Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

A-SQUARED blocca le pagine ma non rimuove il problema?

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

A-SQUARED blocca le pagine ma non rimuove il problema?

Messaggioda pierpaoloct » mer ago 19, 2009 8:33 am

Ciao a tutti,
premetto che uso quasi esclusivamente firefox su OS windows XP pro
Ho un antivirus a pagamento installato (kaspersky) e spybot per lo spyware.
Avevo bisogno di un player capace di copiare i fotogramni e ho scaricato liveplayer.
Immediatamente dopo la sua installazione sono cominciati i guai con continue finestre pubblicitarie che si aprivano e spybot che non le segnalava.
La scansione con spybot segnalava un sacco di spyware che io cancellavo ma alla scansione successiva fatta anche solo 2 minuti dopo me li risegnalava(quindi penso che non li avesse cancellati affatto).
In ogni caso non mi bloccava nulla e direi che non si accorgeva di nulla in background.
Ho disinstallato spybot e al suo posto ho installarto A-SQUARED il quale mi ha segnalato un sacco di spyware che io ho cancellato e i guai sembravano finiti.
INVECE NO.
Infatti se a-squared è attivo le pagine vengono bloccate mentere se non è attivo le pagine continuano ad aprirsi imperterrite.
Il che significa che non è stato rimosso un bel niente.
O NO?
E' un bel guaio e non so da che parte farmi.
Potete aiutarmi ?
Grazie
Avatar utente
pierpaoloct
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer ago 19, 2009 8:07 am

Re: A-SQUARED blocca le pagine ma non rimuove il problema?

Messaggioda crazy.cat » mer ago 19, 2009 10:11 am

pierpaoloct ha scritto:Avevo bisogno di un player capace di copiare i fotogramni e ho scaricato liveplayer.

Che sbaglio che hai fatto...
http://www.MegaLab.it/4037/live-player- ... n-sorpresa

Live player e altri programmi simili sono sponsorizzati da favorit che ti piazza un applicazione indesiderata che ti bombarda di pubblicità
http://www.MegaLab.it/4612/favorit-netw ... i-gratuiti

ho installarto A-SQUARED

Secondo errore. Programmi antispyware buoni sono malwarebytes e superantispyware, elimina pure a squared.
http://www.MegaLab.it/4329/prova-pratic ... ti-malware

Scarica combofix, fai una scansione e poi postane il risultato che esce al riavvio del pc.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: A-SQUARED blocca le pagine ma non rimuove il problema?

Messaggioda pierpaoloct » mer ago 19, 2009 11:29 am

ComboFix 09-08-18.01 - Utente 19/08/2009 12.09.15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.1015.573 [GMT 2:00]
Eseguito da: c:\documents and settings\Utente\Documenti\Download\ComboFix.exe
AV: a-squared Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\cckza.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\cckza.exe
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\cckza_nav.dat
c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\cckza_navps.dat
c:\documents and settings\Utente\Menu Avvio\Programmi\Videos.url
c:\documents and settings\Utente\Preferiti\Videos.url
c:\recycler\S-1-5-21-1450429022-2697665234-3837802190-500
c:\recycler\S-1-5-21-1454471165-1644491937-682003330-500
c:\windows\Fonts\TSPECIAL.TTF
c:\windows\install.exe

La copia infetta di c:\windows\system32\mspmsnsv.dll è stata trovata e disinfettata
ipristinata copia da - c:\windows\system32\dllcache\MsPMSNSv.dll

.
((((((((((((((((((((((((( Files Creati Da 2009-07-19 al 2009-08-19 )))))))))))))))))))))))))))))))))))
.

