Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Non riesco a bloccare le finestre popup Opzioni
c.nardo
Inviato: Thursday, August 28, 2008 1:26:43 PM

Rank: Member

Iscritto dal : 4/27/2004
Posts: 23
Sono passato da Norton Internet Security a Kaspersky Internet Security ma, tranne il miglioramento della velocità, sto riscontrando alcuni problemi... Innanzitutto l'Help Desk di kaspersky da risposte "non risposte".

Il problema principale che ho riscontrato sono le fastidiosissime finestre popup che si aprono a "random" quando consulto pagine web (anche del vs. sito).

Sto inserendo i vari indirizzi su Kaspersky, ma le finestre "bloccate" continuano ad aprirsi, restando bianche.

Ho impostato il blocco popup di IE6 sul livello medio, perchè se lo seleziono alto non mi permette l'apertura di foto, link, ecc.

La scansione mediante Spybot, Ad-aware, A-squared, XsoftSpySE (non mi faccio mancare nulla) e con lo stesso Kaspersky non ha rilevato nulla di strano, ed ho provato anche con BitDefender on-line!

Tra le finestre che si aprono, mi preoccupa in particolare quella di SpywareSecure (che ovviamente non ho caricato, nè aperto), ma che ho letto essere un malware.

Come posso bloccare 'sti maledetti popup? E che mi dite di SpywareSecure?
E' il caso che vi trasmetta un log di hijachthis?

S.O. WindowsXP Professional SP3

Grazie
Claudio
Sponsor
Inviato: Thursday, August 28, 2008 1:26:43 PM

 
r16
Inviato: Thursday, August 28, 2008 1:41:54 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao .
Segui alla lettera queste istruzioni:
Importante: Disabilita il tuo antivirus e chiudi TUTTI i programmi aperti,e dopo aver scaricato COMBOFIX, chiudi la connessione.

Scarica Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Salvalo sul desktop.
Doppio click su combofix.exe (comparirà una videata.)
Digita 1 premi Invio e segui le indicazioni.
Al termine, verrà creato un file log chiamato C:\ComboFix.txt. Postalo qui.
Durante l'operazione di scansione è importante non usare il PC e attendere pazientemente la fine delle operazioni.
Posta un nuovo log di HijackThis .Sempre in questo topic.

ComboFix non funziona in modalità provvisoria
Riferisci se ti appaiono ancore quelle finestre.
c.nardo
Inviato: Sunday, August 31, 2008 6:55:59 PM

Rank: Member

Iscritto dal : 4/27/2004
Posts: 23
Grazie per la risposta (la mia è un po' in ritardo sulla tua...)

Unisco i due log:

ComboFix 08-08-30.03 - Claudio 2008-08-31 18.41.21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.644 [GMT 2:00]
Eseguito da: C:\00\ComboFix.exe

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-07-28 al 2008-08-31 )))))))))))))))))))))))))))))))))))
.

2008-08-26 08:59 . 2008-08-26 08:59 <DIR> d-------- C:\WINDOWS\Sun
2008-08-26 08:59 . 2008-08-26 08:59 <DIR> d-------- C:\Programmi\Java
2008-08-26 08:59 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-26 08:58 . 2008-08-26 08:58 <DIR> d-------- C:\Programmi\File comuni\Java
2008-08-23 13:31 . 2008-08-23 13:31 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\McAfee
2008-08-23 13:30 . 2008-08-23 13:30 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\McAfee
2008-08-22 18:11 . 2008-08-22 18:47 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-22 13:31 . 2008-08-22 13:31 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-08-21 14:25 . 2008-08-21 14:25 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\KeePass
2008-08-14 18:25 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-14 18:25 . 2008-05-01 16:34 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 15:21 . 2008-08-19 15:05 67 --a------ C:\WINDOWS\iltwain.ini
2008-08-13 15:17 . 2008-08-13 15:17 <DIR> d-------- C:\Programmi\Blue Label Soft
2008-08-13 14:43 . 2008-08-13 14:43 69 --a------ C:\WINDOWS\pdf2rtf.INI
2008-08-11 18:55 . 2008-08-11 18:55 <DIR> d-------- C:\WINDOWS\system32\it
2008-08-11 18:55 . 2008-08-11 18:55 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-11 18:55 . 2008-08-11 18:55 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-11 18:53 . 2008-08-11 18:56 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-11 18:41 . 2004-08-19 15:23 701,440 --------- C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-11 16:43 . 2008-08-11 16:43 63 --a------ C:\WINDOWS\WINHELP.BMK
2008-08-11 16:39 . 2008-08-11 16:43 1,511 --a------ C:\WINDOWS\MSPUB.INI
2008-08-11 16:39 . 2008-08-11 16:39 87 --a------ C:\WINDOWS\ARTGALRY.INI
2008-08-11 16:36 . 1993-07-27 00:00 135,776 --a------ C:\WINDOWS\system\PUBOLEUI.DLL
2008-08-11 16:36 . 1993-07-27 00:00 123,040 --a------ C:\WINDOWS\system\MSWIZ.DLL
2008-08-11 16:36 . 1993-07-27 00:00 110,464 --a------ C:\WINDOWS\system\MSPUBWIZ.DLL
2008-08-11 16:36 . 1993-07-27 00:00 83,520 --a------ C:\WINDOWS\system\PCDLIB.DLL
2008-08-11 16:36 . 1993-07-27 00:00 78,800 --a------ C:\WINDOWS\system\PUBOLE.DLL
2008-08-11 16:36 . 1993-07-27 00:00 68,216 --a------ C:\WINDOWS\system\BOOKOSB.TTF
2008-08-11 16:36 . 1993-07-27 00:00 56,936 --a------ C:\WINDOWS\system\IMPACT.TTF
2008-08-11 16:33 . 2008-08-11 16:39 <DIR> d-------- C:\MSPUB
2008-08-11 16:33 . 1993-07-27 00:00 10,636 --a------ C:\WINDOWS\OLE2.REG
2008-08-03 17:59 . 2008-08-03 17:59 97 --a------ C:\WINDOWS\CSS.key
2008-07-31 19:12 . 2008-08-14 15:37 <DIR> d-------- C:\Programmi\Free PDF to Word Doc Converter
2008-07-31 17:42 . 2008-07-31 17:42 <DIR> d-------- C:\Programmi\micla-multimedia
2008-07-31 17:42 . 2008-07-31 17:42 <DIR> d-------- C:\Programmi\GlossarioHtml
2008-07-30 20:13 . 2008-07-30 20:14 <DIR> d-------- C:\Programmi\Zeta-Book
2008-07-30 18:06 . 2008-07-30 18:06 <DIR> d-------- C:\Programmi\Executive Software
2008-07-30 18:06 . 2008-07-30 18:06 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\Leadertech
2008-07-30 18:00 . 2008-08-28 19:34 6,915 --a------ C:\WINDOWS\Claudio8.xlb
2008-07-30 17:47 . 2008-07-31 18:46 <DIR> d-------- C:\Programmi\Easy PDF Convertor
2008-07-30 17:43 . 2008-07-30 17:43 <DIR> d-------- C:\Programmi\Directory Lister
2008-07-30 17:38 . 2008-07-30 17:38 <DIR> d-------- C:\Programmi\Avery
2008-07-30 17:22 . 2008-07-30 17:22 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\123 Free Solitaire
2008-07-29 19:47 . 2008-07-29 19:47 <DIR> d-------- C:\Programmi\CdCoverCreator
2008-07-29 19:47 . 2008-07-29 19:47 <DIR> d-------- C:\Programmi\AoA Audio Extractor
2008-07-29 19:25 . 2008-07-29 19:25 <DIR> d-------- C:\Programmi\AdunanzA
2008-07-29 19:25 . 2008-07-29 19:25 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\eMule AdunanzA
2008-07-29 13:19 . 2008-07-29 13:19 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\ScanSoft
2008-07-29 10:06 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-29 10:06 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-26 17:48 . 2008-07-26 17:48 <DIR> d-------- C:\WINDOWS\mm
2008-07-26 17:48 . 2008-07-26 18:13 <DIR> d-------- C:\modulom
2008-07-26 17:48 . 2008-08-01 16:43 40 --a------ C:\WINDOWS\WINMCECK.MEM
2008-07-26 17:42 . 2008-07-26 17:44 <DIR> d-------- C:\Programmi\WMV to AVI MPEG DVD WMV Converter
2008-07-26 17:06 . 2008-08-25 14:52 <DIR> d-------- C:\Programmi\FastStone Capture
2008-07-26 16:15 . 2008-07-26 16:15 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\FastStone
2008-07-26 15:24 . 2008-07-26 15:24 169 --a------ C:\WINDOWS\RtlRack.ini
2008-07-26 14:58 . 2008-07-26 14:58 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\Zeon
2008-07-26 14:49 . 2008-07-26 14:49 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-07-26 14:49 . 2008-07-26 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\zeon
2008-07-26 14:49 . 2008-07-26 14:49 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-07-26 14:34 . 2008-07-26 14:34 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\Media Player Classic
2008-07-26 13:44 . 2008-07-26 13:44 <DIR> d-------- C:\Programmi\AMP Font Viewer
2008-07-26 13:41 . 2008-08-08 13:03 <DIR> d-------- C:\Programmi\Adsen FavIcon
2008-07-24 16:30 . 2008-07-24 16:30 249,856 --------- C:\WINDOWS\Setup1.exe
2008-07-24 16:30 . 2008-07-24 16:30 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-24 12:32 . 2008-07-24 12:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-07-24 12:32 . 2008-07-24 12:32 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-21 21:01 . 2008-08-29 20:54 <DIR> d-------- C:\Programmi\XoftSpySE
2008-07-21 20:54 . 2008-07-21 20:54 <DIR> d-------- C:\Programmi\SpeedFan
2008-07-21 20:54 . 2008-07-21 20:54 45 --a------ C:\WINDOWS\system32\initdebug.nfo
2008-07-21 20:49 . 2008-07-21 20:49 <DIR> d-------- C:\Programmi\TouchStoneSoftware
2008-07-21 20:37 . 2008-07-29 19:44 <DIR> d-------- C:\Programmi\SP TimeSync 2.3
2008-07-21 20:22 . 2008-07-21 20:22 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-07-21 20:16 . 2008-08-07 14:27 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-07-21 20:13 . 2008-08-22 17:11 <DIR> d-------- C:\Programmi\RegEditX
2008-07-21 19:57 . 2008-07-21 19:57 14,732 --a------ C:\idsuite_run.bat
2008-07-21 12:24 . 2008-08-07 13:55 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-07-21 12:24 . 2008-08-07 13:55 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-07-21 12:23 . 2008-07-21 12:23 <DIR> d-------- C:\Programmi\Kaspersky Lab
2008-07-21 12:23 . 2008-07-21 12:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-07-21 12:23 . 2008-08-31 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-07-21 12:23 . 2008-08-31 18:31 5,343,776 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-21 12:23 . 2008-08-31 18:31 794,656 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-07-21 12:23 . 2008-08-31 18:31 43,876 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-21 12:23 . 2008-08-31 18:31 4,844 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-07-21 12:02 . 2008-07-21 12:02 <DIR> d-------- C:\Programmi\Cobian Backup 9
2008-07-19 20:37 . 2008-07-19 20:37 <DIR> d-------- C:\Programmi\Auslogics
2008-07-19 20:37 . 2008-07-19 20:37 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\Auslogics
2008-07-19 15:34 . 2008-08-12 11:54 <DIR> d-------- C:\Programmi\a-squared Free
2008-07-19 14:32 . 2004-08-06 19:23 132,880 -ra------ C:\WINDOWS\system32\MSINET.OCX
2008-07-18 20:45 . 2008-07-18 20:45 <DIR> d-------- C:\Programmi\IObit
2008-07-18 19:29 . 2008-07-18 19:29 <DIR> d-------- C:\Programmi\Lavasoft
2008-07-18 19:29 . 2008-07-18 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-07-17 19:15 . 2008-07-17 19:15 <DIR> d-------- C:\Programmi\Windows Media Connect 2
2008-07-17 19:14 . 2008-07-19 13:58 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-17 19:14 . 2008-07-17 19:15 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-15 21:20 . 2008-07-24 19:45 <DIR> d-------- C:\Programmi\Disclib
2008-07-15 21:08 . 2008-07-15 21:10 <DIR> d-------- C:\Programmi\Local Website Archive
2008-07-15 16:28 . 2008-07-19 14:00 <DIR> d-------- C:\Programmi\CCleaner
2008-07-15 14:43 . 2008-08-20 13:51 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-15 14:43 . 2008-08-30 19:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-15 14:41 . 2008-07-15 14:41 <DIR> d-------- C:\Programmi\VideoLAN
2008-07-15 14:41 . 2008-07-15 14:41 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\vlc
2008-07-15 14:33 . 2008-07-15 14:33 <DIR> d-------- C:\Programmi\AM-DeadLink
2008-07-15 14:33 . 2008-08-12 11:27 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\aignes
2008-07-13 18:59 . 2008-08-27 14:19 <DIR> d-------- C:\01 Libreria
2008-07-13 18:28 . 2008-07-13 18:39 345 --a------ C:\WINDOWS\ViP Money.INI
2008-07-13 18:26 . 2008-07-26 15:28 <DIR> d-------- C:\Programmi\ViP Money
2008-07-13 16:08 . 2008-07-13 16:08 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\Bullzip
2008-07-13 16:06 . 2008-07-13 16:06 <DIR> d-------- C:\Programmi\Bullzip
2008-07-13 16:06 . 2008-04-22 08:19 187,392 --a------ C:\WINDOWS\system32\bzpdf.dll
2008-07-13 16:06 . 2008-04-02 08:13 147,456 --a------ C:\WINDOWS\system32\bzpdfc.dll
2008-07-13 16:06 . 1999-05-07 00:00 140,288 --a------ C:\WINDOWS\system32\comdlg32.OCX
2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Temp\SCX-5x30
2008-07-13 15:17 . 2008-07-13 15:17 <DIR> d-------- C:\Temp
2008-07-13 15:17 . 2008-02-26 16:35 479,232 --a------ C:\WINDOWS\ssndii.exe
2008-07-13 15:17 . 2006-08-16 10:56 21,776 --a------ C:\WINDOWS\system32\msxml2a.dll
2008-07-13 14:25 . 2006-06-07 02:52 94,208 -ra------ C:\WINDOWS\system32\SET2D5.tmp
2008-07-13 14:25 . 2006-06-07 02:52 86,016 -ra------ C:\WINDOWS\system32\SET2D3.tmp
2008-07-13 14:25 . 2006-06-07 02:52 53,248 -ra------ C:\WINDOWS\system32\SET2D7.tmp
2008-07-13 14:25 . 2006-06-07 02:52 49,152 -ra------ C:\WINDOWS\system32\SET2D1.tmp
2008-07-13 14:17 . 2008-07-13 15:20 <DIR> d-------- C:\Programmi\Readiris10
2008-07-13 14:17 . 2008-07-13 14:17 <DIR> d-------- C:\Programmi\File comuni\SRC Shared
2008-07-13 14:17 . 2008-07-13 14:17 <DIR> d-------- C:\Documents and Settings\Claudio\Dati applicazioni\SmarThru4

