www.MegaLab.it

[biverde]

Bsera, sono nuovo, ho un problema col pc, mi si aprono pagine internet non volute, ho fatto una scansione con ComboFix, vorrei sapere ora come devo comportarmi, non so come allegare il log. come antivirus ho Avast.
Grazie dell'aiuto!!!

[luigi150183]

Per allegare il log di combofix puoi fare copia-incolla. Fai una scansione approfondita con malwarebytes e hijackthis e posta i log

[crazy.cat]

non so come allegare il log

Così viewtopic.php?f=33&t=45943
Controlla se tra le applicazioni installate nel computer hai poweroffer http://www.MegaLab.it/8144/come-rimuove ... i-computer

[biverde]

omboFix 13-03-05.01 - ADMIN 06/03/2013 12.45.55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.639.397 [GMT 1:00]
Eseguito da: c:\documents and settings\ADMIN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ADMIN\Dati applicazioni\HBLite
c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\dsapgmba.dat
c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\dsapgmba_nav.dat
c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\dsapgmba_navps.dat
c:\documents and settings\ADMIN\WINDOWS
c:\programmi\MyScrapNook_12EI
c:\programmi\MyScrapNook_12EI\Installr\Cache\007449B6.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Creati Da 2013-02-06 al 2013-03-06 )))))))))))))))))))))))))))))))))))
.
.
2013-03-05 17:24 . 2013-03-05 17:24 -------- d-----w- c:\windows\system32\searchplugins
2013-03-05 17:24 . 2013-03-05 17:24 -------- d-----w- c:\windows\system32\Extensions
2013-03-05 17:22 . 2013-03-05 17:22 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Babylon
2013-03-05 17:22 . 2013-03-05 17:22 -------- d-----w- c:\documents and settings\ADMIN\Dati applicazioni\Babylon
2013-02-21 18:15 . 2013-02-21 18:14 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-28 10:22 . 2012-03-31 17:00 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-28 10:22 . 2011-08-08 15:39 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-21 18:14 . 2012-03-20 10:46 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-21 18:14 . 2012-07-03 09:24 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-21 18:14 . 2010-05-27 17:42 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-12 16:45 . 2013-01-12 16:45 10752 ----a-r- c:\documents and settings\ADMIN\Dati applicazioni\Microsoft\Installer\{EBD2BF53-B7D3-48A1-8681-9B9798E4859D}\IconEBD2BF53.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\programmi\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"PosService"="c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe" [2011-12-16 218624]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\programmi\File comuni\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^ADMIN^Menu Avvio^Programmi^Esecuzione automatica^Ritaglio schermata e avvio di OneNote 2007.lnk]
path=c:\documents and settings\ADMIN\Menu Avvio\Programmi\Esecuzione automatica\Ritaglio schermata e avvio di OneNote 2007.lnk
backup=c:\windows\pss\Ritaglio schermata e avvio di OneNote 2007.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=c:\windows\pss\Avvio veloce di Adobe Reader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Windows Search.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-04-28 14:30 133104 ----atw- c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\programmi\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PosService]
2011-12-16 16:44 218624 ----a-w- c:\documents and settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08 417792 ----a-w- c:\programmi\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programmi\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18/06/2011 10.32.47 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/11/2010 9.16.58 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [03/11/2010 9.17.01 21256]
S2 PowerOffer Service;Pos Service;c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\PosService\Pos.exe [28/01/2012 18.19.56 164352]
S2 ServUpdater;Serv Updater;c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe [28/01/2012 18.19.57 156160]
S3 ICDUSB3;ICDUSB3;c:\windows\system32\drivers\ICDUSB3.sys [08/12/2012 19.23.50 11264]
.
--- Altri Servizi/Drivers In Memoria ---
.
*NewlyCreated* - WS2IFSL
.
Contenuto della cartella 'Scheduled Tasks'
.
2013-03-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 10:22]
.
2012-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
2013-03-06 c:\windows\Tasks\avast! Emergency Update.job
- c:\programmi\Alwil Software\Avast5\AvastEmUpdate.exe [2012-10-11 22:50]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1220945662-1801674531-1003Core1cac6ba475b7bf8.job
- c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-28 14:30]
.
2013-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1220945662-1801674531-1003UA.job
- c:\documents and settings\ADMIN\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2009-04-28 14:30]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://search.findeer.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{C4046502-6524-4d87-896C-878F57D1FF07} - c:\programmi\PokerStars.IT\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{26FCA6B2-7F67-4B51-A30A-DEAF991A873F}: NameServer = 176.31.229.24,176.31.229.25
TCP: Interfaces\{3CE0DD93-73BE-49FC-A079-E1C289E74703}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DA2629B5-8222-4DA6-814D-F47ACDA6DECC}: NameServer = 8.8.8.8,8.8.4.4
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
MSConfigStartUp-dsapgmba - c:\documents and settings\admin\impostazioni locali\dati applicazioni\dsapgmba.exe
MSConfigStartUp-Google Desktop Search - c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-HBLiteSA - c:\programmi\HBLite\bin\11.0.396.0\HBLiteSA.exe
MSConfigStartUp-iTunesHelper - c:\programmi\iTunes\iTunesHelper.exe
MSConfigStartUp-LanguageShortcut - c:\programmi\CyberLink\PowerDVD\Language\Language.exe
MSConfigStartUp-RemoteControl - c:\programmi\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-SunJavaUpdateSched - c:\programmi\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-WinampAgent - c:\programmi\Winamp\winampa.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-06 13:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'explorer.exe'(2928)
c:\windows\system32\WININET.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\Alwil Software\Avast5\AvastSvc.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre7\bin\jqs.exe
c:\programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\documents and settings\All Users\Documenti\AppData\PoApp\PService.exe
c:\windows\System32\logon.scr
.
**************************************************************************
.
Ora fine scansione: 2013-03-06 13:26:25 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2013-03-06 12:26
.
Pre-Run: 1.741.336.576 byte disponibili
Post-Run: 2.516.406.272 byte disponibili
.
- - End Of File - - 17CA2904AC472B3021740F769B6A8A25