2009-08-13 07:48 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 16:35 . 2009-08-18 16:37 -------- d-----w- c:\programmi\a-squared Anti-Malware
2009-08-12 16:16 . 2009-08-12 16:16 -------- d-----w- c:\programmi\Trend Micro
2009-08-12 15:21 . 2009-08-12 15:21 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2009-08-12 15:21 . 2009-08-13 15:01 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\SUPERAntiSpyware.com
2009-08-12 15:21 . 2009-08-13 15:00 -------- d-----w- c:\programmi\SUPERAntiSpyware
2009-08-12 14:25 . 2009-08-12 14:48 -------- d-----w- c:\programmi\Enigma Software Group
2009-08-12 09:11 . 2009-08-12 09:11 691712 ----a-w- c:\windows\is-HS1AD.exe
2009-08-12 09:10 . 2009-08-12 09:10 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\PC Tools
2009-08-12 09:10 . 2009-08-12 09:10 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\PC Tools
2009-08-12 07:00 . 2009-08-12 15:05 -------- d-----w- c:\programmi\Spyware Doctor
2009-08-11 15:12 . 2009-08-11 15:11 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-11 15:10 . 2009-08-11 15:23 -------- d-----w- c:\documents and settings\Utente\.housecall6.6
2009-08-10 08:10 . 2009-08-10 08:10 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-10 08:10 . 2009-08-10 08:10 -------- d-----w- c:\programmi\MSBuild
2009-08-10 08:10 . 2009-08-10 08:10 -------- d-----w- c:\programmi\Reference Assemblies
2009-08-10 08:09 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-10 08:09 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-10 08:09 . 2009-08-10 08:09 -------- d-----w- C:\581e768eb2e01e4d01
2009-08-10 08:09 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-10 08:09 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-10 08:09 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-10 08:09 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-10 08:09 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-10 08:09 . 2009-08-10 08:20 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-10 08:05 . 2009-08-10 08:05 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-08-05 09:41 . 2009-08-05 09:41 -------- d-----w- c:\programmi\VideoLAN
2009-08-05 08:59 . 2009-08-05 08:59 205312 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 16:33 . 2009-08-13 10:32 -------- d-----w- c:\programmi\PhotoArtist 2
2009-07-28 16:09 . 2009-07-28 16:18 -------- d-----w- c:\programmi\FotoWorksXL
2009-07-28 16:09 . 2009-07-28 16:09 -------- d-----w- c:\programmi\mresreg
2009-07-28 15:06 . 2009-07-28 15:06 -------- d-----w- c:\programmi\Ask Search Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-19 10:16 . 2008-05-24 08:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab
2009-08-19 10:15 . 2008-05-24 08:52 80852 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-19 10:15 . 2008-05-24 08:52 5956640 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-19 10:15 . 2008-05-24 08:52 15332 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-19 10:15 . 2008-05-24 08:52 1064992 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-19 07:39 . 2007-12-29 12:07 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Google Updater
2009-08-19 06:42 . 2006-12-01 09:32 -------- d-----w- c:\programmi\Mozilla Thunderbird
2009-08-18 09:29 . 2006-10-03 09:05 -------- d-----w- c:\programmi\DaneaEasyfatt2006
2009-08-15 16:30 . 2008-02-05 17:57 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\FileZilla
2009-08-15 15:29 . 2008-05-12 14:16 1 ----a-w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-08-15 15:28 . 2006-09-06 09:06 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\OpenOffice.org2
2009-08-14 15:17 . 2006-09-06 10:52 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\CoreFTP
2009-08-14 14:57 . 2009-04-07 07:49 -------- d-----w- c:\programmi\FileZilla FTP Client
2009-08-13 15:01 . 2007-05-11 12:33 -------- d-----w- c:\programmi\File comuni\Wise Installation Wizard
2009-08-12 15:03 . 2007-12-31 16:46 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-08-12 10:41 . 2007-12-29 12:07 -------- d-----w- c:\programmi\Google
2009-08-12 10:06 . 2008-11-09 15:52 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-08-12 10:05 . 2008-11-09 15:52 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-08-12 09:57 . 2006-09-04 09:10 -------- d-----w- c:\programmi\Java
2009-08-10 08:20 . 2006-09-05 14:14 37544 -c--a-w- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-08-10 08:14 . 2006-06-08 12:55 84242 ----a-w- c:\windows\system32\perfc010.dat
2009-08-10 08:14 . 2006-06-08 12:55 488954 ----a-w- c:\windows\system32\perfh010.dat
2009-08-05 08:59 . 2006-06-08 12:55 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 10:39 . 2009-04-20 16:46 -------- d-----w- c:\programmi\Microsoft Silverlight
2009-07-28 15:05 . 2007-11-13 10:26 -------- d-----w- c:\programmi\Messenger Plus! Live
2009-07-27 10:38 . 2008-11-25 15:08 1878984 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-07-17 19:01 . 2006-06-08 12:55 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 16:39 . 2008-05-14 08:51 -------- d-----w- c:\programmi\EditPlus 3
2009-07-13 15:17 . 2009-07-13 15:17 -------- d-----w- c:\programmi\AnvSoft
2009-07-13 08:08 . 2006-06-08 12:55 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 07:18 . 2009-07-13 07:15 -------- d-----w- c:\programmi\www
2009-07-03 16:55 . 2006-06-08 12:55 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:55 . 2009-06-26 16:55 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-06-26 16:55 . 2009-06-26 16:55 -------- d-----w- c:\programmi\HAMLET
2009-06-26 16:55 . 2006-06-08 12:02 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-06-25 09:01 . 2009-06-25 09:01 -------- d-----w- c:\documents and settings\Utente\Dati applicazioni\TrueCrypt
2009-06-25 08:55 . 2009-06-25 08:55 217664 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2009-06-25 08:55 . 2009-06-25 08:54 -------- d-----w- c:\programmi\TrueCrypt
2009-06-23 10:04 . 2008-05-24 08:52 -------- d-----w- c:\programmi\Kaspersky Lab
2009-06-23 09:28 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-23 09:28 . 2009-02-04 14:52 33808 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\klbg.sys
2009-06-23 09:28 . 2008-05-24 08:52 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-23 09:28 . 2008-05-24 08:52 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-23 09:28 . 2008-07-17 13:33 213520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.357\XP\klif.sys
2009-06-16 14:36 . 2006-06-08 12:55 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2006-06-08 12:55 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 10:43 . 2006-06-08 12:55 78336 ----a-w- c:\windows\system32\telnet.exe
2009-06-15 10:43 . 2006-06-08 12:55 82432 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 13:39 . 2009-06-12 13:39 390664 ----a-w- c:\documents and settings\Utente\Dati applicazioni\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-10 14:13 . 2006-06-08 12:55 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:19 . 2006-06-08 11:06 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2006-06-08 12:55 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2006-06-08 12:55 1296384 ----a-w- c:\windows\system32\quartz.dll
2008-07-23 20:34 . 2008-07-23 20:34 449 ----a-w- c:\programmi\Collegamento a CatSpy.lnk
2009-08-12 10:41 . 2009-08-12 10:41 122880 ----a-w- c:\programmi\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-06-03 14:08 . 2008-06-03 14:03 56 --sh--r- c:\windows\system32\18B3EEB8A4.sys
2008-06-03 14:08 . 2008-06-03 14:02 13146 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\programmi\speed-bit\tbspe1.dll" [2007-12-31 1502232]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]
2007-12-31 17:21 1502232 ----a-w- c:\programmi\speed-bit\tbspe1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}"= "c:\programmi\speed-bit\tbspe1.dll" [2007-12-31 1502232]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BA521AC-B9B9-4433-BA45-DBA2F02CBA5A}"= "c:\programmi\speed-bit\tbspe1.dll" [2007-12-31 1502232]

