Eliminare ProAntispyware2009 e cashback

[P4sticcina]

Ciao a tutti ..
Son tornata ho problemi con delle pagine internet che si aprono da sole tipo pop up

Facendo una scansione con Scan Spyware ho avuto questi risultati :



Application Information

=======================



Application Version: ScanSpyware v3.8 build 3.8.0.1

Original Database: pests09-10-04.db

Updated Database: ssdb010709.db

Current Date: Sunday, January 11, 2009 05:56:04 PM

__________________________________________________



Directories recognized:

=======================



__________________________________________________



Files recognized:

=================



[CashBack]

E:\DOKUME~1\gioia\LOKALE~1\Temp\blank.gif



[ProAntispyware2009]

E:\WINDOWS\ServicePackFiles\i386\setupn.exe



[ProAntispyware2009]

E:\WINDOWS\system32\setupn.exe



__________________________________________________



Registry keys recognized:

=========================



__________________________________________________



Registry values recognized:

===========================



__________________________________________________



Cookies recognized:

===================



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@doubleclick[2].txt



[Tracking Cookies]

e:\dokumente und einstellungen\gioia\cookies\gioia@doubleclick[2].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@ilsoftware[2].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@ilsole24ore[2].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@imrworldwide[2].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@sanihelp[2].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\gioia@www.comprabanner[3].txt



[Tracking Cookies]

e:\dokumente und einstellungen\gioia\cookies\gioia@www.comprabanner[3].txt



[Dokum]

e:\dokumente und einstellungen\gioia\cookies\index.dat



__________________________________________________

Ho provato anche in modalità provvisoria ma niente ...

Ho fatto una scansione con hijackthis in mod provvisoria e ve la posto quì sotto :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:45, on 11.01.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Safe mode

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sanihelp.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - E:\Programme\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Programme\Java\jre1.6.0_05\bin\jusched.exe "
O4 - HKLM\..\Run: [IAAnotif] "E:\Programme\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [type32] "E:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "E:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [WinampAgent] E:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "E:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] E:\Programme\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "E:\Programme\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [MSMSGS] "E:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [VoipStunt] "E:\Programme\VoipStunt.com\VoipStunt\VoipStunt.ex e" -nosplash -minimized
O4 - HKCU\..\Run: [jceacqln] "e:\dokumente und einstellungen\gioia\lokale einstellungen\anwendungsdaten\jceacqln.exe" jceacqln
O4 - HKCU\..\Run: [Skype] "E:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = E:\Programme\OpenOffice.org 2.0\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Programme\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Programme\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Programme\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - E:\Programme\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\Programme\TuneUpUtilities2006\WinStylerThemeSvc .exe
O23 - Service: XAudioService - Conexant Systems, Inc. - E:\WINDOWS\system32\DRIVERS\xaudio.exe

--
End of file - 5960 bytes


Aiutatemi .... :master:

[Habanero]

P4sticcina... non vedo che relazione possa intercorrere tra il tuo attuale problema e quello che hai avuto tre mesi fa...

Ho diviso la discussione.

[Deifobe]

Scarica navilog1.exe_il mafioso sul desktop e installalo.
Eseguilo, scegli la lingua e, al menù di scelta, seleziona l'opzione 1 (non scegliere le altre). Ad un certo punto uscirà una scritta "Analysis ... Terminate", premi un tasto come richiesto e si aprirà un file di testo (il rapporto della scansione che dovrai postare).

[P4sticcina]

Search Navipromo version 3.7.1 began on 12.01.2009 at 0:49:22,96

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from E:\Programme\navilog1

Updated on 02.01.2009 at 19h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : gioia ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


C:\ (Local Disk) - NTFS - Total:97 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:135 Go (Free:111 Go)
F:\ (USB)
G:\ (USB)


Search done in normal mode

*** Searching for installed Software ***

Favorit

*** Search folders in "E:\WINDOWS" ***


*** Search folders in "E:\Programme" ***


*** Search folders in "E:\Dokumente und Einstellungen\All Users\startm~1\progra~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\All Users\startm~1" ***


*** Search folders in "e:\dokume~1\alluse~1\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\startm~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "E:\WINDOWS\system32" *

* Scan in "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"jceacqln"="\"e:\\dokumente und einstellungen\\gioia\\lokale einstellungen\\anwendungsdaten\\jceacqln.exe\" jceacqln"


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "E:\WINDOWS\system32" :


* In "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" :

jceacqln.exe found !
jceacqln.dat found !
jceacqln_nav.dat found !
jceacqln_navps.dat found !

