackup folder ***

    Backing up Registry done !

    *** Cleaning Registry ***

    Registry cleaned


    *** Certificates ***

    Egroup Certificate not found !
    Electronic-Group Certificate not found !
    Montorgueil Certificate not found !
    OOO-Favorit Certificate not found !
    Sunny-Day-Design-Ltd Certificate not found !


    *** Search others known folders and files ***



    *** Cleaning stage complete on 03/05/2009 at 22.09.44,78 ***

  6. #6
    Utente di HTML.it L'avatar di Deifobe
    Registrato dal
    Oct 2007
    Messaggi
    6,072
    ok, fammi sapere se ora è tutto ok..
    ciao
    ...
    :x:_::_:*:_::_: )(:_:*:_:*:__::_:°FM°:_: )(:_:*:_:x:___

  7. #7

    Ringraziamenti

    Grande!! Sembra proprio tutto ok. Non sò proprio come ringraziarti. CIAO

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.