[HKEY_CLASSES_ROOT\clsid\{2ba521ac-b9b9-4433-ba45-dba2f02cba5a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-29 68856]
"MSMSGS"="c:\programmi\Messenger\msmsgs.exe" [2008-04-14 1695232]
"MsnMsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Google Update"="c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus DX4800 Series (Copia 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"REGSHAVE"="c:\programmi\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 196608]
"EPSON Stylus DX4800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIADE.EXE" [2005-02-02 98304]
"Adobe Photo Downloader"="c:\programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 57344]
"AVP"="c:\programmi\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-04 201992]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"TkBellExe"="c:\programmi\File comuni\Real\Update_OB\realsched.exe" [2009-05-11 198160]
"Adobe Reader Speed Launcher"="c:\programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Google Desktop Search"="c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-12 30192]
"a-squared"="c:\programmi\A-SQUARED ANTI-MALWARE\a2guard.exe" [2009-08-17 3209360]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-11-11 90112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.exe.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-11 113664]
HNWU254G Wireless Client Utility.lnk - c:\programmi\HAMLET\HNWU254G\Installer\WINXP\HNWU254G Wireless Client Utility.exe [2009-6-26 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\CatSpyWinlogonNP]
2007-02-21 09:35 61440 ----a-w- c:\windows\system32\CatSpyWinlogonNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29/01/2008 18.29.38 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [25/03/2008 21.07.10 24592]
S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25/01/2002 6.30.52 20480]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 GoogleDesktopManager-060409-093314;Google Desktop Manager 5.9.906.4286;c:\programmi\Google\Google Desktop Search\GoogleDesktop.exe [12/08/2009 12.41.39 30192]
S3 iadusb;Libero IAD LAN Modem;c:\windows\system32\drivers\glauiad.sys [05/09/2006 16.25.53 30371]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [26/06/2009 15.27.46 256000]
S3 UXDCMN;UXDCMN;\??\c:\sysprep\Diag\UXDCMN.SYS --> c:\sysprep\Diag\UXDCMN.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contenuto della cartella 'Scheduled Tasks'

