Apertura finestre di Internet Explorer senza autorizzazione.

_XenO_

Utente Attivo
1,347
20
CPU
AMD Phenom II X4 955 @ 4Ghz cooled by Noctua D-14
Scheda Madre
Asrock 890GX Extreme 3
HDD
SAMSUNG 500GB 7200rpm 16MB Spinpoint F3 + WD Caviar Blue 320GB (O.S.)
RAM
DDR3 1600Mhz PC12800 4GB G.Skill ECO CL8 (2x2GB)
GPU
Sapphire 6970 cooled by Accelero Extreme Plus
Audio
X-fi XtremeGamer Fatality Pro
Monitor
HP w1907v 1440x900
PSU
LC-POWER Green Power V2.3 650W
Case
Aerocool XPredator
OS
Windows 7 Ultimate x64
Ciao ragazzi. :)

Da un paio di giorni mi ritrovo delle finestre di IE che si aprono per i cavoli loro.
Per esempio, gioco per una mez'oretta, e alla chiusura mi ritrovo 2 finestre aperte su pubblicità. :doh:

Anche adesso mentre scrivo, mi si è aperta una finestra. :oogle:

Mi sapreste dire cosa cavolo potrebbe essere?

Grazie in anticipo per l'aiuto. :inchino:

N.B.: utilizzo Google Chrome come browser.
 

_XenO_

Utente Attivo
1,347
20
CPU
AMD Phenom II X4 955 @ 4Ghz cooled by Noctua D-14
Scheda Madre
Asrock 890GX Extreme 3
HDD
SAMSUNG 500GB 7200rpm 16MB Spinpoint F3 + WD Caviar Blue 320GB (O.S.)
RAM
DDR3 1600Mhz PC12800 4GB G.Skill ECO CL8 (2x2GB)
GPU
Sapphire 6970 cooled by Accelero Extreme Plus
Audio
X-fi XtremeGamer Fatality Pro
Monitor
HP w1907v 1440x900
PSU
LC-POWER Green Power V2.3 650W
Case
Aerocool XPredator
OS
Windows 7 Ultimate x64
Non mi fa allegare il log. :(
 

_XenO_

Utente Attivo
1,347
20
CPU
AMD Phenom II X4 955 @ 4Ghz cooled by Noctua D-14
Scheda Madre
Asrock 890GX Extreme 3
HDD
SAMSUNG 500GB 7200rpm 16MB Spinpoint F3 + WD Caviar Blue 320GB (O.S.)
RAM
DDR3 1600Mhz PC12800 4GB G.Skill ECO CL8 (2x2GB)
GPU
Sapphire 6970 cooled by Accelero Extreme Plus
Audio
X-fi XtremeGamer Fatality Pro
Monitor
HP w1907v 1440x900
PSU
LC-POWER Green Power V2.3 650W
Case
Aerocool XPredator
OS
Windows 7 Ultimate x64
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:18:43, on 07/02/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Users\XENOMO~1\AppData\Local\Temp\Eri.exe
C:\Users\XENOMO~1\AppData\Local\Temp\Erh.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN : Hotmail, Messenger, Bing, Actualité et Sport
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [CE8SIIFGSU] C:\Users\XENOMO~1\AppData\Local\Temp\Eri.exe
O4 - Global Startup: Alice ADSL.lnk = C:\Windows\System32\rasphone.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS1\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O17 - HKLM\System\CS2\Services\Tcpip\..\{28DBB6BB-DC31-471F-BF9B-BFA84D3D7F9E}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8409 bytes

Questo è l log. :)
 

FDAC

Utente Attivo
1,335
194
Ciao.
Il log identifica una infezione da NaviPromo. Purtroppo pero', non si puo' operare tramite Hijackthis, in quanto non è compatibile con i sistemi a 64 bit, quindi è meglio evitare il fix delle voci.

Quindi:

Scarica ed installa Malwarebytes' Anti-Malware Free Version: Malwarebytes
Nota - durante l'installazione:
● ti verrà richiesto di aggiornare le definizioni virali del programma, e di avviarlo una volta installato: consenti, lasciando la spunta a Aggiorna Malwarebytes' Anti-Malware e Avvia Malwarebytes' Anti-Malware

Una volta installato:
● collega tutte le periferiche esterne che possiedi ( Chiavette USB, HDD Esterni, Lettori MP3... )
● verrà mostrata la schermata principale del tool
● clicca sul pulsante Scansione completa, e conferma cliccando il pulsante Scansione
● ti verrà richiesto quali drive scansionare; selezionali tutti, e clicca nuovamente su Scansione
● attendi pazientemente il termine della scansione
● verrà rilasciato automaticamente un file di testo: salvalo sul Desktop ed allegalo
● se vengono rilevate infezioni: eliminale, cliccando su Rimuovi elementi selezionati
 

_XenO_

Utente Attivo
1,347
20
CPU
AMD Phenom II X4 955 @ 4Ghz cooled by Noctua D-14
Scheda Madre
Asrock 890GX Extreme 3
HDD
SAMSUNG 500GB 7200rpm 16MB Spinpoint F3 + WD Caviar Blue 320GB (O.S.)
RAM
DDR3 1600Mhz PC12800 4GB G.Skill ECO CL8 (2x2GB)
GPU
Sapphire 6970 cooled by Accelero Extreme Plus
Audio
X-fi XtremeGamer Fatality Pro
Monitor
HP w1907v 1440x900
PSU
LC-POWER Green Power V2.3 650W
Case
Aerocool XPredator
OS
Windows 7 Ultimate x64
FDAC ti ringrazio moltissimo per l'aiuto che i hai dato, molto dettagliato e molto efficace.... :)
Ma ti ho preceduto. :D
Avevo già usato Malwarebytes, e la prima cosa che mi è venuto in mente quando mi hai risposto la 1° volta è stato scaricare questo programmino.. ;)

Beh, facendola breve ho scansionato tutto, e mi ha trovato circa 8 Troyan. :oogle:
Eliminati.
Per adesso niente + finestre che si aprono a cavoli propri.... :D

Penso di aver risolto.
Grazie ancora per l'aiuto. ^_^

Ciao!:ok:
 

Entra

oppure Accedi utilizzando
Discord Ufficiale Entra ora!