Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Pagine pubblicitarie indesiderate

Pagine pubblicitarie indesiderate Opzioni
Topic Precedente · Topic Sucessivo
maxine
Inviato: Monday, March 14, 2011 5:30:04 PM

Rank: Newbie

Iscritto dal : 3/14/2011
Posts: 5
Ciao a tutti. Ho usato HiJackThis e invio il file log sotto. Quando apro delle pagine su Firefox mi si aprono pagine pubblicitarie sulla pagina appena aperta, che non hanno nessun indirizzo visibile. L'indirizzo resta quello della pagina che ho aperto, ma in realtà c'è la pagina pubblicitaria aperta sopra. Ho fatto una scansione con Malwarebytes (che non ha rilevato niente di infetto), cancellato tutti i file inutili con CCleaner. Ma il problema non si risolve. Qualcuno puo' aiutarmi? Grazie.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:12:59, on 14/03/2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\AirPort\APAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\ObjectDock\ObjectDock.exe
C:\Program Files\Vidalia Bundle\Polipo\polipo.exe
C:\Windows\system32\conhost.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\7-Zip\7zFM.exe
C:\Users\E5635\AppData\Local\Temp\7zO4BA5.tmp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=105
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
O4 - HKCU\..\Run: [Vidalia] "C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIZIO DI RETE')
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Aggiungi destinazione link a PDF esistente - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\ObjectDock\ODMenu.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Nalpeiron Licensing Service (ASTSRV) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nalpeiron Licensing Service V6 (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\nlssrv32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Service.exe

--
End of file - 9986 bytes
Torna in alto
 
Sponsor
Inviato: Monday, March 14, 2011 5:30:04 PM

 
Torna in alto
 
a.roselli
Inviato: Monday, March 14, 2011 5:52:39 PM

Rank: Admin

Iscritto dal : 10/4/2000
Posts: 19,044
Il log mi sembra pulito

per caso utilizzi qualche estensione di firefox per bloccare le pubblicità? Potrebbe essere solo quello il problema, prova ad aprirte quel sito con internet Explorer, se funziona devi intervenire nelle opzioni di quel blocco banner o disinstalare l'estensione.


alfonso_aiutamici@hotmail.it
Torna in alto
 
maxine
Inviato: Monday, March 14, 2011 6:19:22 PM

Rank: Newbie

Iscritto dal : 3/14/2011
Posts: 5
Uso AdBlock Plus per bloccare le pubblcità, ma ho risolto solo che le pagine pubblicitarie si aprono senza pubblicità, ossia vuote, ma cmq sopra la pagina che invece voglio vedere io. Anche disattivando AdBlock o disistallandola, il problema resta.
Torna in alto
 
r16
Inviato: Monday, March 14, 2011 6:29:50 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su "fix checked":

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.speedbit.com/?aff=105
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

Poi:
Scarica Combofix (usa Internet Explorer)

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Salvalo sul desktop. (è obligatorio)

Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,(Firewall compreso) e dopo aver scaricato COMBOFIX, chiudi la connessione.

Doppio click su combofix.exe (se usi Vista: tasto destro su Combofix.exe e clicca su: "Esegui come Amministratore" )

E' probabile che ti siano inviati messaggi dall'antivirus,(o dallo stesso Combofix) tu ignorali.

Se ti verrà chiesto se vuoi Installare LA CONSOLE DI RIPRISTINO DI EMERGENZA, clicca NO.

Durante l'operazione di scansione è importante non usare il PC (neanche il mouse) e attendere pazientemente la fine delle operazioni.
Al termine, verrà creato un file log sul Desktop, chiamato C:\ComboFix.txt.
Postalo qui.
Torna in alto
 