2009-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-08-19 c:\windows\Tasks\Google Software Updater.job
- c:\programmi\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-29 07:54]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441252654-4234774011-1148670568-1004Core.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 10:14]

2009-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-441252654-4234774011-1148670568-1004UA.job
- c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe [2008-09-03 10:14]

2009-08-19 c:\windows\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job
- c:\programmi\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 09:20]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

HKCU-Run-cckza - c:\documents and settings\utente\impostazioni locali\dati applicazioni\cckza.exe


.
------- Scansione supplementare -------
.
uStart Page = http://www.google.com
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\programmi\Windows Live Toolbar\msntb.dll/search.htm
IE: Apri in nuova scheda in primo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/230?11546aaf62b8441395f09437eea80322
IE: Apri in nuova scheda in secondo piano - c:\programmi\Windows Live Toolbar\Components\it-it\msntabres.dll.mui/229?11546aaf62b8441395f09437eea80322
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\programmi\CoreFTP\pftpns.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.co.uk/scan_uk/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Utente\Dati applicazioni\Mozilla\Firefox\Profiles\wbhmjq7x.Utente predefinito\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - component: c:\programmi\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\Utente\Impostazioni locali\Dati applicazioni\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: c:\programmi\File comuni\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\programmi\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npCortona.dll
FF - plugin: c:\programmi\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\programmi\Opera\program\plugins\npmio.dll
FF - plugin: c:\programmi\Picasa2\npPicasa2.dll

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\programmi\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\programmi\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 12:16
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\klogon.dll

- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WININET.dll
c:\windows\system32\webcheck.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\a-squared Anti-Malware\a2service.exe
c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\programmi\Bonjour\mDNSResponder.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\programmi\iPod\bin\iPodService.exe
c:\programmi\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Ora fine scansione: 2009-08-19 12.23.11 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-08-19 10:23

Pre-Run: 38.489.362.432 byte disponibili
Post-Run: 38.486.470.656 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

321 --- E O F --- 2009-08-13 14:50
Avatar utente
pierpaoloct
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer ago 19, 2009 8:07 am

Re: A-SQUARED blocca le pagine ma non rimuove il problema?

Messaggioda crazy.cat » mer ago 19, 2009 12:03 pm

La pubblicità dovrebbe essere sparita, visto che ti ha rilevato alcune altre infezioni fai magari un controllo con superantispyware e vedi se trova altre cose.
Quando i molti governano, pensano solo a contentar sé stessi, si ha allora la tirannia più balorda e più odiosa: la tirannia mascherata da libertà.
Avatar utente
crazy.cat
MLI Hero
MLI Hero
 
Messaggi: 30959
Iscritto il: lun gen 12, 2004 1:38 pm
Località: Mestre

Re: A-SQUARED blocca le pagine ma non rimuove il problema?

Messaggioda pierpaoloct » mer ago 19, 2009 4:41 pm

Grazie, grazie, grazie
sembra davvero tutto risolto

[applauso+]
Avatar utente
pierpaoloct
Neo Iscritto
Neo Iscritto
 
Messaggi: 5
Iscritto il: mer ago 19, 2009 8:07 am


Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 7 ospiti

Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising