PDA

Visualizza la versione completa : Firefox apre pagine pubblicitarie indesiderate


 
monfa72
24-07-2012, 11:34
salve
ho dato un occhio ad alcuni topic e post nella speranza di trovare un problema simile ma non l'ho visto. se in realt gi fosse presente mi sfuggito e quindi mi scuso per il doppio topic, cmq questo il mio problema:

da quando ho aggiornato firefox alla versione 14 mi si aprono pagine pubblicitarie indesiderate sul browser. basta che digiti nella ricerca una qualche parola che possa avere dei fini commerciali, es. lavoro o scarpe, che subito mi si aprono delle pagine in firefox con promo o portali dedicati alla ricerca di lavoro o alla vendita di scarpe. il bello che se anche ho firefox non attivo ma utilizzo un altro browser (chrome) ho lo stesso risultato, ovvero digito la ricerca su chrome e mi si attiva firefox aprendo una pagina pubblicitaria....

ho prima analizzato il pc con due antivirus, poi ho passato il tutto sotto differenti programmi antimalware e antispyware... nulla di rilevante... ho quindi disinstallato tutto firefox, prima in automatico poi una seconda volta a mano ma non sono riuscito a risolvere il problema... non so dove si annida questo dannato problema!


Monfa

menatwork
24-07-2012, 11:41
ciao vediamo di risolvere questo problema


scarica hijackthis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php#) e mettilo nella directory C dove avrai preparato una cartella con il suo nome.
Lanci l'eseguibile e clicchi su " do a system scan and save a log" alla fine salvi questo file con estensione *.TXT e lo alleghi ad un post sul forum.

monfa72
25-07-2012, 08:34
ecco il report:

--------------
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8.24.49, on 25/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\Programmi\Spamihilator\spamihilator.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

--
End of file - 11992 bytes
--------------------

leggendo il report c questa stringa che mi suona strana...:
[I]O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
potrebbe essere lei l'indiziata?

menatwork
25-07-2012, 11:18
riesegui hit e metti la spunta accanto a queste caselline, ti faccio fixare quelle che possono creare piu' fastidi poi premi fix checked


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.findeer.com

O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\DOCUME~1\GIANFR~1\DATIAP~1\MEDIAF~1\EXTENS~1\GE NCRA~1.DLL

O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe


questo qui sembra un po' sospetto

V:\BRS60OBJ\ABLOGON.exe

fammi questa scansione

scarica malwarebytes (http://www.malwarebytes.org/)
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completa, fai clic su OK => Mostra i Risultati.
Assicurarti che tutto sia selezionato e clicca clic su Rimuovi selezionati.
Se ti chiede di riavviare, riavvia per completare il processo di pulizia.
Posta il rapporto

monfa72
26-07-2012, 15:57
oltre a quelle che mi hai suggerito ho fixato anche
O8 - Extra context menu item: Download with &Media Finder - C:\Programmi\Media Finder\hook.html
perch solo con quelle continuavano ad aprirsi le pagine indesiderate.
dopo un rapido test, ora le pagine non si aprono pi... ma presto per cantar vittoria.

malwarebytes uno dei programmi che uso normalmente ed aggiorantissimo....!

V:\BRS60OBJ\ABLOGON.exe il gestionale che uso per lavoro ;)

fra qualche giorno ti sapr dire se si risolto tutto per il meglio! (sperom....!)

--------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15.51.25, on 26/07/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
V:\BRS60OBJ\ABLOGON.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

--
End of file - 12314 bytes

monfa72
01-08-2012, 10:16
ecco... la tregua durata 4/5 giorni ed ora ha ripreso ad aprire pagine pubblicitarie quasi come prima. dico quasi perch mi sembra che la cadenza sia diminuita un pochino ora che ha ripreso...

:bh:

menatwork
01-08-2012, 10:27
ti avevo chiesto una scansione con malwarebytes ma vedo che non l'hai fatta

mi posti un log di hjt?

