Pagina 1 di 2 1 2 ultimoultimo
Visualizzazione dei risultati da 1 a 10 su 11
  1. #1

    Firefox apre pagine pubblicitarie indesiderate

    salve
    ho dato un occhio ad alcuni topic e post nella speranza di trovare un problema simile ma non l'ho visto. se in realtà già fosse presente mi è sfuggito e quindi mi scuso per il doppio topic, cmq questo è il mio problema:

    da quando ho aggiornato firefox alla versione 14 mi si aprono pagine pubblicitarie indesiderate sul browser. basta che digiti nella ricerca una qualche parola che possa avere dei fini commerciali, es. lavoro o scarpe, che subito mi si aprono delle pagine in firefox con promo o portali dedicati alla ricerca di lavoro o alla vendita di scarpe. il bello è che se anche ho firefox non attivo ma utilizzo un altro browser (chrome) ho lo stesso risultato, ovvero digito la ricerca su chrome e mi si attiva firefox aprendo una pagina pubblicitaria....

    ho prima analizzato il pc con due antivirus, poi ho passato il tutto sotto differenti programmi antimalware e antispyware... nulla di rilevante... ho quindi disinstallato tutto firefox, prima in automatico poi una seconda volta a mano ma non sono riuscito a risolvere il problema... non so dove si annida questo dannato problema!


    Monfa

  2. #2
    Utente di HTML.it L'avatar di menatwork
    Registrato dal
    May 2009
    Messaggi
    4,330
    ciao vediamo di risolvere questo problema


    scarica hijackthis e mettilo nella directory C dove avrai preparato una cartella con il suo nome.
    Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum.
    i log delle scansioni caricali = > QUI

    oppure = > QUI

  3. #3
    ecco il report:

    --------------
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8.24.49, on 25/07/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Panda Security\WAC\psksvc.exe
    C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    C:\Programmi\Panda Security\WAC\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\CDBurnerXP\NMSAccessU.exe
    C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Panda Security\WAC\PSCtrlC.exe
    C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\Programmi\FreeSoft\Uranium\Uranium.exe
    C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    C:\Programmi\System Explorer\SystemExplorer.exe
    C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    C:\Programmi\Mozilla Sunbird\sunbird.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.bin
    C:\Programmi\Spamihilator\spamihilator.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\Mozilla Thunderbird\thunderbird.exe
    C:\Programmi\Panda Security\WAC\WebProxy.exe
    C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
    V:\BRS60OBJ\ABLOGON.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Mozilla Firefox\plugin-container.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
    O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
    O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
    O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
    O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1301638295531
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
    O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
    O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
    O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

    --
    End of file - 11992 bytes
    --------------------

    leggendo il report cìè questa stringa che mi suona strana...:
    O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
    potrebbe essere lei l'indiziata?

  4. #4
    Utente di HTML.it L'avatar di menatwork
    Registrato dal
    May 2009
    Messaggi
    4,330
    riesegui hit e metti la spunta accanto a queste caselline, ti faccio fixare quelle che possono creare piu' fastidi poi premi fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

    O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL

    O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

    questo qui sembra un po' sospetto

    V:\BRS60OBJ\ABLOGON.exe

    fammi questa scansione

    scarica malwarebytes
    Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
    Esegui una "scansione completa" (seleziona l'opzione)
    A scansione completa, fai clic su OK => Mostra i Risultati.
    Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
    Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
    Posta il rapporto
    i log delle scansioni caricali = > QUI

    oppure = > QUI

  5. #5
    oltre a quelle che mi hai suggerito ho fixato anche
    O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
    perchè solo con quelle continuavano ad aprirsi le pagine indesiderate.
    dopo un rapido test, ora le pagine non si aprono più... ma è presto per cantar vittoria.

    malwarebytes è uno dei programmi che uso normalmente ed è aggiorantissimo....!

    V:\BRS60OBJ\ABLOGON.exe è il gestionale che uso per lavoro

    fra qualche giorno ti saprò dire se si è risolto tutto per il meglio! (sperom....!)

