RISOLTO search.rapidns.net su mozilla

[rnhc]

Salve a tutti spero possiate darmi una mano
su mozilla facendo una ricerca nell'apposita barra esce questa pagina http://search.rapidns.net/?FailedURI=http://fjkgh

inizialmente avevo lo stesso problema anche con chrome ma adesso almeno lì non si verifica più (francamente non so se l'ho effettivamente eliminato oppure se è semplicemente nascosto)
in ogni caso ho provato a disinstallare firefox e installarlo nuovamente ma continua a persistere
ho fatto scansioni di ogni tipo compreso malwarebytes e SUPERAantiSpyware
mi sono ''documentata'' e un pò dovunque richiedevano il log su hijack this, che ho provveduto a scaricare

proseguo col postarvi il log?
grazie anticipatamente :)

 

[tecnico24]

Hai provato a rimuovere la barra tramite il broswer?
Barra di ricerca | Supporto a Firefox

 

[rnhc]

Hai provato a rimuovere la barra tramite il broswer?
Barra di ricerca | Supporto a Firefox

non compare nulla che riguarda questo search rapidns

questo è ciò che accade, come vedi anziché trovarmi le ricerche con google le trova con questo

ma si tratta di un virus?

mozilla va anche lento
sembra che si tratti di un problema che riguarda solo firefox

 

[tecnico24]

Leggi questa guida
http://www.tomshw.it/forum/sicurezz...omputer-infetto-leggere-prima-di-postare.html
in basso ci sono le istruzioni per AdwCleaner : seguile e posta il report.

Scarica OTL sul desktop:
http://oldtimer.geekstogo.com/OTL.exe
Avvia OTL.exe

Metti la spunta su SCAN ALL USERS.

Sotto output metti minimal output

Sotto File scans seleziona 60 Days

Spunta sia LOP Check che Purity Check.

premi su RUN SCAN
Al termine verrano rilasciati OTL.txt e Extras.txt e allegali sul forum.

 

[rnhc]

ti ringrazio!
intanto fornisco questo log, l'altro programma sta ancora analizzando

Ecco anche gli altri

 

[tecnico24]

Apri OTL
nel box vuoto custom scans/fixes copia|incolla queste righe in grassetto (senza la parola codice)

[FONT=arial][B]:Services

:OTL
[/B][B]SRV - (SoftwareUpd) -- C:\Users\Valeria\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe (SoftwareUpdService)[/B]
[B]SRV - (ServUpdater) -- C:\Users\Valeria\AppData\Local\ServUpdater\ServiceUpd.exe (ServiceUpd)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}[/B]
[B]IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW[/B]
[B]IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=137b9494-3f7a-11e1-92a4-001d72fe166d&q={searchTerms}
[/B][B]IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com[/B]
[B]IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
[/B][B]O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.[/B]
[B]O2 - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B]O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{745946BB-8EF5-4514-855D-2FCD121E2117}: NameServer = 176.31.229.24,176.31.229.25[/B]
[B][2012/10/19 11.26.28 | 000,000,000 | ---D | C] -- C:\Users\Valeria\AppData\Local\SoftwareUpdater
[/B][B]@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:52B53B17[/B]
[B]@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:CE0A077E[/B]
[B]@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:814B9485[/B]
[B]@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:9E22BBE8[/B]
[B]@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:41099CE9[/B]
[B]@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:35759C73[/B]
[B]@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:CDFF58FE[/B]
[B]@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379[/B]
[B]@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:4F636E25[/B]
[B]@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3064D21D[/B]
[B]@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:B623B5B8[/B]
[B]@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:BB24555F[/B]
[B]@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:6C5EC3CD[/B]
[B]@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:D1B5B4F1[/B]
[B]@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:ABE89FFE[/B]
[B]@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:3B3A35EC[/B]
[B]@Alternate Data Stream - 106 bytes -> C:\ProgramData\Temp:E1982A23[/B]
[B]@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:DCAF903C[/B]
[B]
:Files
ipconfig /flushdns /c[/B]

[B]:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*" 

:commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[CLEARALLRESTOREPOINTS]
[Reboot][/B][/FONT]

Clicca su RUN FIX
attendi le operazioni
ti uscira un log che troverai anche in C:\(il nome e sottoforma di data)
Riavvia il pc e posta il log.

 

[rnhc]

