Visualizza la versione completa : Firefox apre pagine pubblicitarie indesiderate
salve
ho dato un occhio ad alcuni topic e post nella speranza di trovare un problema simile ma non l'ho visto. se in realtà già fosse presente mi è sfuggito e quindi mi scuso per il doppio topic, cmq questo è il mio problema:
da quando ho aggiornato firefox alla versione 14 mi si aprono pagine pubblicitarie indesiderate sul browser. basta che digiti nella ricerca una qualche parola che possa avere dei fini commerciali, es. lavoro o scarpe, che subito mi si aprono delle pagine in firefox con promo o portali dedicati alla ricerca di lavoro o alla vendita di scarpe. il bello è che se anche ho firefox non attivo ma utilizzo un altro browser (chrome) ho lo stesso risultato, ovvero digito la ricerca su chrome e mi si attiva firefox aprendo una pagina pubblicitaria....
ho prima analizzato il pc con due antivirus, poi ho passato il tutto sotto differenti programmi antimalware e antispyware... nulla di rilevante... ho quindi disinstallato tutto firefox, prima in automatico poi una seconda volta a mano ma non sono riuscito a risolvere il problema... non so dove si annida questo dannato problema!
Monfa
menatwork
24-07-2012, 11:41
ciao vediamo di risolvere questo problema
scarica hijackthis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php#) e mettilo nella directory C dove avrai preparato una cartella con il suo nome.
Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum.
ecco il report:
--------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.24.49, on 25/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
--
End of file - 11992 bytes
--------------------
leggendo il report cìè questa stringa che mi suona strana...:
[I]O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
potrebbe essere lei l'indiziata?
menatwork
25-07-2012, 11:18
riesegui hit e metti la spunta accanto a queste caselline, ti faccio fixare quelle che possono creare piu' fastidi poi premi fix checked
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
questo qui sembra un po' sospetto
V:\BRS60OBJ\ABLOGON.exe
fammi questa scansione
scarica malwarebytes (http://www.malwarebytes.org/)
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto
oltre a quelle che mi hai suggerito ho fixato anche
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
perchè solo con quelle continuavano ad aprirsi le pagine indesiderate.
dopo un rapido test, ora le pagine non si aprono più... ma è presto per cantar vittoria.
malwarebytes è uno dei programmi che uso normalmente ed è aggiorantissimo....!
V:\BRS60OBJ\ABLOGON.exe è il gestionale che uso per lavoro ;)
fra qualche giorno ti saprò dire se si è risolto tutto per il meglio! (sperom....!)
--------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.51.25, on 26/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
--
End of file - 12314 bytes
ecco... la tregua è durata 4/5 giorni ed ora ha ripreso ad aprire pagine pubblicitarie quasi come prima. dico quasi perchè mi sembra che la cadenza sia diminuita un pochino ora che ha ripreso...
:bhò:
menatwork
01-08-2012, 10:27
ti avevo chiesto una scansione con malwarebytes ma vedo che non l'hai fatta
mi posti un log di hjt?
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.13.01, on 10/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\hijackthis\HijackThis.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
End of file - 12656 bytes
----
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Versione database: v2012.08.10.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gianfranco :: GIANFRANCO [amministratore]
10/08/2012 11.08.17
mbam-log-2012-08-10 (11-08-17).txt
Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 334523
Tempo impiegato: 1 ore, 35 minuti,
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 1
C:\RECYCLER\S-1-5-21-1343024091-1482476501-725345543-1004\Dc951.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.
(fine)
menatwork
10-08-2012, 19:02
monfa7 cerca di non far passare troppo tempo tra una risposta e l'altra
questo programma lo hai installato tu vero?
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
per il momento vai nei servizi >>> start esegui services.msc e metti questi servizii su ''disabilitato''
PowerOffer Service
ServUpdater
scarica combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) sul desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega , nella tua prossima risposta, il contenuto del file di testo Combofix.txt
come usare correttamente combofix (http://www.bleepingcomputer.com/combofix/it/come-usare-combofix)
