|
|
|
| monfa72 |
salve
ho dato un occhio ad alcuni topic e post nella speranza di trovare un problema
simile ma non l'ho visto. se in realtà già fosse presente mi è sfuggito e quindi
mi scuso per il doppio topic, cmq questo è il mio problema:
da quando ho aggiornato firefox alla versione 14 mi si aprono pagine
pubblicitarie indesiderate sul browser. basta che digiti nella ricerca una
qualche parola che possa avere dei fini commerciali, es. lavoro o scarpe, che
subito mi si aprono delle pagine in firefox con promo o portali dedicati alla
ricerca di lavoro o alla vendita di scarpe. il bello è che se anche ho firefox
non attivo ma utilizzo un altro browser (chrome) ho lo stesso risultato, ovvero
digito la ricerca su chrome e mi si attiva firefox aprendo una pagina
pubblicitaria....
ho prima analizzato il pc con due antivirus, poi ho passato il tutto sotto
differenti programmi antimalware e antispyware... nulla di rilevante... ho
quindi disinstallato tutto firefox, prima in automatico poi una seconda volta a
mano ma non sono riuscito a risolvere il problema... non so dove si annida
questo dannato problema!
Monfa |
| menatwork |
ciao vediamo di risolvere questo problema
scarica
hijackthis e mettilo nella directory C dove avrai preparato una cartella
con il suo nome.
Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine
salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum. |
| monfa72 |
ecco il report:
--------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.24.49, on 25/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} -
C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Help the General-Search Project -
{CA4520F3-AE13-4FB1-A513-58E23991C86D} -
C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda
Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client
Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All
Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration
Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
/autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System
Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe"
/opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati
applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org
3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media
Finder\hook.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
- C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...b?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url
]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}:
NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon -
C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft
GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -
Adobe Systems Incorporated -
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner -
C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM,
Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM
Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) -
Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla
Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner -
C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda
Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security -
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. -
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda
Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService -
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. -
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International -
C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and
Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -
C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH -
C:\Programmi\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
--
End of file - 11992 bytes
--------------------
leggendo il report cìè questa stringa che mi suona strana...:
O8 - Extra context menu item: Download with &Media Finder -
C:\Programmi\Media Finder\hook.html
potrebbe essere lei l'indiziata? |
|
|
|
|
| menatwork |
riesegui hit e metti la spunta accanto a queste caselline, ti faccio fixare
quelle che possono creare piu' fastidi poi premi fix checked
Citazione: R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.findeer.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.findeer.com
O2 - BHO: Help the General-Search Project -
{CA4520F3-AE13-4FB1-A513-58E23991C86D} -
C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All
Users\Documenti\AppData\PoApp\PLauncher.exe
questo qui sembra un po' sospetto
V:\BRS60OBJ\ABLOGON.exe
fammi questa scansione
scarica malwarebytes
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto |
|
|
|
|
| monfa72 |
oltre a quelle che mi hai suggerito ho fixato anche
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media
Finder\hook.html
perchè solo con quelle continuavano ad aprirsi le pagine indesiderate.
dopo un rapido test, ora le pagine non si aprono più... ma è presto per cantar
vittoria.
malwarebytes è uno dei programmi che uso normalmente ed è aggiorantissimo....!
V:\BRS60OBJ\ABLOGON.exe è il gestionale che uso per lavoro ;)
fra qualche giorno ti saprò dire se si è risolto tutto per il meglio!
(sperom....!)
--------------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.51.25, on 26/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} -
C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda
Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client
Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration
Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
/autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System
Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe"
/opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati
applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org
3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
- C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...b?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url
]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}:
NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon -
C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft
GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -
Adobe Systems Incorporated -
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner -
C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM,
Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM
Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) -
Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla
Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner -
C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda
Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security -
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. -
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda
Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService -
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. -
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International -
C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and
Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -
C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH -
C:\Programmi\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
--
End of file - 12314 bytes |
|
|
|
|
| monfa72 |
ecco... la tregua è durata 4/5 giorni ed ora ha ripreso ad aprire pagine
pubblicitarie quasi come prima. dico quasi perchè mi sembra che la cadenza sia
diminuita un pochino ora che ha ripreso...
:bhò: |
|
|
|
|
| menatwork |
ti avevo chiesto una scansione con malwarebytes ma vedo che non l'hai fatta
mi posti un log di hjt? |
|
|
|
|
| monfa72 |
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.13.01, on 10/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\hijackthis\HijackThis.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} -
C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9}
- C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda
Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client
Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe"
-atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration
Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
/autorun
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All
Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes'
Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe
"C:\Documents and Settings\All Users\Dati
applicazioni\Malwarebytes\Malwarebytes'
Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System
Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search &
Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe"
/opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User
'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati
applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org
3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
- C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration -
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -
C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -
{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...b?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
[url]http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab[/url
]
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}:
NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -
C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon -
C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui -
{438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti -
{8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com -
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft
GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) -
Adobe Systems Incorporated -
C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AppleChargerSrv - Unknown owner -
C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM,
Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM
Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) -
Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. -
C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems,
Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla
Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner -
C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda
Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security -
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. -
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda
Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService -
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. -
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International -
C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and
Settings\Gianfranco\Impostazioni locali\Dati
applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and
Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C
Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies -
C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH -
C:\Programmi\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security -
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
End of file - 12656 bytes |
|
|
|
|
| monfa72 |
----
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Versione database: v2012.08.10.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gianfranco :: GIANFRANCO [amministratore]
10/08/2012 11.08.17
mbam-log-2012-08-10 (11-08-17).txt
Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File
system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 334523
Tempo impiegato: 1 ore, 35 minuti,
Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)
Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)
Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)
Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)
Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)
Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)
File rilevati: 1
C:\RECYCLER\S-1-5-21-1343024091-1482476501-725345543-1004\Dc951.exe
(PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.
(fine) |
|
|
|
|
| menatwork |
monfa7 cerca di non far passare troppo tempo tra una risposta e
l'altra
questo programma lo hai installato tu vero?
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
per il momento vai nei servizi >>> start esegui services.msc e
metti questi servizii su ''disabilitato''
PowerOffer Service
ServUpdater
scarica
combofix sul
desktop
alla richiesta se vuoi installare la recovery console clicca su NO
esegui ComboFix.exe
segui le instruzioni
finita la scansione portati in C:\ e allega , nella tua prossima risposta, il
contenuto del file di testo Combofix.txt
come usare
correttamente combofix |
|
|
|
|
| monfa72 |
rientrato oggi in ufficio
ok, grazie, faccio il possibile. ci sono periodi in ufficio che non ho nemmeno
il tempo di far pipì...
appena risistemo tutto e torno in pari procedo con il combofix ed uppo! intanto
grazie!
M |
|
|
|
|
Home
Registrati
Logout