maxine
Inviato: Monday, March 14, 2011 7:01:43 PM

Rank: Newbie

Iscritto dal : 3/14/2011
Posts: 5
ComboFix 11-03-13.02 - E5635 14/03/2011 18:44:55.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.39.1040.18.1977.1111 [GMT 1:00]
Eseguito da: c:\users\E5635\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Creato nuovo punto di ripristino
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\E5635\AppData\Local\Microsoft\Windows\Temporary Internet Files\26ac2606
c:\users\E5635\AppData\Local\Microsoft\Windows\Temporary Internet Files\7f8aa8cc
c:\users\E5635\AppData\Local\Microsoft\Windows\Temporary Internet Files\b13921cd
c:\users\E5635\AppData\Local\Microsoft\Windows\Temporary Internet Files\eec1faa8
c:\users\E5635\AppData\Roaming\OfferBox
c:\users\E5635\AppData\Roaming\OfferBox\config.xml
.
.
((((((((((((((((((((((((( Files Creati Da 2011-02-14 al 2011-03-14 )))))))))))))))))))))))))))))))))))
.
.
2011-03-14 17:57 . 2011-03-14 17:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-14 16:49 . 2011-03-14 16:49 -------- d-----w- c:\program files\Revo Uninstaller
2011-03-12 09:48 . 2011-03-12 09:48 -------- d-----w- c:\program files\iPod
2011-03-12 09:48 . 2011-03-12 09:49 -------- d-----w- c:\program files\iTunes
2011-03-10 14:52 . 2011-03-10 14:52 -------- d-----w- c:\users\E5635\AppData\Roaming\Rainmeter
2011-03-10 14:52 . 2011-03-10 14:52 -------- d-----w- c:\program files\Rainmeter
2011-03-06 22:52 . 2011-03-06 22:52 -------- d-----w- c:\users\E5635\AppData\Local\Bump Technologies, Inc
2011-03-06 22:48 . 2011-03-06 22:50 -------- d--h--w- c:\windows\msdownld.tmp
2011-03-06 22:47 . 2011-03-06 23:34 -------- d-----w- c:\program files\BumpTop
2011-03-06 16:36 . 2011-03-06 16:36 -------- d-----w- c:\program files\Common Files\Skype
2011-03-05 17:31 . 2011-03-05 17:32 -------- d-----w- c:\program files\TeamViewer
2011-03-05 17:21 . 2011-03-05 17:21 7852 ----a-w- c:\windows\system32\mcdmsg7.dll
2011-03-05 17:21 . 2011-03-06 10:23 -------- d-----w- c:\program files\Common Files\Stardock
2011-03-05 17:20 . 2011-03-05 17:20 -------- d-----w- c:\program files\Stardock
2011-03-05 11:15 . 2011-03-05 11:15 -------- d-----w- c:\users\E5635\AppData\Local\ODUI
2011-03-05 11:14 . 2011-03-05 11:14 -------- d-----w- c:\users\E5635\AppData\Roaming\Stardock
2011-03-05 11:14 . 2011-03-05 17:21 -------- d-----w- c:\users\E5635\AppData\Local\Stardock
2011-03-05 11:14 . 2011-03-05 11:14 -------- dc-h--w- c:\programdata\{5486EA6B-AF91-4B4B-868E-F80AB4BCD83A}
2011-03-05 11:14 . 2011-03-06 22:44 -------- d-----w- c:\program files\ObjectDock
2011-03-05 11:13 . 2011-03-05 11:13 -------- d-----w- c:\users\E5635\AppData\Local\PackageAware
2011-03-05 10:50 . 2011-03-05 10:50 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-03-05 10:41 . 2011-03-05 10:53 -------- d-----w- c:\program files\DAP
2011-03-05 09:43 . 2011-03-05 09:43 -------- d-----w- c:\program files\Bonjour
2011-02-28 23:06 . 2011-03-14 09:17 -------- d-----w- c:\users\E5635\AppData\Roaming\Vidalia
2011-02-28 23:06 . 2011-03-04 19:22 -------- d-----w- c:\program files\Vidalia Bundle
2011-02-28 22:34 . 2011-03-01 06:40 -------- d-----w- c:\program files\JDownloader
2011-02-28 20:41 . 2011-03-14 11:21 -------- d-----w- c:\users\E5635\AppData\Roaming\Tor
2011-02-27 20:26 . 2011-02-23 08:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4431D05D-531B-488B-A209-F839BF0D3721}\mpengine.dll
2011-02-24 16:19 . 2011-02-24 16:19 -------- d-----w- c:\users\E5635\.thumbnails
2011-02-24 16:19 . 2011-02-24 16:27 -------- d-----w- c:\users\E5635\AppData\Roaming\Blender Foundation
2011-02-24 16:18 . 2011-02-24 16:18 -------- d-----w- c:\users\E5635\Blender Foundation
2011-02-24 16:03 . 2011-02-24 16:03 -------- d-----w- c:\users\E5635\AppData\Local\ACD Systems
2011-02-24 16:03 . 2011-02-24 16:03 -------- d-----w- c:\users\E5635\AppData\Roaming\ACD Systems
2011-02-24 16:01 . 2011-02-24 16:06 -------- d-----w- c:\program files\Common Files\ACD Systems
2011-02-24 16:01 . 2011-02-24 16:01 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2011-02-24 15:54 . 2011-02-24 15:54 -------- d-----w- c:\windows\Downloaded Installations
2011-02-24 15:08 . 2011-02-24 15:08 -------- d-----w- c:\program files\Google
2011-02-24 15:08 . 2011-02-24 15:08 -------- d-----w- c:\program files\Picasa3
2011-02-16 13:42 . 2011-02-16 13:42 -------- d-----w- c:\program files\Common Files\Java
2011-02-15 22:54 . 2011-02-15 22:54 125939 ----a-w- c:\windows\system32\ea9d6ea0.exe
2011-02-15 22:54 . 2011-02-10 17:42 2612736 ----a-w- c:\program files\Mozilla Firefox\extensions\{b7e27cb5-dbf7-e098-d021-7739cfe04847}\components\d406212b.dll