    --------------------

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 15.51.25, on 26/07/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Panda Security\WAC\psksvc.exe
    C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    C:\Programmi\Panda Security\WAC\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\CDBurnerXP\NMSAccessU.exe
    C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Panda Security\WAC\PSCtrlC.exe
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Programmi\FreeSoft\Uranium\Uranium.exe
    C:\Programmi\System Explorer\SystemExplorer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    C:\Programmi\Spamihilator\spamihilator.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\Panda Security\WAC\WebProxy.exe
    C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
    V:\BRS60OBJ\ABLOGON.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\WINDOWS\system32\notepad.exe
    C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\Programmi\Mozilla Sunbird\sunbird.exe
    C:\Programmi\Mozilla Thunderbird\thunderbird.exe
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
    O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
    O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
    O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1301638295531
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
    O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
    O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
    O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

    --
    End of file - 12314 bytes

  6. #6
    ecco... la tregua è durata 4/5 giorni ed ora ha ripreso ad aprire pagine pubblicitarie quasi come prima. dico quasi perchè mi sembra che la cadenza sia diminuita un pochino ora che ha ripreso...


  7. #7
    Utente di HTML.it L'avatar di menatwork
    Registrato dal
    May 2009
    Messaggi
    4,330
    ti avevo chiesto una scansione con malwarebytes ma vedo che non l'hai fatta

    mi posti un log di hjt?
    i log delle scansioni caricali = > QUI

    oppure = > QUI

  8. #8
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 14.13.01, on 10/08/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Programmi\Panda Security\WAC\psksvc.exe
    C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    C:\Programmi\Panda Security\WAC\AVENGINE.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    C:\Programmi\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\CDBurnerXP\NMSAccessU.exe
    C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Programmi\Panda Security\WAC\PSCtrlC.exe
    C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
    C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
    C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    C:\Programmi\FreeSoft\Uranium\Uranium.exe
    C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
    C:\Programmi\System Explorer\SystemExplorer.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    C:\Programmi\Spamihilator\spamihilator.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.exe
    C:\Programmi\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Programmi\Panda Security\WAC\WebProxy.exe
    C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
    C:\Programmi\Mozilla Thunderbird\thunderbird.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\SNDVOL32.EXE
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
    C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
    C:\Programmi\Mozilla Sunbird\sunbird.exe
    C:\Programmi\Mozilla Firefox\firefox.exe
    C:\Programmi\Mozilla Firefox\plugin-container.exe
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\Programmi\Panda Security\WAC\AvTask.exe
    C:\hijackthis\HijackThis.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
    R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
    O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
    O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
    O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
    O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
    O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1301638295531
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pu...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
    O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
    O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
    O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
    O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
    O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
    O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
    O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
    O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
    O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
    O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
    O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
    O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
    O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

    End of file - 12656 bytes

  9. #9
    ----

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Versione database: v2012.08.10.03

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Gianfranco :: GIANFRANCO [amministratore]

    10/08/2012 11.08.17
    mbam-log-2012-08-10 (11-08-17).txt

    Tipo di scansione: Scansione completa (C:\|)
    Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
    Opzioni di scansione disattivate: P2P
    Elementi esaminati: 334523
    Tempo impiegato: 1 ore, 35 minuti,

    Processi rilevati in memoria: 0
    (non sono stati rilevati elementi nocivi)

    Moduli di memoria rilevati: 0
    (non sono stati rilevati elementi nocivi)

    Chiavi di registro rilevate: 0
    (non sono stati rilevati elementi nocivi)

    Valori di registro rilevati: 0
    (non sono stati rilevati elementi nocivi)

    Voci rilevate nei dati di registro: 0
    (non sono stati rilevati elementi nocivi)

    Cartelle rilevate: 0
    (non sono stati rilevati elementi nocivi)

    File rilevati: 1
    C:\RECYCLER\S-1-5-21-1343024091-1482476501-725345543-1004\Dc951.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.

    (fine)

  10. #10
    Utente di HTML.it L'avatar di menatwork
    Registrato dal
    May 2009
    Messaggi
    4,330
    monfa7 cerca di non far passare troppo tempo tra una risposta e l'altra

    questo programma lo hai installato tu vero?

    C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

    per il momento vai nei servizi >>> start esegui services.msc e metti questi servizii su ''disabilitato''

    PowerOffer Service

    ServUpdater



    scarica combofix sul desktop

    alla richiesta se vuoi installare la recovery console clicca su NO

    esegui ComboFix.exe

    segui le instruzioni

    finita la scansione portati in C:\ e allega , nella tua prossima risposta, il contenuto del file di testo Combofix.txt

    come usare correttamente combofix
    i log delle scansioni caricali = > QUI

    oppure = > QUI

Permessi di invio

  • Non puoi inserire discussioni
  • Non puoi inserire repliche
  • Non puoi inserire allegati
  • Non puoi modificare i tuoi messaggi
  •  
Powered by vBulletin® Version 4.2.1
Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.