3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 12.01.2009 at 0:52:38,46 ***


Sarà questo ??? :master:

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"jceacqln"="\"e:\\dokumente und einstellungen\\gioia\\lokale einstellungen\\anwendungsdaten\\jceacqln.exe\" jceacqln"

Questa voce mi esce col punto interrogativo nell'analisi di hijackthis ... non è ne carne ne pesce ... la levo ?

[Deifobe]

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

Svuota C:\WINDOWS\Prefetch

Ripulisci con CCleaner i file temporanei e cookie (eseguilo 2 volte).

stesso da modalità normale, riesegui navilog1 (scegli opzione 1) e posta il rapporto

[P4sticcina]

Fatto tutto ............


Search Navipromo version 3.7.1 began on 12.01.2009 at 3:57:58,93

!!! Warning, this report may include legitimate files/programs !!!
!!! Post this report on the forum you are being helped !!!
!!! Don't continue with removal unless instructed by an authorized helper !!!

Fix running from E:\Programme\navilog1

Updated on 02.01.2009 at 19h00 by IL-MAFIOSO

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz )
BIOS : Ver 1.00PARTTBL
USER : gioia ( Administrator )
BOOT : Normal boot

Antivirus : AVG Anti-Virus Free 8.0 (Activated)


C:\ (Local Disk) - NTFS - Total:97 Go (Free:97 Go)
D:\ (CD or DVD)
E:\ (Local Disk) - NTFS - Total:135 Go (Free:111 Go)
F:\ (USB)
G:\ (USB)


Search done in normal mode

*** Searching for installed Software ***


*** Search folders in "E:\WINDOWS" ***


*** Search folders in "E:\Programme" ***


*** Search folders in "E:\Dokumente und Einstellungen\All Users\startm~1\progra~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\All Users\startm~1" ***


*** Search folders in "e:\dokume~1\alluse~1\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" ***


*** Search folders in "E:\Dokumente und Einstellungen\gioia\startm~1\progra~1" ***


*** Search with Catchme-rootkit/stealth malware detector by gmer ***
for more info : http://www.gmer.net



*** Search with GenericNaviSearch ***
!!! Possibility of legitimate files in the result !!!
!!! Must always be checked before manually deleting !!!

* Scan in "E:\WINDOWS\system32" *

* Scan in "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" *



*** Search files ***



*** Search specific Registry keys ***
!! Following keys are not certainly all infected !!


*** Complementary Search ***
(Search specific files)

1)Search new Instant Access files :


2)Heuristic Search :

* In "E:\WINDOWS\system32" :


* In "E:\Dokumente und Einstellungen\gioia\lokale~1\anwend~1" :


3)Certificates Search :

Egroup certificate not found !
Electronic-Group certificate not found !
Montorgueil certificate not found !
OOO-Favorit certificate not found !
Sunny-Day-Design-Ltd certificate not found !

4)Search others known folders and files :



*** Search completed on 12.01.2009 at 4:01:13,12 ***



Nella cartella di windows ho un sacco di file strani ... tipo aggiornamenti, cmq. ho svuotato la cartella che m'avevi detto ... ora ?

[Deifobe]

ciao. navipromoo è stato eliminato..

ora, scarica e installa malwarebytes.
Aggiornalo: clicca sulla scheda "aggiornamenti" => "controlla aggiornamenti"
Esegui una "scansione completa" (seleziona l'opzione)
A scansione completata, posta il rapporto.
Per ora non rimuovere nulla, voglio prima controllarlo.