finestre pubblicità

[giorgiodp]

ho seguito le istruzioni sulla rimozione di virus e malware, ho formattato l'hard disk, ho eseguito scansioni con tutt gli antivirus e antispy conosciuti.
Eppure si aprono sempre finestre di pubblicità e antivirus vari...
Non ho mai riscontrato alcun virus quando avevo avg, poi avira, avast, nod32.. non trova il problema..
posto questo hijack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0.28.25, on 04/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18241)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Programmi\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Sony\VAIO Event Service\VESMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Sony\ISB Utility\ISBMgr.exe
C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe
C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
D:\Programmi\Acrobat\Acrotray.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\Programmi\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\DAEMON Tools Lite\daemon.exe
C:\documents and settings\della1\impostazioni locali\dati applicazioni\eqqui.exe
D:\Programmi\SetPoint\SetPoint.exe
C:\Programmi\File comuni\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
D:\Programmi\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1040
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Programmi\avgssie.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Programmi\Windows Live\Messenger\wlchtc.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programmi\avgtoolbar.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\Programmi\avgtoolbar.dll (file missing)
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Programmi\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Programmi\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [VAIO Update 2] "C:\Programmi\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
O4 - HKLM\..\Run: [Switcher.exe] C:\Programmi\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Programmi\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "D:\Programmi\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Programmi\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Media Codec Update Service] D:\Programmi\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [QuickTime Task] "D:\Programmi\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmi\File comuni\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\avgtray.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [eqqui] "c:\documents and settings\della1\impostazioni locali\dati applicazioni\eqqui.exe" eqqui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Programmi\SetPoint\SetPoint.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti destinazione link in PDF esistente - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Programmi\avgpp.dll (file missing)
O20 - AppInit_DLLs: acaptuser32.dll,avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - Unknown owner - D:\PROGRA~1\avgemc.exe (file missing)
O23 - Service: AVG Free8 WatchDog (avg8wd) - Unknown owner - D:\PROGRA~1\avgwdsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programmi\File comuni\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Programmi\File comuni\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programmi\File comuni\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Programmi\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Programmi\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 9710 bytes

[Deifobe]

Scarica navilog1.exe_il mafioso sul desktop e installalo.
Eseguilo, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione).

[giorgiodp]

Search Navipromo version 3.6.8 began on 04/11/2008 at 1.35.28,51

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "DELLA1"

Updated on 03.11.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 8.0.6001.18241
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***

Favorit

*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\DELLA1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\DELLA1\impost~1\datiap~1" :

eqqui.dat found !
eqqui.exe found !
eqqui_nav.dat found !
eqqui_navps.dat found !

3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 04/11/2008 at 1.40.32,31 ***

[giorgiodp]

neanche CCLEANER ha migliorato la situazione.

[Deifobe]

tranquillo, li rimuoviamo ora

vai in modalità provvisoria, esegui navilog1 e seleziona l'opzione 2 - rimozione automatica.

quando finisce, vai in modalità normale e rieseguilo scegliendo l'opzione 1 - posta il rapporto (così controllaiamo se il pc è pullito)

[giorgiodp]

ecco il resoconto finale:




Search Navipromo version 3.6.8 began on 04/11/2008 at 14.42.18,07

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!
Fix running from C:\Programmi\navilog1
Actual User Account : "DELLA1"

Updated on 03.11.2008 at 18h00 by IL-MAFIOSO


Microsoft Windows XP [Versione 5.1.2600]
Version Internet Explorer : 8.0.6001.18241
Filesystem type : NTFS

Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "C:\WINDOWS" ***


*** Search folders in "C:\Programmi" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1\progra~1" ***


*** Search folders in "C:\Documents and Settings\All Users\menuav~1" ***


*** Search folders in "c:\docume~1\alluse~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\impost~1\datiap~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" ***


*** Search folders in "C:\Documents and Settings\DELLA1\menuav~1\progra~1" ***


*** Search folders in "C:\DOCUME~1\ADMINI~1\menuav~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "C:\WINDOWS\system32" *

* Scan in "C:\Documents and Settings\DELLA1\impost~1\datiap~1" *

* Scan in "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" *



*** Search files ***



*** Search specific Registry keys ***

HKEY_CURRENT_USER\Software\Lanconfig found !

*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "C:\WINDOWS\system32" :


* In "C:\Documents and Settings\DELLA1\impost~1\datiap~1" :


* In "C:\DOCUME~1\ADMINI~1\impost~1\datiap~1" :


3)Certificates Search :

Egroup certificate found !
Electronic-Group certificate found !
Montorgueil certificate not found !
OOO-Favorit certificate found !
Sunny-Day-Design-Ltd certificate not found !

4)Search known files :



*** Search completed on 04/11/2008 at 14.47.40,60 ***

[Deifobe]

ok, con la pubblicita' dovresti stare a posto.

scarica Registry Search Tool e cerca separatamente:
Egroup
Electronic-Group
Favorit
salva i rapporti rispettivamente come 1.txt, 2.txt, 3.txt e caricali su savefile.

[giorgiodp]

non trovo il comando savefile; il txt è troppo lungo e nn lo lascia inviare...

[Deifobe]

zippa insieme i rapporti e caricali qui: Savefile

posta il link ottenuto

[giorgiodp]

eccoti!

http://www.savefile.com/files/1872359