quando provo ad allegarlo mi dice file non valido
copio e incollo

Spoiler

All processes killed========== SERVICES/DRIVERS ==========
========== OTL ==========
Service SoftwareUpd stopped successfully!
Service SoftwareUpd deleted successfully!
C:\Users\Valeria\AppData\Local\SoftwareUpdater\SoftwareUpdService.exe moved successfully.
Service ServUpdater stopped successfully!
Service ServUpdater deleted successfully!
C:\Users\Valeria\AppData\Local\ServUpdater\ServiceUpd.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a539854-6a70-11db-887c-806e6f6e6963}\\NameServer| /E : value set successfully!
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{745946BB-8EF5-4514-855D-2FCD121E2117}\\NameServer| /E : value set successfully!
C:\Users\Valeria\AppData\Local\SoftwareUpdater\settings folder moved successfully.
C:\Users\Valeria\AppData\Local\SoftwareUpdater folder moved successfully.
ADS C:\ProgramData\Temp:52B53B17 deleted successfully.
ADS C:\ProgramData\Temp:CE0A077E deleted successfully.
ADS C:\ProgramData\Temp:814B9485 deleted successfully.
ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
ADS C:\ProgramData\Temp:35759C73 deleted successfully.
ADS C:\ProgramData\Temp:CDFF58FE deleted successfully.
ADS C:\ProgramData\Temp:ADE16379 deleted successfully.
ADS C:\ProgramData\Temp:4F636E25 deleted successfully.
ADS C:\ProgramData\Temp:3064D21D deleted successfully.
ADS C:\ProgramData\Temp:B623B5B8 deleted successfully.
ADS C:\ProgramData\Temp:BB24555F deleted successfully.
ADS C:\ProgramData\Temp:6C5EC3CD deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
ADS C:\ProgramData\Temp:3B3A35EC deleted successfully.
ADS C:\ProgramData\Temp:E1982A23 deleted successfully.
ADS C:\ProgramData\Temp:DCAF903C deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configurazione IP di Windows
Cache del resolver DNS svuotata.
C:\Users\Valeria\Documents\Downloads\cmd.bat deleted successfully.
C:\Users\Valeria\Documents\Downloads\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Valeria
->Temp folder emptied: 623201 bytes
->Temporary Internet Files folder emptied: 2037639 bytes
->Java cache emptied: 25090114 bytes
->FireFox cache emptied: 112480975 bytes
->Google Chrome cache emptied: 194630827 bytes
->Flash cache emptied: 3133463 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 79567 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 322,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 11042012_142849


Files\Folders moved on Reboot...
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\TGIME1QX\293858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-728x90;size=728x90;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=660569154;misc=660569154 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\TGIME1QX\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-160x600;size=160x600;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=389913632;misc=389913632 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\TGIME1QX\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-160x600;size=160x600;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=660569154;misc=660569154 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\TGIME1QX\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-300x250;size=300x250;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=761028292;misc=761028292 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\TGIME1QX\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-300x250;size=300x250;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=865653890;misc=865653890 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\MSHLJT05\293858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-728x90;size=728x90;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=761028292;misc=761028292 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\MSHLJT05\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-160x600;size=160x600;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=451681236;misc=451681236 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\MSHLJT05\CdwPEUrmiY2Bxw8lTwxSrKRfUWQXv--IlSaYpb6v4t9to1rfGDvu3f053Jw3z6VXw992mgX8fBw_dP7i8WbxXE9D26PycJXxF4sxyL3qFSc4V7yfGx4&callback=google.LU[1].loadFeaturemap_208_0 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\MSHLJT05\ECH;cfp=1;rndc=130995482;alias=blitzquotidiano[1].it-homepage-728x90;size=728x90;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=865653890;misc=865653890 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\MSHLJT05\u3st6I7_XftLQ-XbdPHZVQRPz5SSBUwfojeBuBD0U6aYkXlu8rcf82O_XvsQshoLIS03VU6BiUDTTP24i6upslUS8WUhBtiUuXzpA6gXnXK9PqxPGiW&callback=google.LU[1].loadFeaturemap_649_0 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\H9MBTJBG\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-160x600;size=160x600;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=761028292;misc=761028292 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\H9MBTJBG\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-160x600;size=160x600;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=865653890;misc=865653890 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\293858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-728x90;size=728x90;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=389913632;misc=389913632 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\293858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-728x90;size=728x90;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=451681236;misc=451681236 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-300x250;size=300x250;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=389913632;misc=389913632 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-300x250;size=300x250;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=451681236;misc=451681236 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\3858%7C0%7C-1%7CADTECH;alias=blitzquotidiano[1].it-homepage-300x250;size=300x250;kvhib=9;kvhios=9;kvhires=-1;kvhif=10;kvbnex=999;;grp=660569154;misc=660569154 not found!
File\Folder C:\Users\Valeria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low(6)\Content.IE5\1VX7L0GB\8HwRSvVkDtJxR4XK5Uxd_N88iK6IAuGj8aNf1Rtn3rByDbfPtXyxdZNQj7JvfWJQ5F9tkosSabELwnlr-cQ2ZYP8sMjeGAUdtXRJVfVm5y1Z_GZddIw&callback=google.LU[1].loadFeaturemap_219_0 not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.


PendingFileRenameOperations files...


Registry entries deleted on Reboot...

 

[tecnico24]

Fai quest'ulteriore verifica
fai Start
pannello di controllo
centro connessioni di rete e condivisione
nella finestra che si apre clicca sulla rete che sei connesso (LAN o wireless)
tasto destro->proprietà
seleziona protocollo TCP/IPV4 e poi ancora su proprietà.
Assicurati che sia spuntato su Ottieni automaticamente indirizzo ip e ottieni indirizzo server DNS automaticamente.

Informaci sulla situazione.

 

[rnhc]

Sì Ottieni automaticamente indirizzo ip e ottieni indirizzo server DNS automaticamente sono entrambi già spuntati

ho provato su mozilla a cercare qualcosa nella barra di ricerca e finalmente mi reindirizza a google! Ti ringrazio davvero tanto! Ma di cosa si trattava?
Per il resto considerando i vari logs è tutto apposto?
Ancora grazie!

 

[tecnico24]

La colpa era di questi indirizzi DNS e dei soliti servizi malevoli ServUpdater e SoftwareUpd

176.31.229.24,176.31.229.25
che comunicano con un server francese.


Per il resto tutto ok , mi fa piacere che hai risolto , saluti ;)