monfa72
10-08-2012, 14:15
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14.13.01, on 10/08/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Programmi\Emsisoft Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Panda Security\WAC\psksvc.exe
C:\Programmi\Panda Security\WAC\pavsrvx86.exe
C:\Programmi\Panda Security\WAC\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\CDBurnerXP\NMSAccessU.exe
C:\Programmi\Panda Security\WAC\PsCtrlS.exe
C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Panda Security\WAC\PSCtrlC.exe
C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
C:\Programmi\FreeSoft\Uranium\Uranium.exe
C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe
C:\Programmi\System Explorer\SystemExplorer.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\OpenOffice.org 3\program\soffice.exe
C:\Programmi\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Panda Security\WAC\WebProxy.exe
C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PService.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\PROGRA~1\IBM\CLIENT~1\Emulator\pcsws.exe
C:\Programmi\IBM\Client Access\Emulator\PCSCM.EXE
C:\Programmi\Mozilla Sunbird\sunbird.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Mozilla Firefox\plugin-container.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\Programmi\Panda Security\WAC\AvTask.exe
C:\hijackthis\HijackThis.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programmi\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugi n.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Panda Software Controller Client] "C:\Programmi\Panda Security\WAC\PSCtrlC.exe"
O4 - HKLM\..\Run: [Client Access Service] "C:\Programmi\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BCU] "C:\Programmi\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [PosService] C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [Uranium] C:\Programmi\FreeSoft\Uranium\Uranium.exe reg
O4 - HKCU\..\Run: [SystemExplorerAutoStart] "C:\Programmi\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Programmi\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Gianfranco\Dati applicazioni\Dropbox\bin\Dropbox.exe
O4 - Startup: Mozilla Sunbird.lnk = C:\Programmi\Mozilla Sunbird\sunbird.exe
O4 - Startup: OpenOffice.org 3.4.lnk = C:\Programmi\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Spamihilator.lnk = C:\Programmi\Spamihilator\spamihilator.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301638295531
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F00D46E6-ACD6-4343-B0AF-281225779068}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programmi\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Programmi\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Emsisoft Anti-Malware 6.6 - Service (a2AntiMalware) - Emsisoft GmbH - C:\Programmi\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: AppleChargerSrv - Unknown owner - C:\WINDOWS\system32\AppleChargerSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Programmi\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Comando remoto iSeries Access per Windows (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Programmi\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Programmi\CDBurnerXP\NMSAccessU.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Programmi\Panda Security\WAC\PsCtrlS.exe
O23 - Service: Panda Endpoint Scheduler (PavAt3Scheduler) - Panda Security - C:\Programmi\Panda Security\WaAgent\Scheduler\PavSched.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Security, S.L. - C:\Programmi\Panda Security\WAC\pavsrvx86.exe
O23 - Service: Panda Endpoint Local Process Manager (PavWASLpMng) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasLpMng\WASLPMNG.exe
O23 - Service: Pos Service (PowerOffer Service) - PowerOfferService - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\PosService\Pos.exe
O23 - Service: Panda Imanager Service (PSImSvc) - Panda Security S.L. - C:\Programmi\Panda Security\WAC\PSIMSVC.EXE
O23 - Service: Panda Kernel Service (PskSvc) - Panda Software International - C:\Programmi\Panda Security\WAC\psksvc.exe
O23 - Service: Serv Updater (ServUpdater) - ServiceUpd - C:\Documents and Settings\Gianfranco\Impostazioni locali\Dati applicazioni\ServUpdater\ServiceUpd.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Dati applicazioni\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version6\TeamViewer_Servic e.exe
O23 - Service: Panda Endpoint Communications Agent (WASAgent) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasAgent\WasAgent.exe
O23 - Service: Panda Endpoint Watchdog (WASWD) - Panda Security - C:\Programmi\Panda Security\WaAgent\WasWD\WasWD.exe

End of file - 12656 bytes

monfa72
10-08-2012, 14:15
----

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Versione database: v2012.08.10.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gianfranco :: GIANFRANCO [amministratore]

10/08/2012 11.08.17
mbam-log-2012-08-10 (11-08-17).txt

Tipo di scansione: Scansione completa (C:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File system | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 334523
Tempo impiegato: 1 ore, 35 minuti,

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 0
(non sono stati rilevati elementi nocivi)

Cartelle rilevate: 0
(non sono stati rilevati elementi nocivi)

File rilevati: 1
C:\RECYCLER\S-1-5-21-1343024091-1482476501-725345543-1004\Dc951.exe (PUP.ToolbarDownloader) -> Spostato in quarantena ed eliminato con successo.

(fine)

menatwork
10-08-2012, 19:02
monfa7 cerca di non far passare troppo tempo tra una risposta e l'altra

questo programma lo hai installato tu vero?

C:\Documents and Settings\All Users\Documenti\AppData\PoApp\PLauncher.exe

per il momento vai nei servizi >>> start esegui services.msc e metti questi servizii su ''disabilitato''

PowerOffer Service

ServUpdater



scarica combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) sul desktop

alla richiesta se vuoi installare la recovery console clicca su NO

esegui ComboFix.exe

segui le instruzioni

finita la scansione portati in C:\ e allega , nella tua prossima risposta, il contenuto del file di testo Combofix.txt

come usare correttamente combofix (http://www.bleepingcomputer.com/combofix/it/come-usare-combofix)

Loading