questo è il log che mi ha fornito combofix...Crazy si avevo installato poweroffer, l'ho rimosso, ora provo se tutto va bene dopo chiudo il post :) .....P.S. se volevo inserire il file di testo del log, come dovevo fare???

[hashcat]

Noto che sono presenti alcune "inutility" che conviene rimuovere. Leggi QUESTO articolo.

Utilizza Adwcleaner in modalità "Delete" e posta il relativo log.

[biverde]

Si ho fatto la scansione con adwClenear ecco il log

# AdwCleaner v2.114 - Logfile creato il 08/03/2013 alle 13:01:32
# Aggiornamento 05/03/2013 by Xplode
# Sistema Operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Utente : ADMIN - UTENTE-64B91C9D
# Modalità Avvio : Modalità Normale
# Eseguito da : C:\Documents and Settings\ADMIN\Documenti\Downloads\AdwCleaner.exe
# Opzioni [Elimina]


***** [Servizi] *****


***** [File / Cartelle] *****

Cartella Eliminato : C:\Documents and Settings\ADMIN\Dati applicazioni\Babylon

***** [Registro] *****

Chiave Eliminata : HKCU\Software\5255ddd9e03ce845
Chiave Eliminata : HKCU\Software\BabylonToolbar
Chiave Eliminata : HKCU\Software\DataMngr_Toolbar
Chiave Eliminata : HKCU\Software\HBLite
Chiave Eliminata : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\BrowserProtect
Chiave Eliminata : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminata : HKCU\Software\Mp3Tube
Chiave Eliminata : HKLM\SOFTWARE\5255ddd9e03ce845
Chiave Eliminata : HKLM\Software\Babylon
Chiave Eliminata : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chiave Eliminata : HKLM\SOFTWARE\Classes\Prod.cap
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Homepage Protection Service
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Chiave Eliminata : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

***** [Browser Internet] *****

-\\ Internet Explorer v7.0.6000.17108

[OK] Registro Pulito.

-\\ Google Chrome v25.0.1364.152

File : C:\Documents and Settings\ADMIN\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Preferences

[OK] File Pulito.

*************************

AdwCleaner[S1].txt - [2497 octets] - [08/03/2013 13:01:32]

########## EOF - C:\AdwCleaner[S1].txt - [2557 octets] ##########

[crazy.cat]

Si ho fatto la scansione con adwClenear ecco il log

Hai risolto il problema?

[biverde]

Hai risolto il problema?

Si sembra che tutto vada bene

[biverde]

problema risolto grazie a tutti per l'aiuto

[hashcat]

Ottimo.

[valelav]

Salve, sono nuova. Ho anch'io lo stesso problema: si aprono delle pagine internet.
Come posso risolvere? Help me please