2011-02-12 20:59 . 2011-02-12 20:59 -------- d-----w- c:\program files\VLC
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:40 . 2010-05-06 17:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 16:11 . 2010-02-08 08:50 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-02-01 22:43 . 2011-02-01 22:43 533768 ----a-w- c:\windows\MP10_EnergyBlissViz.exe
2011-01-17 15:43 . 2011-01-17 15:39 4750496 ----a-w- c:\program files\Shockwave_Installer_Slim.exe
2010-12-20 17:09 . 2010-04-30 10:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-04-30 10:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-04 15:55 . 2010-09-04 15:54 471432 ----a-w- c:\program files\speedyfox.exe
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-09-02 672632]
"Vidalia"="c:\program files\Vidalia Bundle\Vidalia\vidalia.exe" [2010-11-19 5636136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-11-05 866824]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-08 815104]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 167424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 144384]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-05-30 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"AirPort Base Station Agent"="c:\program files\AirPort\APAgent.exe" [2009-11-11 771360]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
.
c:\users\E5635\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-2-6 99840]
Stardock ObjectDock.lnk - c:\program files\ObjectDock\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\ObjectDock\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-05-30 288112]
R3 BthAvrcp;Profilo Bluetooth AVRCP;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-05-19 57344]
S2 nlsX86cc;Nalpeiron Licensing Service V6;c:\windows\system32\nlssrv32.exe [2009-12-18 57344]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2009-11-13 58368]
S3 NETw5s32;Driver scheda Intel(R) Wireless WiFi Link per Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145514235-3187252652-2209254996-1000Core.job
- c:\users\E5635\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 10:37]
.
2011-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3145514235-3187252652-2209254996-1000UA.job
- c:\users\E5635\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-29 10:37]
.
.
------- Scansione supplementare -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Aggiungi a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Aggiungi destinazione link a PDF esistente - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti destinazione link in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti in Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\E5635\AppData\Roaming\Mozilla\Firefox\Profiles\n5a68bmx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.hemmaikea.it/vinciiltuodisordine?gid=43
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: z: {b7e27cb5-dbf7-e098-d021-7739cfe04847} - c:\program files\Mozilla Firefox\extensions\{b7e27cb5-dbf7-e098-d021-7739cfe04847}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Personas: personas@christopher.beard - %profile%\extensions\personas@christopher.beard
FF - Ext: ImTranslator: {9AA46F4F-4DC7-4c06-97AF-5035170634FE} - %profile%\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
FF - Ext: Torbutton: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca} - %profile%\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
Notify-WgaLogon - (no file)
AddRemove-HijackThis - c:\users\E5635\AppData\Local\Temp\7zO4BA5.tmp\HijackThis.exe
.
.
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:a6,37,82,a6,5b,80,04,16,7b,72,e5,5e,bc,ed,78,5f,80,e0,09,7c,66,
33,89,7a,9e,a9,f1,ad,44,6c,69,93,48,6f,d1,c0,7f,c9,fb,17,71,e0,00,64,d1,a5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:a6,37,82,a6,5b,80,04,16,7b,72,e5,5e,bc,ed,78,5f,80,e0,09,7c,66,
33,89,7a,9e,a9,f1,ad,44,6c,69,93,48,6f,d1,c0,7f,c9,fb,17,71,e0,00,64,d1,a5,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Ora fine scansione: 2011-03-14 19:00:29
ComboFix-quarantined-files.txt 2011-03-14 18:00
.
Pre-Run: 140.855.795.712 byte disponibili
Post-Run: 140.626.980.864 byte disponibili
.
- - End Of File - - A38855F814BF1C6EC57A0FA2E290A62F
Torna in alto
 
r16
Inviato: Tuesday, March 15, 2011 9:26:22 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Riscontri ancora problemi?
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Pagine pubblicitarie indesiderate


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.