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-11 14:39 2,589 ----a-w C:\WINDOWS\MSAPPS\WORDART\WORDART2.REG
2008-07-21 10:19 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-07-21 08:44 --------- d-----w C:\Documents and Settings\Claudio\Dati applicazioni\CallingID
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-13 12:30 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-07-09 16:10 94,816 ----a-w C:\WINDOWS\system32\contab32.dll
2008-07-09 16:10 584,464 ----a-w C:\WINDOWS\system32\mspst32.dll
2008-07-09 16:10 559,888 ----a-w C:\WINDOWS\system32\emsuix32.dll
2008-07-09 16:10 484,624 ----a-w C:\WINDOWS\system32\etexch32.dll
2008-07-09 16:10 27,920 ----a-w C:\WINDOWS\system32\mapisp32.exe
2008-07-09 16:10 139,264 ----a-w C:\WINDOWS\system32\accwiz.dll
2008-07-08 14:19 --------- d-----w C:\Programmi\microsoft frontpage
2008-07-08 14:17 --------- d-----w C:\Programmi\Servizi in linea
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:09 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:10 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-14 04:14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 15:49 7286784]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 15:49 86016]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-12 02:38 196608]
"ELBERT_S2P"="C:\Programmi\Samsung\Samsung SCX-5x30 Series\SPanel\PSU\Scan2pc.exe" [2006-04-13 02:44 258048]
"Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe" [2008-02-19 15:02 536576]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 12:41 196608]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07 69632]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVP"="C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 18:21 201992]
"nwiz"="nwiz.exe" [2005-10-10 15:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 10:42 90112 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:14 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
EPSON Status Monitor 3 Environment Check 2.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-07-08 17:25:00 131584]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [2000-01-21 10:15:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\Italian\\setup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 18:29]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 19:02]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 20:07]
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4b6c8bf-4ea2-11dd-ba22-00138f848609}]
\Shell\AutoRun\command - F:\StartPortableApps.exe
.
Contenuto della cartella 'Scheduled Tasks'

2008-08-30 C:\WINDOWS\Tasks\XoftSpySE.job
- C:\Programmi\XoftSpySE\XoftSpy.exe [2008-06-25 15:23]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Claudio\Dati applicazioni\Mozilla\Firefox\Profiles\rurz6tab.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-31 18:42:43
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-08-31 18:43:29
ComboFix-quarantined-files.txt 2008-08-31 16:43:26
ComboFix2.txt 2008-08-31 16:35:13

Pre-Run: 237,801,193,472 byte disponibili
Post-Run: 237,783,691,264 byte disponibili

235 --- E O F --- 2008-08-14 16:32:45


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.48.10, on 31/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
C:\Programmi\a-squared Free\a2service.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\Samsung\Samsung SCX-5x30 Series\SPanel\PSU\Scan2pc.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\00\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [ELBERT_S2P] C:\Programmi\Samsung\Samsung SCX-5x30 Series\SPanel\PSU\Scan2pc.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Add to Local Website Archive - C:\Documents and Settings\Claudio\Dati applicazioni\aignes\Local Website Archive\config\iearc.htm
O8 - Extra context menu item: Aggiungi al banner Blocco pubblicità - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiche sulla protezione del traffico Web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Fit-width Print - {3C34EBD2-038D-4d4f-B081-16D99D8BE2B4} - C:\WINDOWS\Downloaded Program Files\IEPrint.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Add to Local Website Archive - {1B0397A9-5450-437B-9313-2887FC7DE53E} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra button: Start Local Website Archive - {3A9237F4-F3B0-469A-B2E9-5F78A979088C} - C:\Programmi\Local Website Archive\wsarc.exe (HKCU)
O9 - Extra button: (no name) - {C563DE1B-9FFB-4229-8007-8555D4D0844C} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O9 - Extra 'Tools' menuitem: Add to Local Website Archive - {C563DE1B-9FFB-4229-8007-8555D4D0844C} - C:\Programmi\Local Website Archive\wsarc_add.exe (HKCU)
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1217264405140
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5367/mcfscan.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programmi\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Programmi\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Programmi\File comuni\EPSON\EBAPI\eEBSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8027 bytes


Resto in attesa delle tue preziose verifiche.
r16
Inviato: Sunday, August 31, 2008 10:20:25 PM
Rank: AiutAmico

Iscritto dal : 8/7/2007
Posts: 11,016
Ciao.
Evita di scaricare qualsiasi cosa da da quelle finestre,e SpywareSecure, è un Malware; occhio.
Avvia hijackthis, metti la spunta alle voci che andrò ad elencarti e con tutte le applicazioni chiuse e disconnesso da Internet,premi su fix checked:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: IEPrint - http://www.visiontech.ltd.uk/software/download/IEPrint.CAB
O16 - DPF: {4D054067-DE3A-48F9-B19B-BCD229B9AE8D} (PrinterHelpEtcActiveX Control) - http://www.samsungdp.com/printerhelp/ActiveX/DrPrinter.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muwe b_site.cab?1217264405140
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5367/mcfscan.cab
Fai una scansione on-line con questo http://housecall.trendmicro.com/it/
Dai una pulita (registro compreso)con CCleaner http://www.aiutaamici.com/software?ID=11223
*********************************************************************************************************
Consiglio:
Disistalla Ad-Aware e installa questo software che a mio parere vale molto di più:
Scarica: Malwarebytes' Anti-MalwareMalwarebyte e salvalo sul desktop (o dove vuoi tu)
: http://www.besttechie.net/tools/mbam-setup.exe

Doppio click sull'icona di mbam-setup.exe che hai salvato e procedi con l'installazione
Assicurati che ci siano entrambi i segni di spunta su :Aggiorna Malwarebytes' Anti-Malware e Avvia, e clicca Fine
Al primo avvio, ti comparirà un messaggio di benvenuto, Assicurati che il collegamento Internet sia attivo e clicca OK
Attendi la fine dell'aggiornamento.
Compare la schermata principale.
Clicca Scansiona
Potrebbe volerci parecchio tempo,(dipende quanto è infettato il pc) quindi bisogna avere un pò di pazienza.

Al termine della scansione, clicca OK

Assicurati che tutti i files evidenziati siano selezionati e clicca Rimuovi Selezionati

Quando la disinfezione sarà completata, verrà aperto Notepad con il risultato dell'operazione .
Posta il log.




c.nardo
Inviato: Monday, September 01, 2008 3:02:00 PM

Rank: Member

Iscritto dal : 4/27/2004
Posts: 23
Ho seguito le tue indicazioni ed ho "fatto pulizia".

Ecco il log di Malwarebytes

Malwarebytes' Anti-Malware 1.25
Versione del database: 1102
Windows 5.1.2600 Service Pack 3

14.57.03 01/09/2008
mbam-log-09-01-2008 (14-57-03).txt

Tipo di scansione: Scansione completa (C:\|E:\|)
Elementi scansionati: 93899
Tempo trascorso: 19 minute(s), 32 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
(Nessun elemento malevolo rilevato)

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)

Spero proprio di non rivedere finestre aprirsi mentre navigo... Ovviamente mi guardo bene dal caricare Spyware Secure, ma vorrei non vedere più il popup!...
Grazie per tutti i consigli: inostituibili.
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.